Code: Select all
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
is anyone interested in learning more about Public Key Encryption?
This would be GnuPG on our Linux systems -- or
PGP/Desktop for those needing an "official" commercial system.
Similarly we would use Enigmail on Thunderbird on our Linux systems
while those needing "official" commercial software would be using Outlook.
I think one of the aspects of Public Key Encryption is
that PGP or GnuPG provides authentication and integrity -- not just encryption.
Authentication allows you to verify that a message
is from the person who claims to have sent it.
Integrity allows you to verify that a message has not been altered "in transit"
Provided that you have a trusted copy of the other person's public key.
Which gets us into the subject of Trust Models.
These are discussed in Phil Zimmerman's original essay on PGP -- and --
as far as I'm concerned -- that's still the best read on the topic.
I'll sign this for you with GnuPG -- just for fun.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQEcBAEBAgAGBQJTLJTWAAoJEMxYQmPg90u5iLMH/1MPH3E1kDDtVqxb5BxF42e7
BnYBClU0EfSaZpIQ+stbVAGA9uU96dyPAj/uR1ceep/P0RCkvqJ8BmWSjxUBHjod
lVlrUqSUCD1kBsJ5yu9gC/pBInDT+nMoPgoqZpuc3XqTc43MGKWe9j7lQ2H6VHtu
hT/xSATXUoL5/Ql6tFkrsudW0+3huR4LV+ZPkYq2fXhZb3JSzNhPkE783Kx/Ao+l
Hx8ZSXDWlvNKQbSuRNto7nFZIQT6lnsPM0bhX6iSX4xyjC36a1taX45XLTeuP7ic
Ao/g4A/I0aCdaD7IwjMx9aTLEiaDTtXJpfp9ctGvCLNHLm3WEgpta8o7uubtA+o=
=L3+Q
-----END PGP SIGNATURE-----
Link to Zimmerman's Original Document Vol 1
From my own studies it is my view that a lot of what we call "hacking" results from our failure to authenticate the credentials of sources that we communicate with . this would apply to software downloads as well as e/mails, credit card transactions, tax returns, web sites -- you name it.