Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail

Lists.gnupg-users at mephisto.fastmail.net Lists.gnupg-users at mephisto.fastmail.net
Wed Feb 16 01:21:03 CET 2011


On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994:
> 
> Okay thanks for the help though I'm still somewhat confused...I understand
> that they key id is the entire keypair, but then how do  I found out what is
> just my public key, and just my secret key, the reason I"m asking is that if
> I want to give my public key to someone, then I apparently give the entire
> keyid since that has my secret key too..or am I wrong on that and I can give
> them the entire keyid? Thanks again and have a nice day.
> -- 

There is a distinction I believe you are missing; please feel free to
admonish me if I am oversimplifying things, however:

The Key ID is not the entire key pair; it merely represents the key
pair. It is a unique name for your key pair, if you would like to think
of it that way.

When you give someone your Key ID, you are not literally giving them any
part of your Secret or Public key--you are merely giving them a
convenient way to reference it. The actual public key can be quite long,
and inconvenient to read out to someone, or jot down on the back of a
cocktail napkin, so we have these Key IDs to use as short-hand.

If you have your public key published somewhere, such as on a key
server, the Key ID is a way for other people to unambiguously look up
the full key. If you have more than one key pair (e.g. one for personal
use, and one for work), the Key ID of each key pair (which will be
unique to each) is a way to tell them apart on such a key server, or
within your own keychain.

Note, however, that only giving someone your Key ID does not help them
to encrypt messages to you, or verify your signature, if they do not
have someplace to access the actual key (like a public key server). It
just helps them look up your individual key if it is in such a place.

Generally speaking, good OpenPGP implementations (like GnuPG) will
require that you explicitly state you want to export your _Secret_ key
before they will ever spit it out (e.g. "gpg --export-secret-keys" is
pretty obvious). Under all other circumstances, when you issue a command
to export a key, it will release only the public part of the key pair.

Hope this helps,
Kevin

-- 
"Le hasard favorise l'esprit préparé."
                      --Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 665 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110215/ae0c4fc0/attachment-0001.pgp>


More information about the Gnupg-users mailing list