• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

Pgp Trust

how does PGP's web of trust operates, I am new at this , any good sites ?

Thanks Pete
0
auziepete
Asked:
auziepete
  • 3
  • 2
1 Solution
 
RevelationCSCommented:
please clarify what you are looking for... your question is a little bit confusing...
0
 
auziepeteAuthor Commented:
Hi i am after , how does the trust thing work in pgp via email and authenication, plus how does the signing  inflict the procedure in this, with sending encrypted emails or messages

Pete
0
 
RevelationCSCommented:
try looking at the following links:

http://www.pgp.com/
http://www.pgpi.org/

this should give you all of the information that is available regarding what you are looking for... essentially, PGP runs like regular encryption, where there is a key on both the encrypter and the decrypter's end that decypers the encription. Both sides must have a valid key to lock/unlock what is being encrypted...
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
DustbakCommented:
Hi Pete,

First of all PGP is a good choice. PGP at least when Phil Zimmerman was still around there is the only major crypto implementation which has been verifiably secure.

PGP works with public key crypto which is so called a symmatrical crypto system. You have a so-called private/secret key and a public key.

The public key you distribute in as much as possible different places (like the pgp keyserver) The secret key you keep as secure as possible (smart cards etc.. are nice options).

The way it is mostly used. You want to send a secure message to Bob. You encrypt it with Bobs public key. Only Bob can read this message now since he has the secret key to decrypt this message. However how does Bob know whether this message came from you ??

Besides being able to encrypt the message to Bob with Bobs public key, You can also 'encrypt' this message with your own secret key. This message can than be decrypted with your public key which everybody can get. The result of this is that everybody can verify whether this message is 'encrypted' with your secret key. This way you get a form of signature.

Now, here comes the idea of the web of trust. Since How can Bob fully trust that your public key is really your public key ?? The idea was that other people would sign your public key. The more people would sign your key the more likely it is that you are you or that there would be somebody that Bobs know personally, etc..

This is also the general idea behind CA concepts like Thawte and Verisign and all others.

Hope this will help you a bit further.

Best regards
Ray
The web of trust is based upon the
0
 
auziepeteAuthor Commented:
Thanks RevelationCS AND Dustbank

Problem solved

Thanks Pete
0
 
RevelationCSCommented:
please do not forget to close out the question if the problem has been solved....

if you have questions on how to do this, please see the following link:
http://www.experts-exchange.com/help.jsp#hi9
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now