-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi sacksa,
Thursday, March 25, 2004, 12:09:46 AM, you wrote: scc> Hi, Allie. I understand that PGP is some sort of encryption. Can you or scc> someone else explain to someone who knows almost nothing about PGP how it scc> works? For example, if mail is encrypted, how then, can someone at the scc> receiving end without an "unlock" key read the e-mail? scc> What is the advantage of using PGP? Why should I want to use it (or any scc> encryption program)? Unless one sends financial or other sensitive data scc> via e-mail, is there any other reason to use PGP? Are there any scc> negatives, such as conflicts with firewalls or anti-virus programs? scc> How does one install and/or enable the latest version of PGP? Is this scc> separate software that one must buy or does it come with The Bat? scc> Finally, what is "GnuPG"? scc> Thanks. PGP stands for Pretty Food Protection. It is a key pair encryption/signing system. Basically all PGP users have 2 keys. A public key which you give to everyone who wants it (hence the public) and a private key which only you have (and you have to keep it REALLY secure physically, ie dont let anyone else get there hands on it. Now say you wanted to encrypt something to me what you would do is create yourself a PGP key pair and then get a copy of my public key and import it to your keyring (a keyring is basically a collection of all the peoples public keys you have). then you can encrypt anything you want so that only i can decrypt it. then when you send it to me i will use my private key to decrypt it. For decryption I do not need anything from you except for the file or message or whatever to de encrypted to me. This is a different story for signing things. The process is similar however you don't need anything from me. You can just sign the message or file and send it to whoever you want. It is like a digital signature. However to verify that your digital signature is real I would need your public key to verify that it was infact you who signed the file or message, etc. To verify that this message which I will have signed when finished writing is infact EXACTLY what I wrote you could get my public key (details in my signature) and then use that to confirm that it is me. Now there are other problems with the system such as how do u know that my key has not actually been replaced with a fraudulant public key in order to falsify who I am? Or how do you know that I am the only person with access to my private key in order to sign it? However there are things like a web of trust which is where person A will sign person B's public key so that person C who trusts person A will automatically trust person B as well as they are trusted by person A. it is a little confusing I know but is simple in principle :) GnuPG is just an open source version of PGP and released under the GNU. It stands for GNU Privacy Guard and works on the OpenPGP standard. Read about it and get a copy from www.gnupg.org it works great with The Bat! HTH :) - -- Morgan R. Pugh http://homepage.ntlworld.com/deadmonkey/ GPG Key: http://homepage.ntlworld.com/deadmonkey/data/gpg_key.txt Fingerprint: 2850 6DB5 D219 94EA EA8F 1D5E B80A 817A 1286 6C4D Using The Bat! 2.04.7 on WinXP Pro (SP1) -----BEGIN PGP SIGNATURE----- Comment: Key at http://homepage.ntlworld.com/deadmonkey/data/gpg_key.txt iD8DBQFAYx8xuAqBehKGbE0RAuSNAKCDlirTRPCnJrwVcrlOrvLfJoQ0eQCgh7R3 tV8LfxGDQcKQcohQb9DW89U= =sN2H -----END PGP SIGNATURE----- ________________________________________________ Current version is 2.04.7 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html