#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    On a screen near you
    Posts
    498
    Rep Power
    13

    PGP can anyone shed somelight


    Can anyone shed somelight on this


    I might seem a little naive here but here goes...


    Someone sent me an email that was encrypted using PGP
    and i was able to read it without knowing who it was from...


    But i thought that if i was to read a PGP encrypted email i would need the PGP key and i havent exchanged keys with anyone


    Im using Windows with Outlook and have a firewall but does anyone know if i been hacked or is it normal to be able to read PGP mail without exchanging keys, is it all transparently


    Can someone explain... im confused


    Mark
    Last edited by Marky_Mark; January 5th, 2002 at 05:46 PM.
    100 trillion calculations per nanosecond
  2. #2
  3. T-Shirt Tragic
    Devshed Novice (500 - 999 posts)

    Join Date
    Mar 2001
    Location
    Melbourne, Australia
    Posts
    886
    Rep Power
    321
    was it actually encrypted or was it merely signed? Did you have to perform any sort of decryption action or was it all there in plain english with a little bit of PGP junk at the bottom?
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    On a screen near you
    Posts
    498
    Rep Power
    13
    The mail was PGP signed and readable it also had a PGP signature at the base of the message


    It's just dawned on me...


    Does PGP send the key with the message?


    Mark
    100 trillion calculations per nanosecond
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2001
    Location
    USA
    Posts
    830
    Rep Power
    14
    For someone to send you a PGP encrypted message that you would be able to decrypt, it would have to be encrypted with your public key.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    On a screen near you
    Posts
    498
    Rep Power
    13
    Yeah but that doesn't answer my question


    Mark
    100 trillion calculations per nanosecond
  10. #6
  11. T-Shirt Tragic
    Devshed Novice (500 - 999 posts)

    Join Date
    Mar 2001
    Location
    Melbourne, Australia
    Posts
    886
    Rep Power
    321
    It sounds to me like it was signed but not encrypted... PGP can be used to "sign" a message providing gaurantee that the author is who he says he is. The PGP junk at the bottom of the message is the key you can use to verify the authenticity.
    Often you will find people post messages to public maillists and newsgroups that are signed but not encrypted .. this is so people who do not have PGP installed or do not have the senders public key can still read the message and those who do have the public key can verify the authenticity of the message.

    part of the signature is mixed up with encrypted bits of the actual message so it's impossible to just copy someone's signature and stick it on a bogus message to forge identity...

    this is what I get after verifying a message I've signed -

    *** BEGIN PGP SIGNED MESSAGE ***

    *** PGP Signature Status: good
    *** Signer: Jonathon Wallen <z2213441@student.unsw.edu.au>
    *** Signed: 7/1/02 at 10:10 AM
    *** Verified: 7/1/02 at 10:10 AM

    If I copy the signature into a different message (one that wasn't actually signed) I get this -

    *** BEGIN PGP SIGNED MESSAGE ***

    *** PGP Signature Status: bad signature
    *** Signer: Jonathon Wallen <z2213441@student.unsw.edu.au>
    *** Signed: 7/1/02 at 10:10 AM
    *** Verified: 7/1/02 at 10:14 AM
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2001
    Location
    On a screen near you
    Posts
    498
    Rep Power
    13
    Jonathon you were right


    Thanks for the info



    Mark
    100 trillion calculations per nanosecond

IMN logo majestic logo threadwatch logo seochat tools logo