Signing vs. encrypting was: Cipher v public key.

David Gray david.gray at turpin-distribution.com
Wed May 31 14:59:37 CEST 2006


Hi, 

Thanks to all who have responded to these questions.  Getting my head around
it 
Now.  

Will suggest to the customer that we use signed & encrypted transmissions.
The only 
Issue we then have is that they wish to be custodians of the private key,
they are 
Looking into commerical methods for secure key distribution. 

The other issue is the IT manager at the customer site is wary of Gnu
software and is 
Going to look at commerical offering, PGP I assume.  Apart from the lack 
Of cost are there any other good reason I can give for using GPG? 

Thanks 
Dave 
 

-----Original Message-----
From: Andreas Martin [mailto:ama at inmedias.it] 
Sent: 31 May 2006 10:31
To: gnupg-users at gnupg.org
Subject: Signing vs. encrypting was: Cipher v public key.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurent Jumet schrieb:
 >     When sending a message like this one, signed, compressed but not
crypted,
> is there anything that goes bad, in security terms?
>     This is to avoid problems with line lenghth and charsets through 
> internet
> 

In security terms, lots of things can go bad when sending anything through
the internet ;-)

Encrypting protects against unauthorised reading of the plaintext, but not
from manipulating the encrypted data. Signing protects against manipulation
of the data, but not against unauthorised reading of the plaintext. (In fact
it does not avoid the manipulation itself, but you are able to detect, that
the data has been manipulated).

Signing and encrypting are two totally different things (not to mention
compressing). So if you want "save" transmissions you have to do both,
signing and encrypting!

Problems with line length and charset shouldn't occur during the
transmission of your mails, because Mail Transport Agents don't take care of
the mailbody (and the headers are not signed or encrypted). What exactly do
you want?

Regards


Andreas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iQCVAwUBRH1iX+f8mJnBT5ROAQJkTQP/YxiOftW6mNv2DntzOQp0KxACJmzW00Xu
cqLQcaW9AKhGpovrwMIWfz0GoIa8wtPP4EEn6nKWpJ6qZo3ossmcVCuJo76nvIpO
BH2Cx/p0w66rrB0tc9Qqx8nLIz9rNQJgRcN9z+PRaHihB75ulkHCQIACWnyeeQB2
9bWwUcB9Xmc=
=0cYA
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3501 bytes
Desc: not available
Url : /pipermail/attachments/20060531/a91a02ee/attachment.bin


More information about the Gnupg-users mailing list