LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-16-2015, 08:51 AM   #1
validator456
Member
 
Registered: Apr 2013
Location: Rotterdam, The Netherlands
Distribution: Crunchbang Linux
Posts: 135

Rep: Reputation: Disabled
GPG-encryption - explain it to me like I am five please


I have read about GPG-encryption on the German, English and the Dutch wikipedia and I cannot make sense of it.

So can please someone explain the inner workings of GPG. And by that I don't mean how to make a key. The general idea of it.

Something like: there is Bob and John. Bob wants to send a mail to John in a safe way. He uses GPG for it. And then the story about public and private keys etc. As though I am five years old.
 
Old 01-16-2015, 09:23 AM   #2
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 262

Rep: Reputation: 54
So let's say John wants to send Bob an e-mail in a safe way. Bob shares his public key with John. When John sends Bob an e-mail, John encrypts the message using Bob's public key. The only way to read this e-mail now that it has been encrypted is with Bob's private key. When Bob gets it, he decrypts it with his private key and then he can read it. If Alice intercepts the e-mail, all she sees is the encrypted message and she has no way to decrypt it unless she has Bob's private key.

Does that make sense?
 
1 members found this post helpful.
Old 01-16-2015, 10:14 AM   #3
validator456
Member
 
Registered: Apr 2013
Location: Rotterdam, The Netherlands
Distribution: Crunchbang Linux
Posts: 135

Original Poster
Rep: Reputation: Disabled
It makes sense but how does Bob share the public key with John? What if Bob works oversees in Japan and John lives in NYC. How does Bob share the key?

Does he first send the key over the internet to John in NYC? If so, then it is still not safe.
 
Old 01-16-2015, 10:28 AM   #4
J Martin Rushton
Member
 
Registered: Jan 2015
Location: England
Distribution: Mainly CentOS
Posts: 31

Rep: Reputation: Disabled
Two different things are being conflated here. Public key cryptography works by having a pair of keys either one of which can be used to encrypt text, but the other one is needed to decrypt text. Let's assume you have a pair of keys: V1 and V2, and I have a pair M1 and M2. We'll both keep our number one keys secret, but let the world+dog read the number two keys.

If I want to send you a message that I don't want anyone else to read I encrypt it with your V2 key. Only you can now decrypt it. If you want to reply to me you use M2, and I read it with M1. This is public key cryptography.

To send a message in PGP (or GPG) you first create a brand new key for a symetrical encryption system. Symmetrical means that the same key is used to encrypt and decrypt. Use this key to encrypt your message. Now encrypt the key with my M2 key and send both to me. No-one else can read the encrypted key, and so cannot decrypt the message. I, of course have M1 and can decrypt then symmetric key, and the decrypt the original message.

A new symmetric key is used for each message, so the amount of cryptotext available to an attacker is minimised.

Last edited by J Martin Rushton; 01-16-2015 at 10:30 AM. Reason: Typo
 
1 members found this post helpful.
Old 01-16-2015, 10:40 AM   #5
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 262

Rep: Reputation: 54
The key that Bob gives John is a public key. It is expected that anyone can get this key. The public key can only be used to encrypt. The private key is what is needed to decrypt messages and that should never leave Bobs system.

Last edited by YankeePride13; 01-16-2015 at 10:46 AM.
 
1 members found this post helpful.
Old 01-16-2015, 10:45 AM   #6
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian
Posts: 1,054

Rep: Reputation: 276Reputation: 276Reputation: 276
There are multiple public-key servers available. You can upload your public key to any or all of them, and then anyone, anywhere, can download it. Google should find most of the servers for you. You can go to them and search for anyone by name, keyname, keynumber, or other keywords. You can download any that you want. For the system to work properly, public keys must be widely distributed. You want everyone to have your public key, because without it nobody can send you encrypted messages. But you want to protect your private key, because with it anyone can decrypt messages sent to you.

You can also use your private key to just encrypt data that only you can decrypt. If you want to store sensitive files in the cloud, you can encrypt them using your private key, and they're safe, as long as you use a strong key and a strong passphrase, and you keep the key secure.
 
1 members found this post helpful.
Old 01-16-2015, 12:56 PM   #7
validator456
Member
 
Registered: Apr 2013
Location: Rotterdam, The Netherlands
Distribution: Crunchbang Linux
Posts: 135

Original Poster
Rep: Reputation: Disabled
Okay, I have let it sink in.

So it is about encryption in encryption.

So Bob encrypts the message with a key he just made and encrypts that with the key John has (V2). The now encrypted key and message is sent to John. John can decrypt this with his key (V1) and the decrypted key hidden in the message.

Now I am making a jump in my thinking. Posting the V2 key on the internet does not make the key unsafe because it is only part of the encrypting key. So the V2 key works like a ping. It ensures that the message is meant for John only. And because the V2 part of the key is public, it is called public key cryptography.

Let me know if I have drawn the right conclusions.
 
Old 01-16-2015, 01:32 PM   #8
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
Originally Posted by validator456 View Post
It makes sense but how does Bob share the public key with John? What if Bob works oversees in Japan and John lives in NYC. How does Bob share the key?

Does he first send the key over the internet to John in NYC? If so, then it is still not safe.
So you should have some way of getting others public key. Key signing(exchanging) parties are for that. Else you can upload your public key to pgp keyservers. Then anyone can download it. But to ensure that right (of the real person) public key is downloaded you should check it's fingerprint. So you have to have fingerprints from real person securely somehow.
 
1 members found this post helpful.
Old 01-16-2015, 01:35 PM   #9
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
Originally Posted by validator456 View Post
Okay, I have let it sink in.

So it is about encryption in encryption.

So Bob encrypts the message with a key he just made and encrypts that with the key John has (V2). The now encrypted key and message is sent to John. John can decrypt this with his key (V1) and the decrypted key hidden in the message.

Now I am making a jump in my thinking. Posting the V2 key on the internet does not make the key unsafe because it is only part of the encrypting key. So the V2 key works like a ping. It ensures that the message is meant for John only. And because the V2 part of the key is public, it is called public key cryptography.

Let me know if I have drawn the right conclusions.
Yes you understand right.
 
Old 01-16-2015, 02:58 PM   #10
validator456
Member
 
Registered: Apr 2013
Location: Rotterdam, The Netherlands
Distribution: Crunchbang Linux
Posts: 135

Original Poster
Rep: Reputation: Disabled
Okay, thank you for your answers. I have rated your posts as helpful (and they really were).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Encryption with openssl and gpg szim90 Linux - Security 1 10-22-2007 04:13 PM
gpg encryption for skype crashsystems Linux - Security 3 07-12-2007 01:17 PM
which encryption should I use, gpg? Melsync Linux - Security 4 07-06-2006 06:26 AM
gpg filename encryption ??? rino.caldelli Linux - Security 2 02-26-2006 07:34 AM
gpg / pgp encryption pteren Linux - Software 8 07-26-2003 04:14 AM


All times are GMT -5. The time now is 04:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration