Cipher v public key.
Jonathan T. Rockway
jon at jrock.us
Tue May 30 23:03:41 CEST 2006
> Sorry I may be missing the point but why does it now show AES or AES256 as a
> pukey?
>
I think you're misunderstanding how PGP public-key encryption works.
When you send an encrypted message, the first thing that happens is a
random number called a session key is generated. This session key is
then used to encrypt the (compressed, possibly) original message with a
symmetric cypher like AES256. Then, this session key is encrypted with
the recipient's public key (RSA or ElGamal).
When the message is received by the recipient, he uses his private key
to decrypt the session key. Then he uses the session key to decrypt the
original message.
If you're just using symmetric keys, you use AES256 directly. The
passphrase you type in is used as the session key, in this case
(actually, there's a random number called "salt" appended to the
passphrase to prevent certain attacks, but the idea is the same). With
public key cryptography, the software (via the public key algorithms)
handles the (difficult) task of giving the recipient the decryption
key. With symmetric encryption, it's your responsibility to get the
passphrase to the recipient.
If you're still not clear on this, you should definitely read something
like Applied Cryptography, so that you can talk intelligently to your
client about cryptography. The biggest security problem with crypto is
when it's misapplied (people think they're safe, but the crypto is
merely obfuscating the message, not securing it).
Another good way to learn about symmetric encryption is to write your
own simple encryption program. http://ciphersaber.gurus.com/ will guide
you through this.
Feel free to ask us any questions, though :)
Regards,
Jonathan Rockway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060530/b4ec8928/signature.pgp
More information about the Gnupg-users
mailing list