Basic question: Public-key encryption
- From: Tomás Ó hÉilidhe <toe@xxxxxxxxxxx>
- Date: Wed, 4 Jun 2008 13:33:15 -0700 (PDT)
I'm trying to get the hang of sending and receiving encrypted e-mail.
I'm running Mozilla Thunderbird as my e-mail client and I have the
Enigmail plug-in for doing encrypted e-mail.
First I just want make sure that I understand the whole "public key"
way of doing things:
* I generate my own key pair, a public key and a private key
* If a message is encrypted with my public key, it can only be
decrypted with my private key (and vice versa)
* I distribute my public key freely over the internet but I keep
my private to myself
* If someone wants to send me a confidential mail that only I can
read, they use my public key to encrypt the message, and then when I
receive the message I use my private key to decrypt it.
Do I understand that much?
* So if I want to send an encrypted e-mail to someone, I have to
get my hands on their public key, and then I encrypt the message using
their public key.
That right?
Then there's the whole thing of "authentification" whereby the
recipient can make sure that the sender isn't being impersonated. In
order to achieve this:
* I encrypt a message using my private key and then I send it to
Mary. Mary receives the message and uses my public key to decrypt it.
She can then be sure that it came from me.
That right?
I know that encryption and authentification can be combined. Let's say
I want to send an authentificated, encrypted message to Mary, do I:
* Encrypt the message with my private key, then encrypt it again
with Mary's public key.
* Mary receives the message, decrypts it with her public key, then
decrypts it again with my public key.
Is that right? Does it matter what order I encrypt them in? Also must
Mary decrypt them in the same order as I encrypt them?
Also I hear there's some sort of global database that holds people's
public keys? Is it advisable to add my own public key to this
database? Also is it advisable to use this database to find other
people's keys? The Enigmail plug-in uses the "pool.sks-keyservers.net"
server for keys; should I use this server? Is there a website that
people can go to in order to look-up the public key for a specific e-
mail address?
Also finally, what kind of key pair should I make? Enigmail gives two
options:
* RSA
* DSA & El Gamal
It also lets you specify key size (I presume you just pick as big a
key as possible for maximum secrecy).
There's a few other things I'm curious about:
* Enigmail lets me make a "Revocation Cerificate" for my key pair.
What use is this?
* It also lets me "sign" a key. What does this do?
If there's anything else I should know please say!
.
- Follow-Ups:
- Re: Basic question: Public-key encryption
- From: David Eather
- Re: Basic question: Public-key encryption
- From: Gil
- Re: Basic question: Public-key encryption
- Prev by Date: Re: Algorithm For Ensuring p & q Sufficiently Large For n in RSA
- Next by Date: Re: Algorithm For Ensuring p & q Sufficiently Large For n in RSA
- Previous by thread: python library for passwd suitable blowfish hash generation
- Next by thread: Re: Basic question: Public-key encryption
- Index(es):
Relevant Pages
|
