# GPG general questions

## scuzzo

I want to try gpg out. So far I understand you have 2 keys, private and public. You send out an encrypted email and someone can read it if they got the public key, but whats the private key for?

Also what is a good gtk frontend for gpg? And whats a good mail client that has gpg support? So far I have seen Balsa which looks nice.

----------

## patrickbores

The idea is that a message encrypted with the private key can only be decrypted with the public key. And vice-versa as well. This is useful two ways:

1. When you send someone an e-mail, you encrypt it with THEIR public key. That way you know that no one else can intercept it and read it.

2. You can "sign" a message that you send to someone. That is, you can encrypt a bit of information (usually a hash of the message) and attach it to the message. If the recipient can successfully decrypt the signature with YOUR public key, they know that it was encrypted with YOUR private key.

Evolution has good GPG support. It's what I use.

HTH,

Patrick

----------

## psylo

 *patrickbores wrote:*   

> The idea is that a message encrypted with the private key can only be decrypted with the public key. And vice-versa as well. This is useful two ways:
> 
> 1. When you send someone an e-mail, you encrypt it with THEIR public key. That way you know that no one else can intercept it and read it.
> 
> 2. You can "sign" a message that you send to someone. That is, you can encrypt a bit of information (usually a hash of the message) and attach it to the message. If the recipient can successfully decrypt the signature with YOUR public key, they know that it was encrypted with YOUR private key.
> ...

 

I do not agree with you for the point 1.When you send an encrypted e-mail, you encrypt it with your private key and the recipient(s) decrypt it with your public key.

----------

## patrickbores

 *Quote:*   

> I do not agree with you for the point 1.When you send an encrypted e-mail, you encrypt it with your private key and the recipient(s) decrypt it with your public key.

 

Whether or not you agree is irrelevant. Encrypting with someone else's public key is commonly done. By encrypting with someone else's public key, you're ensuring that only their private key will be able to decrypt the message. That is, you're ensuring that the message will be seen by their eyes only. A simple explanation of this is available at http://www.webopedia.com/TERM/P/public_key_cryptography.html

Haven't you ever used PGP encryption with a mail client? Usually, you have to select the recipients from your chain of public keys.

Encrypting something with your private key means that anyone with your public key can decrypt it. That is, it's basically world readable. But those who do read it can be assured that you actually sent it.

Patrick

----------

## psylo

 *patrickbores wrote:*   

>  *Quote:*   I do not agree with you for the point 1.When you send an encrypted e-mail, you encrypt it with your private key and the recipient(s) decrypt it with your public key. 
> 
> Whether or not you agree is irrelevant. Encrypting with someone else's public key is commonly done. By encrypting with someone else's public key, you're ensuring that only their private key will be able to decrypt the message. That is, you're ensuring that the message will be seen by their eyes only. A simple explanation of this is available at http://www.webopedia.com/TERM/P/public_key_cryptography.html
> 
> Haven't you ever used PGP encryption with a mail client? Usually, you have to select the recipients from your chain of public keys.
> ...

 

Ok... I'm sorry to hurt you, I've made a mistake...

----------

## georwell

kgpg is a good app to manage keys with.

----------

## nevynxxx

 *patrickbores wrote:*   

> The idea is that a message encrypted with the private key can only be decrypted with the public key. And vice-versa as well. This is useful two ways:
> 
> 1. When you send someone an e-mail, you encrypt it with THEIR public key. That way you know that no one else can intercept it and read it.
> 
> 2. You can "sign" a message that you send to someone. That is, you can encrypt a bit of information (usually a hash of the message) and attach it to the message. If the recipient can successfully decrypt the signature with YOUR public key, they know that it was encrypted with YOUR private key.
> ...

 

Also

1) you can encrypt things to yourself using your public key, then only people with your private key can read it (i.e. you)

2) if you keep a copy of mail you send, you want to make sure any encrypted mails you send you copy to yourself, and encrypt with your public key. Otherwise you can't read them again.

On the mail client note, I use sylpheed(-claws(-gtk2)) that has very good support. Especially when you add

```

keyserver-options auto-key-retrieve

keyserver hkp://pgp.mit.edu

keyserver hkp://subkeys.pgp.net

```

to you ~/.gnupg/gpg.conf file.

The keyservers can be whatever you like, my key is on pgp.mit.edu so I have that one in there. And the auto-key-retrieve makes gpgme grab the key automatically. So in sylpheed if you open a mail that is signed, it will automatically fetch the  key, and check the sig.

----------

## scuzzo

so do most people use a front end for gpg or CLI? what are some popular frontends based on gtk and qt?

----------

## nevynxxx

It depends what you want to do. As I only use gpg for signing (I would encrypt too but I mail mostly to mailing lists and people without gpg) mails, I suppose you'd call my mail client the front end. If your using it for encrypting files (something most mail clients will do on the fly for you) then I use cli, but that don't happen often.

----------

## Helper_Monkey

Ok here's another question:

When I sign a file I have to enter my passphrase, but if I export my secret key I don't have to enter the passphrase. This seems like it is a security flaw, but I'm sure someone can explain it to me.

----------

## qr123de

private key is stored encrypted.

"exporting" changes only the file format from a binary store to a ascii based store.

the encryption still remains on the key.

----------

## MG-Cloud

Hi,

I'm about to start signing all my emails with Evolution  :Smile: 

Just a quick question about setting it up.  I've created my keys and uploaded them to the public key server.

When it asks for my Key ID, that is the ID beside the 

"pub 1024D/"

section in my gpg --list-keys right?

----------

## jleejj

 *Quote:*   

> When it asks for my Key ID, that is the ID beside the
> 
> "pub 1024D/"
> 
> section in my gpg --list-keys right?

 

Yes, that is correct value.  Preface the key ID with 0x when you reference it.  As a side note, the key ID is actually just the last 4 bytes of your key's fingerprint.

----------

## spider312

 *scuzzo wrote:*   

> Also what is a good gtk frontend for gpg? And whats a good mail client that has gpg support? So far I have seen Balsa which looks nice.

 

I'm also very interested by that, i'd like a good gui (GTK+ would be perfect  :Cool:  ) for managing keys to avoid gpg --edit blabla > trust > yes > yes i'm sure > yes yes i'm f***ing sure !!!

I'm using ThunderBird 0.8 With Enigmail i think its key management is really poor

Of course; i'd like not install KDE to use kgpg (i don't use QT apps at this point)

If someone know a soft or a tip to manage keys, i xould be very happy   :Smile: 

Thanks in advance (and excuse me for my poor english  :Embarassed:  )

----------

## frilled

emerge gpa?

----------

