[new-user] question

Robert J. Hansen rjh at sixdemonbag.org
Fri Apr 13 02:47:51 CEST 2012

On 04/12/2012 06:21 PM, michael crane wrote:
> what is the mechanism to ensure it came from who I think it did ?

Turn it around.

The public and the private key are inverses.  Each can decrypt what the
other one encrypts.  When someone encrypts a message with your public
key, only your private key can decrypt it.  And if you encrypt a message
with your private key, then anyone who has your public key can decrypt it.

So if I have a copy of your public key, and it decrypts a message
successfully... then I know it was encrypted with your private key.  And
since you're the only one who has your private key, it means I can have
confidence the message came from you.

Usually this process is called "signing" a message.  This is how
signatures work.  :)

More information about the Gnupg-users mailing list