tkbx (OP)
|
|
March 11, 2013, 12:13:12 PM |
|
I've been seeing lots of messages with PGP since I started on here, and I've been wondering exactly how it works. Is it basically a hash of the message, using the PGP key as a salt? Is there some kind of "how PGP works" article that explains this well?
Also, what exactly is the point of using PGP on the forum? If someone were to change your message, couldn't they also change the signature? Or do you have a private key, too?
|
|
|
|
Rothgar
|
|
March 11, 2013, 02:55:34 PM |
|
In response to your second question. If someone changes the message than you can check the signature and it will come back as invalid. You would need the private key to sign the new message with the correct signature. To check the signature you would need the public key of the person sending the message.
PGP keys are used by people who place trades so that they can have a consistent, almost unhackable, identity. Reputation can be built on this identity.
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
March 11, 2013, 03:13:05 PM |
|
If you use windows you can use GPG4Win I hear thats pretty useable and the interface looks easy on linux there is Kleopatra and lots more. I'm working on a P2P Crypt device that incorporates not only gpg4win/kleopatra encrypt/decrypt functions but also provides easy secure messaging to one another.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
March 11, 2013, 03:52:32 PM |
|
I don't like Kleopatra on Linux or Windows; it's a generalized solution to a problem that most people don't have. GPA or KGpg work well, along with the Enigmail plugin for Thunderbird. FireGPG (browser plugin) is dead, although the code on GitHub mostly works. The replacement WebPG is under development but doesn't work very well yet.
|
|
|
|
Tirapon
|
|
March 11, 2013, 04:15:17 PM |
|
As well as signing messages, PGP is also used to encrypt messages containing confidential information. You can safely send a private message to someone encrypted using their public key, and not have to worry about it being intercepted at any point. Only the owner of the private key can decrypt the message to reveal its contents.
|
|
|
|
tkbx (OP)
|
|
March 11, 2013, 05:00:35 PM |
|
I understand encryption, I'm just wondering how it works posting it on the forums. Is it basically just a type of public key encryption, the public key is provided, and is used to verify the characters given?
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
March 11, 2013, 05:14:18 PM |
|
I understand encryption, I'm just wondering how it works posting it on the forums. Is it basically just a type of public key encryption, the public key is provided, and is used to verify the characters given?
I guess you wouldn't post encryption on forums unless it is within a "known" group or a "single" recipient like Private Message. other than that its just funky for forums open discussion.
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
March 11, 2013, 07:04:50 PM |
|
I just created my very first PGP key the other day via HostGator cPanel. Very easy to do. Now, how to use it is something I guess I'll learn soon enough. You you guys thought I was special ridin' in this here short bus.
|
|
|
|
|
Severian
|
|
March 11, 2013, 07:29:44 PM |
|
Which takes what is ever in your clipboard and sends it to gpg to verify... I just thought of something. We should have a small keysigning for those of us with pgp keys that are only used for this forum. It might help increase trust. Or maybe even start an argument. We don't have enough of those around here. Just a thought. I'm sure there's a problem with it that I didn't see and someone will surely let me know.
|
|
|
|
veteranBtc
|
|
March 11, 2013, 07:42:25 PM |
|
PGP? Just search and learn it, it's simple!
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 11, 2013, 07:42:50 PM |
|
I like gpg4usb for practical reasons.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 11, 2013, 09:06:32 PM |
|
Just don't do this ... http://xkcd.com/1181/Visit the site to see the bonus mouse over message.
|
|
|
|
wtfvanity
|
|
March 11, 2013, 09:42:28 PM |
|
|
WTF! Don't Click Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
March 13, 2013, 01:45:30 PM |
|
so funny and I believe that is true, nobody is going to "verify" signatures of messages on their own. (or out of band key verification haha)
|
|
|
|
vite
Legendary
Offline
Activity: 1018
Merit: 1000
|
|
March 13, 2013, 02:14:01 PM |
|
Ill be honest, I managed to use pgp to access the OTC but I still have no idea how to sign an email.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
March 13, 2013, 02:16:21 PM |
|
Ill be honest, I managed to use pgp to access the OTC but I still have no idea how to sign an email.
The best solution is to use Thunderbird with the Enigmail plugin to read and send email, or perhaps I should say the "least suboptimal" solution since "best" doesn't accurately describe the situation.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 13, 2013, 03:17:36 PM |
|
Ill be honest, I managed to use pgp to access the OTC but I still have no idea how to sign an email.
You don't need to sign the email you can sign a plain text message (just like in OTC) and just paste the signed message into the email.
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
March 16, 2013, 05:40:12 AM |
|
Ill be honest, I managed to use pgp to access the OTC but I still have no idea how to sign an email.
You don't need to sign the email you can sign a plain text message (just like in OTC) and just paste the signed message into the email. File attachments work better for validation
|
|
|
|
|