GPG general questions [Archive]

bwkaz

08-09-2004, 10:13 PM

You don't encrypt an email with your key -- that would defeat the purpose of GPG. If you would use your private key, then anybody on earth would be able to decrypt it (because they'd only need your public key, which everybody has). If you would use your public key to encrypt it, then nobody other than you would be able to decrypt it, because they'd need your private key to do so (and in theory, only you know your private key).

What happens is, you encrypt an email with the public key of the recipient -- the "only" number that will decrypt the email at that point is the corresponding private key, and supposedly, the recipient is the only person that has that. (It's also not necessarily the only number, but it's pretty dang close.) So if you encrypt with their public key, then you can be fairly sure that they're the only person that can read the email, since "only" their private key can decrypt it. Everybody else will only see garbage.

Now, if you want to digitally sign your outgoing emails (to prove that you wrote them, and that nothing in the messages has changed since you wrote them), then you would use your own private key to do that -- a signature is supposed to be verifiable by anyone, and they use your public key to do that verification. Basically it's a similar process -- a signature is generally the encryption (using your private key) of a hash of the message. To verify it, the recipient decrypts the signature (using your public key), and then hashes the message, to see if they get the same number both times. If so, then the message probably hasn't changed in transit.

I know Mutt has GPG support, but I have no idea how well it works. It looks like Thunderbird also has GPG support, because it has toolbar buttons for encrypting mails -- but again, I'm not sure how to set it up or how hard it is to get to work.