-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
> GPG creates a random key from a source of entropy such as
> /dev/random. This key is used in a symmetric cipher such as AES128
> to encrypt my message.
> This symmetric KEY is then ENCRYPTED using your public key and
> attached to the end of t
Correct. If I'm sending a message that I want protected, I hash the
contents with something like SHA-1. I encrypt this hash with my
private key and attach the encrypted hash to the document.
Recipients can then compute their own hash of the document, decrypt
the attached, encrypted hash usi
Gotcha. The public key does not "generate" the key. I'm going to walk
through the process again, so please bear with me.
I'm going to send you a message.
GPG creates a random key from a source of entropy such as /dev/
random. This key is used in a symmetric cipher such as AES128 to
encrypt
On Wed, Jun 20, 2007 at 01:22:44PM -0500, Andrew Berg wrote:
> Joseph Oreste Bruni wrote:
> > By definition of symmetric encryption, you must use the same key to
> > decrypt that was used to encrypt. I'm not sure what you're really
> > asking.
> >
> > When you say "public key is used to generate s
On Wed, 20 Jun 2007 14:32, [EMAIL PROTECTED] said:
> None of the mobile phones I tried had no trouble using RSA 4096 to
> encrypt or decrypt a 16 byte key. If the phone has a JVM and/or a web
> browser, RSA 4096 and AES should be no problem.
I did a quick benchmark:
$ tests/benchmark rsa
Algorit
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Joseph Oreste Bruni wrote:
> By definition of symmetric encryption, you must use the same key to
> decrypt that was used to encrypt. I'm not sure what you're really
> asking.
>
> When you say "public key is used to generate symmetric key" you
>
By definition of symmetric encryption, you must use the same key to
decrypt that was used to encrypt. I'm not sure what you're really
asking.
When you say "public key is used to generate symmetric key" you lost
me. Symmetric keys are typically just random numbers pulled from /dev/
random o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> What I was trying to do was bring a real world perspective to
> this question. Are you using PGP 8? Do you know anybody who
> is using PGP 8?
Yes and yes.
I far prefer PGP 8.1 over PGP 9.0+, and I've heard comments from many
other users who sa
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Why can't I use the same (symmetric) key I used to encrypt (public key
is used to generate symmetric key that the corresponding private key
can calculate) to decrypt?
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.1 | GPG
1.
On Wed, 20 Jun 2007, Werner Koch wrote:
> That is true for your desktop box. However, for small devices like PDAs
> a 4k RSA key is a lot of work. The problem might not be the generation
> or verification of a single signature but some of use have hundreds of
> signatures on their key and che
Snoken wrote:
> Hi,
> Interoperability with PGP 8 matters too.
> Signatures made with RSA 4096-keys (or shorter) and SHA256 can be
> verified by users of PGP 8.
> N.B. Not any other new hashes!
> Please note the option: --pgp8
> Snoken
What I was trying to do was bring a real world perspective to
Snoken wrote:
> I checked with the source:
> http://www.rsa.com/rsalabs/node.asp?id=2004
>
> In 2003 users of RSA 1024-bit keys were advised to drop them
> before 2010. Now the situation is somewhat worse than it
> looked in 2003.
That is not what the RSA website says. The website says, more-or
Werner Koch wrote:
> > It took me infinitely longer to type the pass-phrase for the signing
> > than it took to actually create the sigs which seemed to be almost
> > instantaneous. Timing the signing is sort of ridiculous
>
> That is true for your desktop box. However, for small
> devices
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 17:05 2007-06-16, Brian Smith wrote:
>Snoken wrote:
>> I suppose this means that 1024 bit RSA-keys are ridiculous
>> and the Open PGP Card is a joke. And what about all web sites
>> protected by SSL with a 1024-bit RSA-certificate?
>
>This see
On Wed, 20 Jun 2007 05:14, [EMAIL PROTECTED] said:
> It took me infinitely longer to type the pass-phrase for the signing
> than it took to actually create the sigs which seemed to be almost
> instantaneous. Timing the signing is sort of ridiculous unless I used
That is true for your desktop box.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Interoperability with PGP 8 matters too.
Signatures made with RSA 4096-keys (or shorter) and SHA256 can be
verified by users of PGP 8.
N.B. Not any other new hashes!
Please note the option: --pgp8
Snoken
At 05:14 2007-06-20, you wrote:
>"Janusz A
16 matches
Mail list logo
