Solved

PGP Question

Posted on 2004-08-25
6
220 Views
Last Modified: 2010-04-11
I recently downloaded PGPtray, and I'm trying to figure out what the difference is between "encrypt", "sign", and "sign & encrypt"?  What is the need for signing if you are encrypting?  And why sign at all?  Just a curious newbie...

Thanks!


CoolATIGuy
0
Comment
Question by:CoolATIGuy
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
cyrnel earned 500 total points
ID: 11899687
-Difference between "encrpt", "sign", and "sign & encrypt"?

Encrypt is the most straight-forward. It processes the the target file with one or more public keys & produces output readable only by those in possession of a corresponding private key. In this way you create an encrypted file that can only be read by the list of people you specify.

Signing is a way of processing a file with your private key so a recipient knows it was you who sent the file. It does not hide the contents, but it verifies the origin. The recipient checks the document by processing it with your public key. If it works they know you were the signer.

Signing and encrypting is the two used in combination.

-What is the need for signing if you are encrypting? And why sign at all?

Even if the information isn't sensitive, the trustworthiness may be. How do you know the file you received about a business negotiation or hostage situation originated from a trusted source? Without signing, you could act on planted information that sends you into dangerous territory. Signing is what the sender does so the recipient can verify the source of the data. The data is run with the private key. The recipient then checks the received information with the public key, and knows if it was you.

Don't worry. Signing is probably the least understood  feature of public key cryptography. PGP corp's introduction is a good read if you haven't battled this stuff before. Beyond the basics it talks about the importance of key security, management, and technical/social vulnerabilities.

http://download.pgp.com/pdfs/Intro_to_Crypto_040600_F.pdf

Dave
0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 11899719
Dave,

Awesome post!  Thanks!

One question; is it not possible to determine where an encrypted file came from without being signed?


FYI, raising points.  Thanks again!


CoolATIGuy
0
 
LVL 4

Assisted Solution

by:cyrnel
cyrnel earned 500 total points
ID: 11899827
Nope. Remember, the person encrypting the data only needs your public key. They are not required to include any personally identifying information when encrypting. People often infer identity from the enclosing package (email or other) but we all know that presents numerous vulnerabilities.The act of signing adds the sender's identity component. Not perfect, but with it you know someone with that private key created the "package" and that it hasn't been tampered with en route.

Dave
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 8

Author Comment

by:CoolATIGuy
ID: 11899887
Awesome Dave; just awesome!  You've cleared so much up!  Thanks again!

CoolATIGuy
0
 
LVL 8

Author Comment

by:CoolATIGuy
ID: 11899894
BTW, I got PGP Freeware... http://web.mit.edu/network/pgp.html .  Logical choice?

CoolATIGuy
0
 
LVL 4

Expert Comment

by:cyrnel
ID: 11899937
You bet. You get disk tools and more application interoperability with the commercial workgroup version, and management options with the admin ver$ion, but the MIT freeware version provides the complete encryption/signing functionality. That's where it (PGP) all started almost 15yrs ago. (including Mr. Z's now distant trouble with the feds)

Dave
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now