Bitcoin Forum

I've been seeing lots of messages with PGP since I started on here, and I've been wondering exactly how it works. Is it basically a hash of the message, using the PGP key as a salt? Is there some kind of "how PGP works" article that explains this well?

Also, what exactly is the point of using PGP on the forum? If someone were to change your message, couldn't they also change the signature? Or do you have a private key, too?

In response to your second question.  If someone changes the message than you can check the signature and it will come back as invalid.  You would need the private key to sign the new message with the correct signature.  To check the signature you would need the public key of the person sending the message. 

PGP keys are used by people who place trades so that they can have a consistent, almost unhackable, identity.  Reputation can be built on this identity. 

If you use windows you can use GPG4Win I hear thats pretty useable and the interface looks easy on linux there is Kleopatra and lots more. I'm working on a P2P Crypt device that incorporates not only gpg4win/kleopatra encrypt/decrypt functions but also provides easy secure messaging to one another.

I don't like Kleopatra on Linux or Windows; it's a generalized solution to a problem that most people don't have.

GPA or KGpg work well, along with the Enigmail plugin for Thunderbird.

FireGPG (browser plugin) is dead, although the code on GitHub (https://github.com/firegpg/firegpg) mostly works. The replacement WebPG is under development but doesn't work very well yet.

As well as signing messages, PGP is also used to encrypt messages containing confidential information. You can safely send a private message to someone encrypted using their public key, and not have to worry about it being intercepted at any point. Only the owner of the private key can decrypt the message to reveal its contents.

I understand encryption, I'm just wondering how it works posting it on the forums. Is it basically just a type of public key encryption, the public key is provided, and is used to verify the characters given?

I guess you wouldn't post encryption on forums unless it is within a "known" group or a "single" recipient like Private Message. other than that its just funky for forums open discussion.

I just created my very first PGP key the other day via HostGator cPanel. Very easy to do. Now, how to use it is something I guess I'll learn soon enough. You you guys thought I was special ridin' in this here short bus.  ::)

https://www.gpgtools.org works like a champ on OSX. It runs as a service so all app are exposed to it.

I just thought of something. We should have a small keysigning for those of us with pgp keys that are only used for this forum. It might help increase trust. Or maybe even start an argument. We don't have enough of those around here. :)

Just a thought. I'm sure there's a problem with it that I didn't see and someone will surely let me know.

PGP? Just search and learn it, it's simple!

I like gpg4usb for practical reasons.

Just don't do this ...

http://imgs.xkcd.com/comics/pgp.png

http://xkcd.com/1181/

Visit the site to see the bonus mouse over message.

wow...

so funny and I believe that is true, nobody is going to "verify" signatures of messages on their own. (or out of band key verification haha)

Ill be honest, I managed to use pgp to access the OTC but I still have no idea how to sign an email.

The best solution is to use Thunderbird with the Enigmail plugin to read and send email, or perhaps I should say the "least suboptimal" solution since "best" doesn't accurately describe the situation.

You don't need to sign the email you can sign a plain text message (just like in OTC) and just paste the signed message into the email.

File attachments work better for validation