[new-user] question

brian m. carlson sandals at crustytoothpaste.net
Fri Apr 13 02:13:58 CEST 2012


On Thu, Apr 12, 2012 at 11:21:16PM +0100, michael crane wrote:
> hello,
> I'm trying to understand the principals and benefits of using pgp/gpg
> I think I understand that I send the part of my key that is public to
> somebody and they use that key to encrypt a message which only I can
> decypher.
> So what if somebody uses my public key to send me a message purporting
> to come from somebody else ?
> what is the mechanism to ensure it came from who I think it did ?

The sender can sign the message to verify that it came from him or her.
If someone just sends you an unsigned encrypted message, there is no way
to verify that I came from who you think it did.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120413/8b972166/attachment.pgp>


More information about the Gnupg-users mailing list