bem at cmc.net
Sat Sep 26 20:07:28 CEST 1998
On Sat, Sep 26, 1998 at 08:35:05PM -0500, Richard Lynch wrote:
> At 8:36 AM 9/25/98, Kirk Fort wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >Alright, Ill do my best to try to explain some stuff to you.
> I'm doing my best to understand it all, but it ain't enough.
PK crypto is cool though. :)
> >To generate a secret/public keypair, run gpg --gen-key
> My elation at having a menu was dashed by my inability to understand which
> choice was best for my particular application.
When in doubt, take the default. 1 will do.
> I guessed 3), since I don't think I need the stuff to be signed. I'm
> sending an online order to be run through a credit card machine at my
> client's real-life store. I suppose somebody could try to prank somebody
> else by ordering coffee or CDs for them, but since there's no profit in it
> to the forger, I'm currently not worried about it. Y'all will probably
> rain on my parade real soon in this matter, though. :-)
Well, it won't hurt, but 1 is better. You will want to sign things...
the first thing you'll want to sign is your key. (Don't trust a key
that even the owner isn't willing to sign.)
> Then I put in my client's name, e-mail, and a comment. Whoo Hooo. I seem
> to have generated a key and a secret key. Damned if I know what the
> difference is or how to use them, though.
But look here:
> >Data that is encrypted with a public key can only be decrypted by the
> >matching secret key. The secret key is protected by a password, the
> >public key is not.
> >So to send your friend a message, you would encrypt your message with his
> >public key, and he would only be able to decrypt it by having the secret
> >key and putting in the password to use his secret key.
> Sounds good. 'Cept I'm unclear on the difference between a password and a
> secret key... Why does he need both? Not a big deal: I just don't get
The password is only part of the secret key. The real secret key is a
combination of the password and the one on the 'secring.gpg'. This, in
effect, lets you have far more secure passwords than just a dozen or two
> I got as far as trying to ASCII encrypt a file, and then I got this:
> [chatmus at ruby gpg]$ ./gpg -vae /home/c/h/chatmus/test.txt
> gpg: this is a PGP generated ElGamal key which is NOT secure for signatures!
> gpg: key 812E70CE, uid 2640: invalid self-signature: Unknown pubkey algorithm
> gpg: key 812E70CE, uid 2640: invalid user id - removed
> gpg: key 812E70CE: no user ids - rejected
> gpg: key 812E70CE: can't put it into the trustdb
It doesn't like your key since it can't be signed..... since you don't
have a secure way to sign it.
Go back and generate a sign/encrypt key. They are useful. (And you
never know when you may need to sign things: if I can get the Internic
to take my GPG key, I'll switch to PGP checking on all our stuff, which
will make me feel better at night...)
> gpg: Ooops: Ohhhh jeeee ... (pkclist.c:538:select_algo_from_prefs)
> secmem usage: 1472/1472 bytes in 3/3 blocks of pool 1472/16384
Well, that looks like a bug. :)
> Why do I get the idea that I've found a bug, or I'm just doing something
> that nobody who knew what they were doing would try? :-)
> What's with the "insecure memory"? Can I make it secure? Or should I not
> worry? Or what?
Set gpg to be setuid root and you can. (This keeps other processes from
snooping your memory to steal your data while it's there: it's not
absolutely critical, but paranoia is a good thing.)
I gather you're not root on this machine, so it may not be possible, but
I wouldn't stay up late worrying about it.
> And how come it doesn't know who owns the key?
> Is it because:
> A) I need to specify the client's name (or some other id)
> B) I didn't pick one of the "sign and encrypt" options.
> PS Is somebody working on an "Introduction" yet?
> It ain't much, but I reckon I could try to start one.
Actually, that would be really useful. The more people know how to use
and recognize a signature, the better.
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster
More information about the Gnupg-devel