On Wed, October 1, 2014 12:45 pm, Tim Dunphy wrote: >> >> With the premise being that the 'matching' key to that secret key is, >> well, public or accessible to anyone. > > > > Well, yeah! The PUBLIC key that you're sending the message to is > accessible > to anyone. But the only way to decrypt the message is with the PRIVATE key > that is paired with the public key of the recipient. Not sure where you > get > the idea that this is insecure. The message absolutely CANNOT be decrypted > by someone who does not have the private key with which the public key > you're sending the message to is associated. > > cryptography 101 indeed! not meaning to object, just a note: whatever is encrypted with public key can be decrypted with secret key whatever is encrypted with secret key can be decrypted with public key (i.e. mathematically keys in a pair are equivalent, choice which to use as a secret key is arbitrary). Valeri > > On Wed, Oct 1, 2014 at 1:29 PM, Mike <mike at microdel.org> wrote: > >> >> >> On Wed, 1 Oct 2014, Valeri Galtsev wrote: >> >> >>> On Wed, October 1, 2014 11:34 am, Nicolas Thierry-Mieg wrote: >>> >>>> On 10/01/2014 06:07 PM, Valeri Galtsev wrote: >>>> >>>>> >>>>> On Wed, October 1, 2014 10:19 am, Nicolas Thierry-Mieg wrote: >>>>> >>>>>> >>>>>> >>>>>> On 10/01/2014 05:16 PM, Nicolas Thierry-Mieg wrote: >>>>>> >>>>>>> On 10/01/2014 04:58 PM, Tim Dunphy wrote: >>>>>>> >>>>>>>> Hey guys, >>>>>>>> >>>>>>>> >>>>>>>> Having a little gpg issue I was wondering if someone could help >>>>>>>> me >>>>>>>> with. >>>>>>>> >>>>>>>> A friend of mine sent me an encrypted message. So I searched >>>>>>>> online >>>>>>>> and >>>>>>>> found a a set of keys that correspond with his email address. And >>>>>>>> imported >>>>>>>> them. But when I go to decrypt the message, this is what I get: >>>>>>>> >>>>>>>> [root at ops:~] #gpg --decrypt roger-message >>>>>>>> gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created >>>>>>>> 2014-10-01 >>>>>>>> "Roger Sherman <rsherman at viddler.com>" >>>>>>>> *gpg: encrypted with RSA key, ID 9A41C766* >>>>>>>> *gpg: decryption failed: secret key not available* >>>>>>>> >>>>>>>> <snip> >>>>>>> >>>>>>>> So maybe I just didn't import the right key? Or do you think the >>>>>>>> message >>>>>>>> wasn't sent correctly? Who's the dummy here? Me or him? :) >>>>>>>> >>>>>>> >>>>>>> looks like he encrypted with HIS public key. So you need his >>>>>>> private >>>>>>> key >>>>>>> to decrypt, obviously you don't have that. >>>>>>> I believe it's the other way around: he should encrpyt with your >>>>>>> public >>>>>>> key, then you are the only person capable of decrypting (with your >>>>>>> private key). >>>>>>> >>>>>> >>>>>> BTW what would be the point of encrypting, if anyone can just grab a >>>>>> key >>>>>> online and decrypt? :-) >>>>>> >>>>>> >>>>> If you can decrypt his message with his public key, this tells you >>>>> that >>>>> the person who has access to secret key of the pair was the one who >>>>> encrypted the message. This ensures that you know that he is the one >>>>> who >>>>> indeed sent this message. >>>>> >>>> >>>> that is the purpose of *signing*: authenticate the sender and prevent >>>> tampering of the message. >>>> >>>> The purpose of *encrypting* is different: make sure only the intended >>>> recipient can read (decrypt) the message. >>>> >>>> Sometimes you do both, but you don't have to. >>>> >>> >>> Sure, I agree, but I just answered the question if encrypting with >>> one's >>> own secret key is nonsense, which it isn't, but normally people do what >>> you describes, and that is the way was pgp and gpg are meant to be >>> used... >>> still "unusual thing" as encrypting with one's own private key isn't >>> nonsense. >>> >>> Valeri >>> >>> ++++++++++++++++++++++++++++++++++++++++ >>> Valeri Galtsev >>> Sr System Administrator >>> Department of Astronomy and Astrophysics >>> Kavli Institute for Cosmological Physics >>> University of Chicago >>> Phone: 773-702-4247 >>> ++++++++++++++++++++++++++++++++++++++++ >>> >>> This thread has turned in to 'cryptography 101' on the CentOS mailing >> list. This is my last post... >> >> Encrypting content (a message) with ones own secret key with the intent >> of >> privacy is pointless (or nonesense as you say). With the premise being >> that the 'matching' key to that secret key is, well, public or >> accessible >> to anyone. Hense no privacy as the content can be decrypted by anyone. >> >> Encrypting a message digest or hash with ones own secret key makes >> perfect >> sense. That is the essence of a digital signature. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++