[plug] PGP Sign messages
Padraig MacIain
draoidh at iinet.net.au
Tue Sep 21 20:02:15 WST 2004
On Tue, Sep 21, 2004 at 07:41:54PM +0800, Steve Baker wrote:
> Padraig MacIain wrote:
>
> >the hash is generated by the private-key of the keypair. Its a key that is
> >controlled by the 'owner' of it and never seen by anyone else. The hash
> >is verified by the public key.
>
> More correctly, the hash is *encrypted by* the private key of the
> keypair. When you want to verify the message, you generate a hash of
> the message, decrypt the one supplied with the message using the senders
> public key, and if they match then the message hasn't been altered.
>
ay - i skipped over a few things :) Was about to race off to dinner. But to put it in
summary:
you need someone's public key to prove the signature is still valid
you need someone's public key to send them an encrypted message
and its all funky from then on in.
The following text covers much of the history and politics of crypto:
http://www2.pro-ns.net/~crypto/cyphernomicon.html
In particular:
http://www2.pro-ns.net/~crypto/toc7.html
covers PGP. And as covered by other folk, web-of-trust is a rather important aspect
of the situation.
--
Peter Crystal
url: http://www.bur.st/~darke/
email: draoidh at iinet.net.au
More information about the plug
mailing list