Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail

[Grant Olson]

On 02/13/2011 03:03 AM, AgoristTeen1994 wrote:
> 
> Hey, this is going to seem like stupid questions, but, I just found out about
> PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until
> about 2 hours ago, so I'm pretty unaware of how some thing work...First is,
> that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws
> Mail, to generate a key pair, it only lists, one key, my "key id" Is that my
> public key or my secret key? Or is it supposed to be both? If it's only one
> of them, how do I find the other?

They short answer is yes, it contains everything.  If you add another
user's public key to your keyring, it will contain everything minus the
secret key.

>  Also. I was wondering, in my reading on
> the internet about this sort of thing, it mentioned signing a message, say
> an e-mail, with my secret key, so the recipient knows it's from me...but I"m
> confused, since doesn't that mean, that any one I send a message to, that I
> "sign" will have my secret key and thus will be able to decrypt any messages
> they intercept? Thank you for any help, and have a nice day.

Signing works in reverse compared to encryption.  With encryption,
anyone can generate an encrypted message with your public key, but only
you can decrypt it because only you have the private key.  With signing,
only you can generate a valid signature because only you have the
private key, but anyone with your public key can verify the signature.

Signing a message to a complete stranger won't compromise your private
part of the key in any way.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110213/5ccbe6a9/attachment.pgp>