Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

PGP Question

I recently downloaded PGPtray, and I'm trying to figure out what the difference is between "encrypt", "sign", and "sign & encrypt"?  What is the need for signing if you are encrypting?  And why sign at all?  Just a curious newbie...

Thanks!


CoolATIGuy
0
CoolATIGuy
Asked:
CoolATIGuy
  • 3
  • 3
2 Solutions
 
cyrnelCommented:
-Difference between "encrpt", "sign", and "sign & encrypt"?

Encrypt is the most straight-forward. It processes the the target file with one or more public keys & produces output readable only by those in possession of a corresponding private key. In this way you create an encrypted file that can only be read by the list of people you specify.

Signing is a way of processing a file with your private key so a recipient knows it was you who sent the file. It does not hide the contents, but it verifies the origin. The recipient checks the document by processing it with your public key. If it works they know you were the signer.

Signing and encrypting is the two used in combination.

-What is the need for signing if you are encrypting? And why sign at all?

Even if the information isn't sensitive, the trustworthiness may be. How do you know the file you received about a business negotiation or hostage situation originated from a trusted source? Without signing, you could act on planted information that sends you into dangerous territory. Signing is what the sender does so the recipient can verify the source of the data. The data is run with the private key. The recipient then checks the received information with the public key, and knows if it was you.

Don't worry. Signing is probably the least understood  feature of public key cryptography. PGP corp's introduction is a good read if you haven't battled this stuff before. Beyond the basics it talks about the importance of key security, management, and technical/social vulnerabilities.

http://download.pgp.com/pdfs/Intro_to_Crypto_040600_F.pdf

Dave
0
 
CoolATIGuyAuthor Commented:
Dave,

Awesome post!  Thanks!

One question; is it not possible to determine where an encrypted file came from without being signed?


FYI, raising points.  Thanks again!


CoolATIGuy
0
 
cyrnelCommented:
Nope. Remember, the person encrypting the data only needs your public key. They are not required to include any personally identifying information when encrypting. People often infer identity from the enclosing package (email or other) but we all know that presents numerous vulnerabilities.The act of signing adds the sender's identity component. Not perfect, but with it you know someone with that private key created the "package" and that it hasn't been tampered with en route.

Dave
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
CoolATIGuyAuthor Commented:
Awesome Dave; just awesome!  You've cleared so much up!  Thanks again!

CoolATIGuy
0
 
CoolATIGuyAuthor Commented:
BTW, I got PGP Freeware... http://web.mit.edu/network/pgp.html .  Logical choice?

CoolATIGuy
0
 
cyrnelCommented:
You bet. You get disk tools and more application interoperability with the commercial workgroup version, and management options with the admin ver$ion, but the MIT freeware version provides the complete encryption/signing functionality. That's where it (PGP) all started almost 15yrs ago. (including Mr. Z's now distant trouble with the feds)

Dave
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now