[ale] emailing public dsa key (good, bad or ugly?)

James P. Kinney III jkinney at localnetsolutions.com
Thu Jan 26 13:48:00 EST 2006


On Thu, 2006-01-26 at 13:01 -0500, Robert Reese wrote:

> Just for reference, you encrypt to a public key and verify a signature with a public key.  With a private key you decrypt and you sign. ;c)

Yep. Since the signing is an encryption, the key type is reversed for
signatures (the decrypt key is published, the encrypt key is kept
secret. Thus the need for the "web of trust" on the published key. That
web of trust verifies that "yes, that key is used to decrypt stuff from
john doe"). That is why one should NEVER use the ssh keys as ones
gnupg/pgp keys. To do so is to publish both halves of the key pair.
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list