-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
GPG is an implementation of the OpenPGP standard.
It's software that can help you utilize the tools of public key cryptography.
Public key cryptography comes in two flavors: encryption and signatures.
The PGP signatures you saw is a special hash that aids in verifying the
authenticity of some data. You do this by trusting the public key of some
distributor(s) or persons. The signature scheme then allows you to ensure the
authenticity of the contents even if it goes through some insecure medium. You
can be sure that if the signature is valid that it has been signed by the
private key corresponding to the public key you trusted and that it has not
been tampered with. The principle being that some change in the data requires a
distinct signature, a signature that can be generated by only the holder of the
private key.
Likewise, public key encryption allows you to communicate securely over an
insecure medium. As I said before, this is done with public key cryptography,
and the key principle here being that the keys for encryption and keys for
decryption are distinct. Deriving the one key from the other is very
infeasible. The keys used to encrypt the payload are public and can be
exchanged freely, hence the name public keys. The keys used to decrypt the
payload are kept secure and known only to the person who generated the keypair,
hence the name private keys. Using this scheme you can establish a secure
channel and communicate securely without meeting up in person and agreeing on a
shared secret. This, paired with signatures, allows you to not only
communicate some secret, but also ensure that this secret hasn't been tampered
with.
You can read the tutorial for GPG here. https://futureboy.us/pgp.html
For more details, you can see the GPG manual here:
https://www.gnupg.org/documentation/manuals.html
On 6/7/19 3:13 PM, Samir Zulfiquar wrote:
> Hello I just downloaded gnupg and tried to install and verify it.
> Unfortunately I hardly know how to do anything with a computer other than the
> basics, so maybe I just didn't interpret the instructions correctly. I
> downloaded the installer and the open pgp signature to verify it (I have no
> clue what a pgp signature even is). after I downloaded both I opened the pgp
> signature file which didn't seem to do much other than bring up text of some
> sort of code. I then installed gnupg, but I wasn't sure if I verified it
> correctly. so I decided to try again. I looked at the website again and tried
> right clicking on the gpg4win-3.1.8 file and went to "moreGpgEX options" and
> clicked verify. The computer tried to verify it with the pgp signature file
> but failed. I then went to the wiki page on integrity checks. Most of the
> things there were too technical for me to understand. the only thing I was
> able to do is check the file length, which was exactly what it was supposed
> to be. It dose
> not seem like there were any download problems, but I highly doubt it could
> be an attacker like the website said (I downloaded both of the files from
> gnupg's own website and not some other place) Anyway could someone explain in
> Leyman's terms what to do? Sorry if the question sounds stupid.
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-BEGIN PGP SIGNATURE-
iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXPrlIwAKCRDo8fj9gx4T
0zNbAgjCE1lKuc1nPWrGNwg5LgIRSgXrKs5blMekU99GrpfHzEnk7qtOwYmtPmqd
d9Nt9IlEqKos3XdHJGPi8pSYvhPwWgIJAbouNtKbB6Ljb6s5kwD8usgI0gpj7j6u
C0P49xJ/qxge3M4VgAKSlI2aQy4lcgJ/FdaCmY45h8+oKJXHRN4TLDrf
=D4bp
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
