|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Dell PowerEdge Servers
|
|
#1
January 5th, 2002, 05:40 PM
|
|||
|
|||
|
PGP can anyone shed somelight
Can anyone shed somelight on this
I might seem a little naive here but here goes... Someone sent me an email that was encrypted using PGP and i was able to read it without knowing who it was from... But i thought that if i was to read a PGP encrypted email i would need the PGP key and i havent exchanged keys with anyone Im using Windows with Outlook and have a firewall but does anyone know if i been hacked or is it normal to be able to read PGP mail without exchanging keys, is it all transparently Can someone explain... im confused Mark
__________________
100 trillion calculations per nanosecond Last edited by Marky_Mark : January 5th, 2002 at 05:46 PM.
|
|
#2
January 6th, 2002, 07:35 AM
|
||||
|
||||
|
was it actually encrypted or was it merely signed? Did you have to perform any sort of decryption action or was it all there in plain english with a little bit of PGP junk at the bottom?
|
|
#3
January 6th, 2002, 12:53 PM
|
|||
|
|||
|
The mail was PGP signed and readable it also had a PGP signature at the base of the message
It's just dawned on me... Does PGP send the key with the message? Mark
|
|
#5
January 6th, 2002, 01:56 PM
|
|||
|
|||
|
Yeah but that doesn't answer my question
Mark
|
|
#6
January 6th, 2002, 05:25 PM
|
||||
|
||||
|
It sounds to me like it was signed but not encrypted... PGP can be used to "sign" a message providing gaurantee that the author is who he says he is. The PGP junk at the bottom of the message is the key you can use to verify the authenticity.
Often you will find people post messages to public maillists and newsgroups that are signed but not encrypted .. this is so people who do not have PGP installed or do not have the senders public key can still read the message and those who do have the public key can verify the authenticity of the message. part of the signature is mixed up with encrypted bits of the actual message so it's impossible to just copy someone's signature and stick it on a bogus message to forge identity... this is what I get after verifying a message I've signed - *** BEGIN PGP SIGNED MESSAGE *** *** PGP Signature Status: good *** Signer: Jonathon Wallen <z2213441@student.unsw.edu.au> *** Signed: 7/1/02 at 10:10 AM *** Verified: 7/1/02 at 10:10 AM If I copy the signature into a different message (one that wasn't actually signed) I get this - *** BEGIN PGP SIGNED MESSAGE *** *** PGP Signature Status: bad signature *** Signer: Jonathon Wallen <z2213441@student.unsw.edu.au> *** Signed: 7/1/02 at 10:10 AM *** Verified: 7/1/02 at 10:14 AM
|
|
#7
January 6th, 2002, 11:08 PM
|
|||
|
|||
|
Jonathon you were right
Thanks for the info  Mark
|
|
| Viewing: Dev Shed Forums > Other > Dev Shed Lounge > PGP can anyone shed somelight |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
