[plug] PGP Sign messages

Cameron Patrick cameron at patrick.wattle.id.au
Tue Sep 21 17:55:21 WST 2004


Tim White wrote:

> As some of you may  have noticed my messages are now signed using PGP
> (Curtesty of Enigmail)

(Would you mind switching Enigmail to using PGP/MIME?  Putting big
blocks of hexadecimal in your message is ugly and deprecated.)

> I believe that public keys should be uploaded to a server so that
> people can verfy your message. I am wondering what servers people on
> PLUG use and how to upload my own key to servers.

subkeys.pgp.net is one of the more widely used keyservers.  Use
something like:

$ gpg --keyserver subkeys.pgp.net --send-keys 12345678

where 12345678 is your key ID.

> Also how does PGP work?

Maths.  Lots and lots of maths.  Since the only people who understand
hard maths are good guys, PGP is secure.  Something like that, anyway.

(There's plenty of material on the internet explaining how it works in
various levels of detail.)

> p.s. Also, is there any real benifit to signing messages?

That depends on what your messages say, and how well your key is
trusted.  (Think: what's to stop me from creating a GPG key in the
name of "Tim White" and signing my own messages with it?  That way I
don't need to steal your key and passphrase, or crack RSA to be able
to forge your signature.  How will people know that your key /really/
belongs to the Tim White that they think it does?  Now go and read up
on the notion of a "web of trust".)

Cameron.




More information about the plug mailing list