RE: [SLUG] Question about PGP
Steven, I assume you are referring to the PGP signatures appearing at the bottom of some postings. (They are not keys as you mentioned). These signatures allows you as the reader to verify two things 1. That the sender in fact is who he/she says he/she is. 2. That the message contents is as was sent (it is unaltered from when they signed it) For the signature to be useful, you need to have the sender's public PGP key. You would normally obtain this from them personally, or from their web site, or some other secure means (often via another signed document from someone you already trust - this is known as a certificate). You then run the received message through the PGP application, together with the purported sender's public key, which will then confirm that the private key of the sender was used to sign the message (the public is generated from the private key by the sender). You then can be sure the message is as it says. Why would you need to use PGP to sign a message? The answer would vary, but I imagine most signers do it simply to assure themselves that what they have said is what is read. Whether you need to do this depends on how much you trust the mail and transport systems used to convey the message between sender and receiver. Most of us just have a reasonable level of trust that things won't go wrong - either malevolent or otherwise. I imagine it will take a few nice public cases of email tampering and we might all start signing. Martin Martin Visser ,CISSP Network and Security Consultant Technology Infrastructure - Consulting Integration HP Services 3 Richardson Place North Ryde, Sydney NSW 2113, Australia Phone: +61-2-9022-1670 Mobile: +61-411-254-513 Fax: +61-2-9022-1800 E-mail: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Chang-Lin Yu Sent: Friday, 7 May 2004 3:17 PM To: [EMAIL PROTECTED] Subject: [SLUG] Question about PGP Hi, I would like to know the benefit of using PGP? I have notice some of the SLUG member uses PGP key on their message, is there any advantage??? __ Steven Chang-Lin Yu MEngSc of Telecommunications ICQ#: 66369374 Current ICQ status: ( Home Tel#: +61 0401043641 ( Work Tel#: +61 0401043641 + More ways to contact me http://wwp.icq.com/66369374 http://wwp.icq.com/target= --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.677 / Virus Database: 439 - Release Date: 4/05/2004 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Question about PGP
Steven Chang-Lin Yu wrote: Hi, I would like to know the benefit of using PGP? I have notice some of the SLUG member uses PGP key on their message, is there any advantage??? Here is a real situation that cropped up this week for me where PGP (or GPG - the freer version) would have been useful if everyone was using it. I have a database where we are changing servers and about a dozen users who have 'advanced access' haven't had a password change in two years so its about time I dropped their password and created a new one for them. The problem is how to get their password to them securely when they are in various States. Last time I just emailed them the passwords and got told off - and rightly so. This time we will use the telephone or stamped self-addressed envelopes and trust Aust Post :-) Here is what I could do if we all had public/private keys. I generate a password for a user and encrypt it using their public_key from their web page or from an email that they send me. I attach the encrypted password to an email to the user and sign the email that I send out using my private key. The user recieves the email and checks the signature on it using my public_key. Now they KNOW it is from me and not from an interloper. They extract the encrypted password and unencrypt it using their private key. Anyone that did intercept that email will not be able to decrypt that password. But alas these dozen people dont know about public/private key stuff nor PGP so we will use snail mail. That shows one of the advantages of PGP. Interestingly I only downloaded GnuPG yesterday and have just generated my keypair. I SLUG tutorial would be great if someone could run one next month. -- Mike Lake Caver, Linux enthusiast and interested in anything technical. -- UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html