[Enigmail] use of openPGP

James Kosin jkosin at beta.intcomgrp.com
Wed Sep 26 14:38:43 PDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
loebbe wrote:
> To whom it may concern.
>
> What is the result using OpenPGP ?
>
> The email, encrypted and signed can be read by everybody as long as
> he uses OpenPGP, OpenPGP only shows me, if somebody not only read
> but also manipulated the message.
>
> Is that correct ?
>
> Therefore if I want to ensure that only the entitled receiver can
> read the message, the message has to be encryted with another
> programm and the receiver has to receive the password in a seperate
>  letter or by phone.
>
> Is that correct ?
>
> If someone can clarify this issue, please let me know.
Ioebbe,

Let me put it a third way.

(1)  The encrypted message you send has to be encrypted with your
secret key and the other parties public key.  Both these work together
to encrypt the message.  You don't need to know their secret key
password; since the encryption algorithm is ....  I'm missing a word
here for forward and reverse working in the cryptic language.
(2)  The recipient uses their secret key with your public key to
decrypt the message.  Again they don't need to know your pass-phrase
or password to accomplish this.
(3)  Only they can read the message; since it requires their secret
key and your public key to work.  In fact you can't even read the
message you sent without telling enigmail you want to encrypt to self
also.  In which case I believe it sends another copy encrypted with
your public and secret keys to be readable by you.

The same sorts of rules apply for unencrypted messages.... only it is
signed by you and anyone can read the message.  Enigmail can verify
the message has not been tampered with as well as verify the sender if
you so wish.
Everyone sees you public key (if you have posted it to a public
key-server).  They can verify the message that way.

- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFG+tFjkNLDmnu1kSkRAsoHAJ49bwp68pV0nMl/pMSgulwcIsqVvQCdH0ED
XQR51Af9db39gUASkf8PZQo=
=WPBI
-----END PGP SIGNATURE-----

-- 
Scanned by ClamAV - http://www.clamav.net

More information about the Enigmail mailing list