Linux Today: Linux News On Internet Time.

More on LinuxToday

Linux Journal: High-Tech How Not to be Seen, Part 2

Nov 13, 1999, 00:54 (2 Talkback[s])
(Other stories by Marcel Gagné)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Secret Codes for Grown-Ups."

"Last week, I touched on the concept of an encrypted session: in that case, using ssh, or the secure shell. What I did not mention was the means by which secure sessions and encrypted data are managed and how to decrypt that information. You've probably heard the terms "public key encryption" and "DSA" bandied about. You've probably received messages with a "PGP signature" attached to the message. What does that mean?..."

"Enter public key encryption, a popular form being PGP, or Pretty Good Privacy (much more than just pretty good, I assure you). My messages are encrypted with two keys. One is my private key, which I guard jealously and never hand out to anyone. I will take a copy of this key, print it out, save it to a diskette, and store both in a safe-deposit box. Anyone knowing the whereabouts of this key would have to be ... well, that's a bit dramatic, but you get the idea. Now, when I encode a message, I do so by combining my key with a public key. This is not my public key, but one supplied to me by the person I want to communicate with. Both keys are required for the encryption/decryption process, but anyone having just one half of the key pair has nothing, and you never hand out your private key to anyone."

Complete Story

Related Stories: