OpenPGP.
I noticed my host has added a spot for this on my control panel, it generates a public and private key.
Err, I know PGP is for encrypting things, but how exactly does this work? It makes a key, now what?
Can someone explain this to me?
- EngDrewman
- DBB Ace
- Posts: 232
- Joined: Mon Oct 13, 2008 12:01 am
- Location: Sacramento, CA
- Contact:
Does this help? http://www.openpgp.org/about_openpgp/
The Wikipedia page for PGP (here) seems pretty helpful to me, along with a Google search ... but I suspect you already knew about those. Guess that probably doesn't help you much. Wish I could help you more.
PGP is an implementation of asymmetric cryptography, i.e. the key you use to encrypt is different from the key you use to decrypt. In particular, it is an implementation of public key cryptography, where key pairs consist of a public key and a private key and have two special mathematical properties: (1) a message encrypted by a public key can only be decrypted by the corresponding private key, and (2) a message encrypted by a private key can only be decrypted by the corresponding public key. Using these special properties, we can use public key cryptography for both encryption and signing.
For encryption, we take advantage of property #1. You hand out the public key to anyone you want, and then they can use the public key to encrypt messages to you. You don't hand out the private key to anyone, since this is what you need to actually be able to decrypt the encrypted messages. Since only the private key, not the public key, will be able to decrypt these messages, it is safe to make the public key public.
For signatures, to ensure that a message that claims to be from you really is from you and hasn't been altered, we take advantage of property #2. In other words, the roles of the public key and private key are reversed. First, you hash the message. Then you encrypt the hash using your private key. Recipients can then use your well-known public key to decrypt the hash and ensure that the decrypted hash is the hash of the message. Since you are the only one with the private key, you are the only one who can encrypt the hash such that the public key you handed out to everyone will be able to decrypt it, thus guaranteeing the message was from you.
That's at least how the technology works. I don't know how useful this is, since I don't actually know what your host means by offering this as a feature.
For encryption, we take advantage of property #1. You hand out the public key to anyone you want, and then they can use the public key to encrypt messages to you. You don't hand out the private key to anyone, since this is what you need to actually be able to decrypt the encrypted messages. Since only the private key, not the public key, will be able to decrypt these messages, it is safe to make the public key public.
For signatures, to ensure that a message that claims to be from you really is from you and hasn't been altered, we take advantage of property #2. In other words, the roles of the public key and private key are reversed. First, you hash the message. Then you encrypt the hash using your private key. Recipients can then use your well-known public key to decrypt the hash and ensure that the decrypted hash is the hash of the message. Since you are the only one with the private key, you are the only one who can encrypt the hash such that the public key you handed out to everyone will be able to decrypt it, thus guaranteeing the message was from you.
That's at least how the technology works. I don't know how useful this is, since I don't actually know what your host means by offering this as a feature.