On 04/12/2012 06:21 PM, michael crane wrote: > what is the mechanism to ensure it came from who I think it did ?
Turn it around. The public and the private key are inverses. Each can decrypt what the other one encrypts. When someone encrypts a message with your public key, only your private key can decrypt it. And if you encrypt a message with your private key, then anyone who has your public key can decrypt it. So if I have a copy of your public key, and it decrypts a message successfully... then I know it was encrypted with your private key. And since you're the only one who has your private key, it means I can have confidence the message came from you. Usually this process is called "signing" a message. This is how signatures work. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users