On Thu, Apr 12, 2012 at 11:21:16PM +0100, michael crane wrote: > hello, > I'm trying to understand the principals and benefits of using pgp/gpg > I think I understand that I send the part of my key that is public to > somebody and they use that key to encrypt a message which only I can > decypher. > So what if somebody uses my public key to send me a message purporting > to come from somebody else ? > what is the mechanism to ensure it came from who I think it did ?
The sender can sign the message to verify that it came from him or her. If someone just sends you an unsigned encrypted message, there is no way to verify that I came from who you think it did. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
