[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: THANKS!!!!! A BUNCH!!!!!




[email protected] (A Hoier) writes:

 > I think somebody on this list (I think on this list) gave me
 > a PGP Signature and I just wanna say thank you so much!!!!

That may be premature.  Real PGP signatures can only be generated
by the owners of PGP private keys, and they vary with the
contents of the document being signed.  This identifies the
person who signs a document, and prevents undetected alterations.

Clearly, you cannot use the same signature on more than one
message, or have someone else give you a signature to use, or
anyone could fake signing a message.

 > But what i'd like to know is what does the PGP Signature
 > really mean????? Like for example what does my PGP
 > Signature mean Alls it is is a bunch of letters.  Could
 > someone privately e-mail me some info on cryptography web
 > sites??????

When you sign a document with PGP, the document is converted into
a unique number, which it is statistically unlikely any other
document will generate.  Then this unique number is raised to the
power of an exponent only you know, modulo the product of two
large probable primes.  The result is converted to a printed
ASCII string, which is appended to the message with text
identifying it as a PGP signature.

Others wishing to make sure you have signed the document, and
that it has not been altered, can raise this number to the power
of a publicly known exponent, modulo the product of the same two
large probable primes.  The secret exponent which you used to
sign and the public exponent you give others to verify your
signatures, have the property that raising to the power of both
of them leaves a number unaltered.  If the result matches the
unique number the document generates, then it was signed by you
and no changes were made to it.

Isn't that neat?

So basically you don't need to get your signature from anyone.

You need to get a copy of PGP, and generate your own PGP key
using the PGP -kg option.  Then you can post your public key to
the keyservers, and sign documents with it.

Others can use your public key to check your signatures, and also
to encrypt documents in a way only you can decrypt.

This is all explained in the PGP documentation, which comes with
the PGP program.

Good luck.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]   $    via Finger                       $
         {Free Cypherpunk Political Prisoner Jim Bell}