Prev-20 Home Next-20 2 msg Simple beginners questions about the gpg-smartcard 4 msg Detached signature that is not one 7 msg script to clean my keyring 5 msg beginner to gnupg 6 msg ECC - how does it compare 1 msg subscribe 1 msg Re: Key safety vs Backup 28 msg Key safety vs Backup : History of a bad day (ke... 2 msg GnuPG 1.4.7 and OS X 10.5 1 msg [Announce] Libgcrypt 1.3.1 released 4 msg Multiple recipients encryption 4 msg For Mac users: the oncoming Mac OS X 10.5 'Leop... Public/Private Keys - Consequences \ christopher dubois (22 Oct 2007) . \ Robert J. Hansen (22 Oct 2007) . \ David SMITH (22 Oct 2007) 1 msg gnupg refuses to work on a read-only filesystem 4 msg Separate Fingerprint for elGamal-Subkey? 1 msg Question regarding libgcrypt and openSuse 10.3 3 msg Re: pinentry-mac never displays any UI [seems t... 3 msg Question about Replying to List 4 msg Trouble with keyservers 2 msg GnuPG doesn't handle filenames? Prev-20 Home Next-20

Prev-Msg Prev-Thread Gnupg-users Oct-2007 Next-Thread Next-Msg Subject: Re: Public/Private Keys - Consequences Group: Gnupg-users From: David SMITH Date: 22 Oct 2007 On Fri, Oct 19, 2007 at 08:39:04AM -0700, christopher dubois wrote: > > Sorry I don't know much about this as I am just beginning, but what are the > dangers if you submit your key to a keyserver and make at available to the > public? When you "submit your key to a keyserver", you only submit the public part. You keep the private part to yourself. The private part is the bit that you need to sign messages with your signature, or to decrypt messages that have been encrypted with your public key. You never give your private key away. By default, GnuPG's options are organised intelligently so that GnuPG doesn't give away private keys without a fight - the normal "send" or "export" commands will only send or export public keys. Secret keys can only be obtained using different options which make it clear that you are dealing with secret keys rather than public ones. e.g. compare the "--export" option with the "--export-secret-keys" one. > I am aware that users who want to communicate with me securely can import my > key from a keyserver and add it to their keyring. But I want to know what > are the dangers of this, if there's any. Can users use my key to forge/alter > email documents and the likes? No, you need the private key to do that, which you don't give away. > Also, what is the difference between your public key and private key? To put it simply, the private key is used for generating signatures and for decrypting messages encrypted with the public key. The public key is used for encrypting messages (that can then only be decrypted with the private key), and for checking signatures that were generated with the private key. > What if someone has your private key, what can they do with it? Thanks > in advance. Sign messages as you, and decrypt all messages sent to you. Don't give it away. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith BRISTOL, BS32 4SQ | Home Email: David.Smith _______________________________________________ Gnupg-users mailing list Gnupg-users http://lists.gnupg.org/mailman/listinfo/gnupg-users Prev-Msg Prev-Thread Gnupg-users Oct-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com