[Enigmail] sorry for sending encrypted mail, I think i have the hang of it now. please assure me.
Jean-David Beyer
jeandavid8 at verizon.net
Mon Aug 4 05:22:42 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
jshmoe12 at gmail.com wrote:
> So let me get this right. When i send encrypted and signed mail I have
> to first send the public key unencrypted to whom ever I am sending the
> encrypted mail.
You could do that, but a much better way is to put your public key on a
public key server from which anyone can get it.
> Then in the future they will have my public key
> logged. So whenever I send them encrypted mail they will be able to
> read it.
They do not really need your public key to read an encrypted e-mail you send
them. You need their public key to do so.
They need your public key to verify that your signature is really yours. And
knowing that the public key they have that they think is yours is _really_
yours is another matter entirely.
> Also a signature does not give the mail any security.
> correct?
If the receiver really has your public key and knows it is yours, and you
sign something, then the person receiving it will know that it has not been
tampered with, either accidentally (noise or other errors in transmission)
or on purpose (someone deliberately changing the contents of the e-mail).
That is a form of security. It does not hide the contents, though.
Hiding the contents is the main point of encryption.
Signing and encrypting are two different operations. They happen to use the
same tools, though in slightly different ways.
> it just ensures that the encrypted mail in the receivers
> mailbox has a header stating who the mail is from, otherwise if it
> didnt have a signature they wouldnt be able to see who it was from at
> all, it would all be encrypted, right?
No. All e-mails, AFAIK, have a From: header that implies who it is from. But
they are so easily forged that they cannot be relied upon. They also have
one or more Sender: fields that also helps you determine who it is from. It
seems to me that Sender: fields are more difficult to forge, but perhaps are
not reliable either. The signature assures you that it is from who you think
it is from -- that is if you obtained the sender's public key in a
trustworthy manner.
> Also can people decrypt my encrypted emails without having gnupg
> installed?
Not really. They could have PGP installed. There can be compatibility issues
if you are not careful. But you need something and I recommend GPG.
> Can they just install the enigmail addon to thunderbird?
I do not think so. Unless the install of enigmail automatically obtains
gnupg. Some package managers may do this for you.
> or
> can they use other decryptors to decrypt enigmail mail? I thought I
> had heard about a firefox addon as well that would add functionality
> to g-mail. Let me know if this is a rumor.
I never use Firefox for e-mail. In theory, I suppose it is possible. I do
not know in practice.
> Well thank you in advance. I know i sound kinda noobish, but i can
> assure you I am a very computer literate ubuntu linux using computer
> networking student. Also if anyone wants to talk about computer
> security I would enjoy nothing more.
- --
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 08:05:01 up 2 days, 10:57, 4 users, load average: 4.23, 4.07, 4.03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFIlvSSPtu2XpovyZoRApAbAKCkBHvgGXAdS8aIoV9IFCsEaJQX/ACfZVia
ktwwVD7ZsFcZgid7W95Pgu8=
=gPjc
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list