Re: PGP

From: Jay D. Dyson (jdyson@treachery.net)
Date: 08/24/01 

Date: Fri, 24 Aug 2001 09:47:32 -0700 (PDT)
From: "Jay D. Dyson" <jdyson@treachery.net>
To: Security-Basics List <security-basics@securityfocus.com>
Subject: Re: PGP
Message-ID: <Pine.GSO.3.96.1010824094054.2705E-100000@crypto>

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 23 Aug 2001, Mike Eheler wrote:

> I have a question about PGP and PGP encrypted email. Most specifically
> email that comes with the PGP signature. Maybe my concept of the whole
> process is WAY off, so please tell me if it is. But I don't see how
> encrypting an email with PGP, then providing the key to decrypt it is
> secure in any way. Anyone can use that key to decrypt the email.

        That's incorrect. PGP uses public key cryptography wherein a
recipient's public key is used to encrypt the message intended for the
recipient. Only the recipient's private key (which is not [and should not
be] transmitted) can be used to decrypt that message. Even then,
decryption cannot take place until the holder of the private key has
successfully answered the pass phrase challenge to unlock the private key.

        As an example: Bob and Alice are both PGP users. Bob gives Alice
his public key. Alice takes a message destined for Bob and encrypts it on
Bob's public key and shoots it off via e-mail. Meanwhile, Fred (who is
the canonical man-in-the-middle) has intercepted Bob's public key and then
intercepts a copy of the message that is encrypted on Bob's public key.

        Fred has the encrypted message as well as Bob's public key, but he
doesn't have Bob's private key. Thus, Fred cannot decrypt the message.

        Bob, on the other hand, receives the message and can happily
decrypt the note since he has his private key and successfully enters his
pass phrase when prompted.

        Hope that helps. For further information, see the following:
http://www.treachery.net/~jdyson/crypto/ . Cheers!

- -Jay

  ( ( _______
  )) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@treachery.net ------<) | = |-'
 `--' `--' `-------- Real men prefer full disclosure. --------' `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO4Z3F7lDRyqRQ2a9AQHKlgP8D6jPbKZV9I1hOwK+V1jm9lTp2ZHPMSHh
xHxkdpzy7ROKc1ysd+bvED27MW8zGVJ8vLB4OqsccfZ3KfO3hx5+30KWx/nCn9mW
aY2GZTrhB5FS00QvmCLRnpXOgt4Weqfw0IalWEpZCwMDDAtZAqvSFxht620trLfJ
VtgmGsCHsEk=
=U9tb
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: RA doesnt work after encrypting in XP
    ... >I am setting up a standard procedure for encrypting the data folders on ... > as deleting the RA private key using certmgr.msc. ... This works fine and I am able to decrypt them as ...
    (microsoft.public.win2000.security)
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... RA for that file and you will see that "Administrator is the RA. ... decrypt it. ... > RA though I rebooted the computer after encrypting the files and before ... >> private key, then create the RA? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... RA though I rebooted the computer after encrypting the files and before ... > encryption to get the RA to decrypt encrypted files. ... > private key, then create the RA? ... >> decrypt user's files, remove user's EFS certificate private key, and RA ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS cant decrypt
    ... you will be able to decrypt your ... If you didn't find that certificate and couldn't export the private key see ... Was your password reset sometime between encrypting the files and now? ...
    (microsoft.public.security)
  • Re: EFS cant decrypt
    ... you will be able to decrypt your ... If you didn't find that certificate and couldn't export the private key see ... Was your password reset sometime between encrypting the files and now? ...
    (microsoft.public.windowsxp.security_admin)