Henry Hertz Hobbit
hhhobbit at securemecca.net
Fri May 3 14:05:02 CEST 2013
On 05/03/2013 08:45 AM, Lema KB wrote:
Werner is of course correct but since you need to do a send to
userid_1, userid_2, and userid_3 you will need the public key
for all three of the recipients. You need the public key for
each person you want to send a public key enciphered (encrypted)
file or message to.
Public / Private Key Enciphering
- encrypted with the other person's (or people's) public key(s).
No pass-phrase is required.
- can only be decrypted by the person (or people) that has the
private key(s) that is associtated with public key(s) that
the file or message was encrypted with. They also need to know
the pass-phrase unless the pinentry program decides to supply
their pass-phrase forever. Don't laugh too loud. It happened
to me. I must provide my pass-phrase again now. Thank goodness!
Private / Public Key signatures (used for verification)
- the file or message is signed with your private key. You must
use your pass-phrase when signing. This was most critical
for the pinetry supplying the pass-phrase for me. You should
be required to supply the pass-phrase for all signings with
the only laxity being a one-time supply of pass-phrase for
a batch of files.
- verified with your public key with them importing it and then
giving it the proper (hopefully) level of trust when they edit
and lsign / sign your public key. They have known you all your
life? Then your key deserves the highest level of trust no
matter what you do in life. The verification is that the
person is really who they claim to be.
My primer reference book is "PGP & GPG, Email For The PRACTICAL
Paranoid" by Michael W. Lucas. I hope he gives another edition
some time since GPG4Win has improved and simpliied a lot of things
for Windows users. Disclaimer: I do NOT get a cut of the profits
from the sale of the book.
More information about the Gnupg-users