Analogien um das Prinzip von PGP zu erklären

Neal H. Walfield neal at
Thu Jul 3 13:46:33 CEST 2014

At Thu, 03 Jul 2014 12:50:50 +0200,
Daniel Krebs wrote:
> da ich das gerade mit Matthias von der FSFE im Rahmen von 
> #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt 
> ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt?
> Ich verwende ich meistens folgende Version:
> Es gibt ein Schloss mit zwei Schlüssellöchern. Jeder Schlüssel
> funktioniert nur in eine Richtung, also entweder Geöffnetes schließen
> oder Geschlossenes öffnen. Daran kann man dann auch das signieren
> erklären, was ja bei der "klassischen Metapher" (öff. Schlüssel =
> Schloss, priv. Schlüssel = Schlüssel) nicht funktioniert. Also:
> Verschlüsseln:
> Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit
> meinem geheimen.
> Signieren:
> Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit
> meinem öffentlichen.
> Anregungen, Meinungen?

You might want to take a look a this:

  Email encryption, although cryptographically straightforward,
  appears too complicated for laypeople to understand.  In our
  project, we aimed to understand why this problem has eluded
  researchers for well over a decade and expand the design space of
  possible solutions to this and similar challenges at the
  intersection of security and usability.


  In PGP’s metaphors, each user posses two items, a private key and a
  public key.  Have you inferred how the protocol works yet?  Unless
  you have previous exposure to cryptography, likely not.  Why do I
  have two keys? What do these keys open? Aren’t all keys private?
  When you want to send a message to someone, you encrypt it with his
  public key, which is known to everyone.  The recipient can decrypt
  it with his private key, which only he possesses.  But can’t anyone
  use the public key to decrypt the message again?  Nope.  A public
  key can only encrypt, not decrypt.  Just trust us on that one.
  You’re probably starting to understand why secure email is so hard
  to use.  Bear with us for one paragraph longer.


  We decided to test whether better metaphors might be able to close
  this gap between security and usability.  Specifically, we wanted
  metaphors that represented the cryptographic actions a user performs
  to send secure email and were evocative enough that users could
  reason about the security properties of PGP without needing to read
  a lengthy, technical introduction.  We settled on four objects: a
  key, lock, seal and imprint.  To send someone a message, secure it
  with that person’s lock.  Only this recipient has the corresponding
  key, so only they can open it.  To prove your identity, stamp the
  message with your seal.  Since everyone knows what your seal’s
  imprint looks, it’s easy to verify that the message came from you.


More information about the Gnupg-users mailing list