Bunch of stupid(?) Newbie Questions :)
Wed Dec 4 00:51:03 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hello Dear List!
To give you an impression of my experience - I have just read the The
GNU Privacy Handbook (from www.gnupg.org) and played around with my
first keypair. But there are still some questions and my curiosity
pushes me so much. I dont know where to find the answers. Hopefully
you'll do :)
- - DSA/RSA + ElGamal
In the beginning there was only a keypair - divided into public and
private part. Like two puzzle pieces, none works without the other
part. Private is my very secret and the public key is for the public
to send me encrypted messages. OK so far. But creating a new key
(--gen-key) I see there is more. In the Handbook there is also a
little mention that there is the DSA/RSA Keypair is for signing and
the ElGamal Part for encryption. But do I have then two keypairs? How
does this work together? Why two keypairs?
- - _Why_ the DSA/RSA Part cannot be bigger than 1024 Bit key length?
- - What is the fingerprint of a public key? What does it tell me? What
do I need it for? Is it a signature?
- - I have generated a revoke certificate - How to use it? How to tell
the keyservers? It'll only work as revoked if my keymates regularly
check the keyserver if my pub key is still valid, right?
- - Net of Trust: I download a pub key of my friend. Sign it with my
private key (DSA/RSA?). Than upload it to the keyserver where I got
it from and everything is fine. Now the public key of my friend has
two signatures - his own and mine. Does this process add or overwrite
the public key? I mean could I taint a public key of someone by
uploading his pub key with no or less signatures or uploading a pub
key with his key ID and different pub key? I mean how secure is this
key server stuff?
- - what is the great difference between gpg and pgp? License?
Great thx in advance for your answers!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----