Public/Private Keys - Consequences

David SMITH dave.smith at st.com
Mon Oct 22 12:33:33 CEST 2007


On Fri, Oct 19, 2007 at 08:39:04AM -0700, christopher dubois wrote:
> 
> Sorry I don't know much about this as I am just beginning, but what are the
> dangers if you submit your key to a keyserver and make at available to the
> public?

When you "submit your key to a keyserver", you only submit the public
part.  You keep the private part to yourself.  The private part is the
bit that you need to sign messages with your signature, or to decrypt
messages that have been encrypted with your public key.  You never give
your private key away.

By default, GnuPG's options are organised intelligently so that GnuPG
doesn't give away private keys without a fight - the normal "send" or
"export" commands will only send or export public keys.  Secret keys
can only be obtained using different options which make it clear that
you are dealing with secret keys rather than public ones.

e.g. compare the "--export" option with the "--export-secret-keys" one.

> I am aware that users who want to communicate with me securely can import my
> key from a keyserver and add it to their keyring. But I want to know what
> are the dangers of this, if there's any. Can users use my key to forge/alter
> email documents and the likes?

No, you need the private key to do that, which you don't give away.

> Also, what is the difference between your public key and private key?

To put it simply, the private key is used for generating signatures and
for decrypting messages encrypted with the public key.  The public key is
used for encrypting messages (that can then only be decrypted with the
private key), and for checking signatures that were generated with the
private key.

> What if someone has your private key, what can they do with it? Thanks
> in advance.

Sign messages as you, and decrypt all messages sent to you.  Don't give
it away.

-- 
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk



More information about the Gnupg-users mailing list