Bunch of stupid(?) Newbie Questions :)

Ben Gator bengator@gmx.fr
Wed Dec 4 00:51:03 2002

Hash: SHA1

Hello Dear List!

To give you an impression of my experience - I have just read the The 
GNU Privacy Handbook (from www.gnupg.org) and played around with my 
first keypair. But there are still some questions and my curiosity 
pushes me so much. I dont know where to find the answers. Hopefully 
you'll do :)

- - DSA/RSA + ElGamal
In the beginning there was only a keypair - divided into public and 
private part. Like two puzzle pieces, none works without the other 
part. Private is my very secret and the public key is for the public 
to send me encrypted messages. OK so far. But creating a new key 
(--gen-key) I see there is more. In the Handbook there is also a 
little mention that there is the DSA/RSA Keypair is for signing and 
the ElGamal Part for encryption. But do I have then two keypairs? How 
does this work together? Why two keypairs?

- - _Why_ the DSA/RSA Part cannot be bigger than 1024 Bit key length?

- - What is the fingerprint of a public key? What does it tell me? What 
do I need it for? Is it a signature?

- - I have generated a revoke certificate - How to use it? How to tell 
the keyservers? It'll only work as revoked if my keymates regularly 
check the keyserver if my pub key is still valid, right?

- - Net of Trust: I download a pub key of my friend. Sign it with my 
private key (DSA/RSA?). Than upload it to the keyserver where I got 
it from and everything is fine. Now the public key of my friend has 
two signatures - his own and mine. Does this process add or overwrite 
the public key? I mean could I taint a public key of someone by 
uploading his pub key with no or less signatures or uploading a pub 
key with his key ID and different pub key? I mean how secure is this 
key server stuff?

- - what is the great difference between gpg and pgp? License?

Great thx in advance for your answers!

Ben :)
Version: GnuPG v1.2.1 (GNU/Linux)