Robert J. Hansen
rjh at sixdemonbag.org
Fri Apr 13 02:47:51 CEST 2012
On 04/12/2012 06:21 PM, michael crane wrote:
> what is the mechanism to ensure it came from who I think it did ?
Turn it around.
The public and the private key are inverses. Each can decrypt what the
other one encrypts. When someone encrypts a message with your public
key, only your private key can decrypt it. And if you encrypt a message
with your private key, then anyone who has your public key can decrypt it.
So if I have a copy of your public key, and it decrypts a message
successfully... then I know it was encrypted with your private key. And
since you're the only one who has your private key, it means I can have
confidence the message came from you.
Usually this process is called "signing" a message. This is how
signatures work. :)
More information about the Gnupg-users