Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail

David Tomaschik david at
Sun Feb 13 17:19:39 CET 2011

On 02/13/2011 03:03 AM, AgoristTeen1994 wrote:
> Hey, this is going to seem like stupid questions, but, I just found out about
> PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until
> about 2 hours ago, so I'm pretty unaware of how some thing work...First is,
> that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws
> Mail, to generate a key pair, it only lists, one key, my "key id" Is that my
> public key or my secret key? Or is it supposed to be both? If it's only one
> of them, how do I find the other? Also. I was wondering, in my reading on
> the internet about this sort of thing, it mentioned signing a message, say
> an e-mail, with my secret key, so the recipient knows it's from me...but I"m
> confused, since doesn't that mean, that any one I send a message to, that I
> "sign" will have my secret key and thus will be able to decrypt any messages
> they intercept? Thank you for any help, and have a nice day.

Not at all a stupid question.  Your keyid actually refers to an entire
keypair -- both a public and private key.  It can also refer to a master
key with several subkeys, but that's a more advanced usage.

Your 2nd question deals with the design of public key cryptography in
general.  My explanation here is an oversimplification that glosses over
the technical details, but should suffice.  The way RSA and DSA work is
that anything encrypted by your public key can only be decrypted by your
private key, and anything encrypted by your private key can be decrypted
by your public key.  You never give ANYONE your private key.

When you sign a message, you essentially take a hash of the message
(SHA-1 commonly) that is basically a condensed form of the message.
Then you encrypt that with your PRIVATE key.  That is a signature  A
recipient can attempt to decrypt the signature using your public key.
If they are able to, they know your private key was used to produce the
signature, and if you have kept control of your private key, it must
have been signed by you.

Hope that helps.

David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
david at

More information about the Gnupg-users mailing list