PGP signatures.
Patrick O'Callaghan
pocallaghan at gmail.com
Fri May 30 16:16:45 UTC 2008
On Fri, 2008-05-30 at 13:04 +0930, Tim wrote:
> On Thu, 2008-05-29 at 15:23 -0500, Aaron Konstam wrote:
> > Let me share that to me the whole discussion of PGP signatures was
> > very unenlightening. I have no idea how to sign e-mail or validate a
> > pgp signed e-mail All the discussion seemed to me to be aimed at
> > people who knew all about this.
>
> Before you can make use of pgp in mail, you have to get pgp working.
> After you've made your own keys, the next thing you'll need is the other
> party's keys. You've got to be able to manage getting them in some way.
>
> *Then* you can move on to actually using them. Though there's probably
> a "understanding how the scheme works" process that you need to go
> through, first, judging by your comments.
>
> Start with the documentation, that's where most of the rest of us
> started, and you're less likely to get given a bum steer by it.
It's a basic fact of life that crypto software is complicated for users,
and there appear to be fairly fundamental reasons why this is so (see
"Why Johnny Can't Encrypt", an interesting paper by a group of Stanford
researchers from a few years ago). You have to understand what a key is,
why it's not the same as a password, what it means to sign a message
etc. etc. Phil Zimmerman's book on PGP is a pretty good publication :-),
or just read one of the many online guides to get started.
poc
More information about the fedora-list
mailing list