symmetric email encryption

Garreau, Alexandre galex-713 at
Fri Jul 18 23:07:13 CEST 2014

On 2014-07-18 at 19:39, Ingo Klöcker wrote:
> Sure. But the fingerprint is only used once (for verifying the key). And 
> it's not even secret information, so exchange via an insecure channel is 
> not an issue (at least, not a severe issue).
> OTOH, symmetric keys really should be exchanged via a secure channel. 

The fact is that you can use symmetric-keys when the other doesn’t have
yet a public key. So you can send her this understandable message and
*then* say her “here the key that’ll allow you to read the
message”. That could be used if the message *must* be transmitted by
mail, because it’s a file, because it’s large, because it have to be
*before* or other reason, so in some rare cases it can be useful, and
since the message has already been sent, it’s easier to convince the
other to begin using cryptography. Then she could decrypt the mail, and
you can start trying to convince her to use asymmetric cryptography, at
this point it’ll be easier.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20140718/33b0ec56/attachment-0001.sig>

More information about the Gnupg-users mailing list