On 10/01/2014 06:07 PM, Valeri Galtsev wrote: > > On Wed, October 1, 2014 10:19 am, Nicolas Thierry-Mieg wrote: >> >> >> On 10/01/2014 05:16 PM, Nicolas Thierry-Mieg wrote: >>> On 10/01/2014 04:58 PM, Tim Dunphy wrote: >>>> Hey guys, >>>> >>>> >>>> Having a little gpg issue I was wondering if someone could help me >>>> with. >>>> >>>> A friend of mine sent me an encrypted message. So I searched online >>>> and >>>> found a a set of keys that correspond with his email address. And >>>> imported >>>> them. But when I go to decrypt the message, this is what I get: >>>> >>>> [root at ops:~] #gpg --decrypt roger-message >>>> gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created 2014-10-01 >>>> "Roger Sherman <rsherman at viddler.com>" >>>> *gpg: encrypted with RSA key, ID 9A41C766* >>>> *gpg: decryption failed: secret key not available* >>>> >>> <snip> >>>> So maybe I just didn't import the right key? Or do you think the >>>> message >>>> wasn't sent correctly? Who's the dummy here? Me or him? :) >>> >>> looks like he encrypted with HIS public key. So you need his private key >>> to decrypt, obviously you don't have that. >>> I believe it's the other way around: he should encrpyt with your public >>> key, then you are the only person capable of decrypting (with your >>> private key). >> >> BTW what would be the point of encrypting, if anyone can just grab a key >> online and decrypt? :-) >> > > If you can decrypt his message with his public key, this tells you that > the person who has access to secret key of the pair was the one who > encrypted the message. This ensures that you know that he is the one who > indeed sent this message. that is the purpose of *signing*: authenticate the sender and prevent tampering of the message. The purpose of *encrypting* is different: make sure only the intended recipient can read (decrypt) the message. Sometimes you do both, but you don't have to.