Signing vs. encrypting was: Cipher v public key.

Janusz A. Urbanowicz alex at
Thu Jun 1 11:27:10 CEST 2006

On Wed, May 31, 2006 at 01:59:37PM +0100, David Gray wrote:
> Will suggest to the customer that we use signed & encrypted
> transmissions.  The only Issue we then have is that they wish to be
> custodians of the private key,

There is no need for them, from the cryptography point of view. Using
public-key crypto they can send you encrypted stuff and you can send
them encrypted stuff and the second party can decrypt what they are
sent without knowing the sender's secret key - thats what pubkey
crypto is for. If they want to be sure that they can decrypt
everything, the encrypted data should be encrypted to both recipients'
pubkeys (thats perfectly possible using GPG/PGP).

> they are Looking into commerical methods for secure key
> distribution.
direct them to commercial solutions for quantum cryptography :->

> The other issue is the IT manager at the customer site is wary of Gnu
> software and is 
> Going to look at commerical offering, PGP I assume.  Apart from the lack 
> Of cost are there any other good reason I can give for using GPG? 

gpg integrates better with autimation and I really doubt that there is
current, supported PGP for anything else than windows and mac.


More information about the Gnupg-users mailing list