LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-02-2012, 10:24 AM   #1
xeon123
Member
 
Registered: Sep 2006
Posts: 374

Rep: Reputation: 16
using mail with PGP


I'm thinking in sending email with PGP, but I've a question.

If I cipher an email using PGP and send to someone, the receiver has to decipher the email with a public key. How the recipient receives the key to decipher the email?
 
Old 02-02-2012, 10:26 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
You've got it backwards.

You encipher using his/her public key. S/he deciphers using the corresponding private key.

http://en.wikipedia.org/wiki/Public-key_cryptography

Public keys are often distributed 1) via keyservers; or 2) in person; or 3) through some other sufficiently trusted channel.

If you're sending an email to Alice, she would have already generated her keypair in advance, and gotten the public key to you.
 
Old 02-02-2012, 10:35 AM   #3
xeon123
Member
 
Registered: Sep 2006
Posts: 374

Original Poster
Rep: Reputation: 16
So if I send a ciphered mail to someone, I need the recipient public key?

If so, I think that PGP is not very easy and practical to use, because I can only send ciphered message to someone that created a public key.

Last edited by xeon123; 02-02-2012 at 11:02 AM.
 
Old 02-02-2012, 03:40 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by xeon123
So if I send a ciphered mail to someone, I need the recipient public key?
Absolutely.

Quote:
Originally Posted by xeon123
If so, I think that PGP is not very easy and practical to use, because I can only send ciphered message to someone that created a public key.
Look at it this way: how can you (effectively) encipher a message without a key? Same problem would apply with symmetric encryption, except those keys are more difficult to safely distribute.
 
Old 02-02-2012, 07:08 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,411

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
This++. The point is that a public key is 'public'; with symmetric keys you have to maintain secrecy and that's hard...
 
Old 02-03-2012, 03:27 AM   #6
xeon123
Member
 
Registered: Sep 2006
Posts: 374

Original Poster
Rep: Reputation: 16
But PGP implies that someone must have already the recipients public key. From what I understood from the previous mail is that, I can't send a ciphered mail to someone for the first time that I contact him, and if the recepient doesn't use PGP, I also can't send ciphered mail.

This why I think that PGP is not very pratical. Right?
 
Old 02-03-2012, 04:39 AM   #7
jebe88
LQ Newbie
 
Registered: Jan 2012
Location: Germany
Distribution: Debian
Posts: 11

Rep: Reputation: Disabled
What you say has nothing to do with PGP in particular.
Why would you want to encipher an email? Because you want only the intended recipient to be able to read that mail and nobody else shall be able to decrypt the message successfully. So the recipient and you must have exchanged some sort of secret like a special cipher algorithm or a key to use for ciphering or a special hardware or something.
Of course, you can't send a ciphered mail to someone you have never exchanged a secret with. If no such secret would be needed to decipher your mail, anybody would be able to do it.
So, to send encrypted mails to somebody, you first send her/him an unencrypted email containing your public key. The recipient verifies, that the received public key really belongs to you, maybe by calling you on the phone or so. Then she/he sends her/his public key in return. Now that you both have the public key of each other, you encrypt mails to her/him with the public key you received and she/he uses your public key.
To make the initial key exchange a little bit easier, public key servers are available. Once you've created you public/private key pair, you can upload your public key to those servers. If someone want's to send you an encrypted email, she/he can search on the servers for your public key by typing your email address.
 
Old 02-04-2012, 11:50 AM   #8
xeon123
Member
 
Registered: Sep 2006
Posts: 374

Original Poster
Rep: Reputation: 16
So imagine, that someone (Eve) found that user Alice uses PGP.

Eve can monitoring Alice communications 24/7 to get the public key. After Eve get the public key from Alice, she can decipher all the mail that Alice will send.

If this is right, PGP is not really useful. Right?

Last edited by xeon123; 02-04-2012 at 11:55 AM.
 
Old 02-04-2012, 12:08 PM   #9
jebe88
LQ Newbie
 
Registered: Jan 2012
Location: Germany
Distribution: Debian
Posts: 11

Rep: Reputation: Disabled
No, that's wrong. Remember you have a pair of keys, the public one which everybody can have free access to and your private one, which only you have and which you'll never ever give to anybody else.
Everybody can encrypt mails with your public key, but only you will be able to decrypt them, because you are the only one who has the _private_ key which is required for that operation.
Eve may get the public key of Alice from a key server as well without the need of monitoring Alice's traffic or she can even ask Alice for her public key and it's perfectly safe for Alice to give it to her. Eve can send encrypted messages to Alice then but only Alice will be able to decrypt them, because only Alice has the private key that matches her public one.

Last edited by jebe88; 02-04-2012 at 12:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I read PGP/GPG mail in my maildir from a SSH shell? 3rods Linux - Software 1 04-10-2008 11:37 AM
Pgp JenniJenni Linux - Newbie 1 10-11-2007 08:03 AM
Pgp Ruishanko Linux - Newbie 13 10-07-2004 04:59 PM
PGP with mail juanb Linux - Security 3 08-19-2004 11:05 AM
PGP and mozilla -mail vexer Linux - Security 7 05-02-2004 11:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration