Posting with PGP

Posting with PGP

Post by Dav » Mon, 23 Jun 2003 21:18:46



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Probably a silly question and one I should know but:

Posting to this newsgroup, or any email, or email form, etc WITH the
PGP signature, how is that more secure that posting without? Does it
mean the email cannot be intercepted and changed?

Thanks for all help, I'm a bit of a newbie at PGP.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPvWf5pwQYi42KGXgEQIK1ACfXnbZWNh/BFIzXYvwD84+aWYpy1sAoI4Q
VqXZWCautwIlb8MLUD3CEgn8
=qxft
-----END PGP SIGNATURE-----

 
 
 

Posting with PGP

Post by Frod » Mon, 23 Jun 2003 21:49:56


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Posting to this newsgroup, or any email, or email form, etc WITH the
> PGP signature, how is that more secure that posting without? Does it
> mean the email cannot be intercepted and changed?

That's the idea. Disregarding the fact very few actually *know* anybody
they talk to online, posting signed grants the ability to verify the sender
and that the message has not been modified. The added benefit is that if
you choose to verify a message you don't have the key to, you'll get that
automatically from the keyservers (assuming the poster's put it there) and
you can then use that to encrypt any mail to the person in question.

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPvWl8uXlGBWTt1afEQJ6TQCfS/Fw4ig8rkastrzFngeyFw5QPocAn16b
gYXw6/er607aD0uKAS7lVFEt
=hxs/
-----END PGP SIGNATURE-----

 
 
 

Posting with PGP

Post by Neil W Ricker » Tue, 24 Jun 2003 00:08:14


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>Posting to this newsgroup, or any email, or email form, etc WITH the
>PGP signature, how is that more secure that posting without? Does it
>mean the email cannot be intercepted and changed?

If changed, the signature will not verify.

There is another point.  It is very easy to forge the sender of email
and usenet articles.  I could easily write this, with headers saying

PGP signature that uses your signing key.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)

iD8DBQE+9cY9wngcGkax7+ERAl2tAJ9EKw+hwVV104zgOrWrDKmATmdfLQCgoQcZ
nWvTKdBavzTWscJ0HBbSLKo=
=NE4f
-----END PGP SIGNATURE-----