-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In a couple of previous messages to the list, I stated that
signatures are generated by encrypting the message with the private key,
which then can only be decrypted with the public key. That was my
understanding at the time, but its not completely true. In many modern
schemes, such as the elgamal+dsa (digital signature algorithm) that is the
default for gpg, a seperate key pair (the dsa one) is used exclusively for
signatures and is not used for encryption. RSA used the private
encryption key for signatures, but this way is slightly less secure then
using a seperate key pair and algorithm. This also answered a question in
my mind. When you look at a public key, it lists the "pub" key, and a
"sub" key with a different key id. The sub key is usually the dsa key
used for signatures. I'm sure most of you know this, but I didn't want to
mislead any 'newbies' with wrong information. I bought "Applied
Cryptography" today and was reading through the first few chapters when I
realised I had a slightly wrong idea. Good book.
Wanted to pass one more thing along, I figured out how to save
messages and message attachments in pine without copying the headers. This
is usefull for detached signatures that are sent as mime attachments on a
message. When you are viewing the message, hit '>' to view the
attachments then you can hit 's' to save anything without the header
information.
Question, How are these mime detached signatures generated?
Thankyou for you time and bandwith,
Kirk Fort
-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.4.0 (FreeBSD)
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
iEYEARECAAYFAjYO57AACgkQf+niZZlBRVOyMgCeKQS+/wrenWMw7Aw/FnWIUG0iTecAn2hy
XLpasi+FO2t4ma2Jq7Z3RH4f
=O2f+
-----END PGP SIGNATURE-----
Hash: SHA1
In a couple of previous messages to the list, I stated that
signatures are generated by encrypting the message with the private key,
which then can only be decrypted with the public key. That was my
understanding at the time, but its not completely true. In many modern
schemes, such as the elgamal+dsa (digital signature algorithm) that is the
default for gpg, a seperate key pair (the dsa one) is used exclusively for
signatures and is not used for encryption. RSA used the private
encryption key for signatures, but this way is slightly less secure then
using a seperate key pair and algorithm. This also answered a question in
my mind. When you look at a public key, it lists the "pub" key, and a
"sub" key with a different key id. The sub key is usually the dsa key
used for signatures. I'm sure most of you know this, but I didn't want to
mislead any 'newbies' with wrong information. I bought "Applied
Cryptography" today and was reading through the first few chapters when I
realised I had a slightly wrong idea. Good book.
Wanted to pass one more thing along, I figured out how to save
messages and message attachments in pine without copying the headers. This
is usefull for detached signatures that are sent as mime attachments on a
message. When you are viewing the message, hit '>' to view the
attachments then you can hit 's' to save anything without the header
information.
Question, How are these mime detached signatures generated?
Thankyou for you time and bandwith,
Kirk Fort
-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.4.0 (FreeBSD)
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
iEYEARECAAYFAjYO57AACgkQf+niZZlBRVOyMgCeKQS+/wrenWMw7Aw/FnWIUG0iTecAn2hy
XLpasi+FO2t4ma2Jq7Z3RH4f
=O2f+
-----END PGP SIGNATURE-----