Les wrote:
Even if you are using it for security purposes, you should not need to protect the public keys. You use the public key of the person you are sending to to encrypt the message to them, and sign it with your private key. The they use their private key to decrypt the message, and your public key to verify the signature. For added security, the private keys should be signed with a good pass-phrase. (Not just a password!)From the last two posts, I gather that the encryption comment was specifically directed toward the PGP signatures... DUUHHH! I should have read the subject. I was responding in regards to encryption for security purposes. Please disregard my previous post.
For example, you could use my public key, available from the key servers, or my web page, and encrypt a message. I should be the only one that can decrypt it. (With enough computer power, you could brute force decrypt it.) If I had your public key, I could then verify that it was from you if you had signed it using your private key, just like verifying a signed e-mail.
One other thought - for maximum security, you should encrypt all message between you and the other person, not just the ones that need to be kept confidential. That way, you can not tell what messages are worse decrypting.
Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
