ext2: E-Mail Security: GnuPG or PGP?Sep 22, 1999, 14:47 (1 Talkback[s])
(Other stories by Kevin Fenzi)
[ Thanks to Rob Kennedy for this link. ]
"One of the few things that pretty much _everyone_ does with their computer these days is to send and receive email. Keeping up with old friends that have moved half a world away, or discussing business with co-workers across the hall. Email is the original "killer app" for the net. It doesn't cost anything over having your net access and as a way to communicate, it can't be beat. Everyone's doing it..."
"PGP is a "public key" system. You use a pass phrase (along with a lot of random bits) and PGP generates a secret key (which you keep) and a public key (which you publish and send to all your friends). When someone wants to send you a message, they encrypt it with your public key, which results in a message that only the holder of the secret key and pass phrase can decrypt. Pretty simple..."
"Another problem with email that PGP and the like solve is that there is no way to tell if a particular email came from a particular person. Email is notoriously easy to forge. PGP and the like allow you to "sign" your email in a way that can be verified. Your message might still be readable (if you just want to sign it, not encrypt it), but if it has been tampered with, the recipient will know it. This is becoming more and more important on the net, since more crucial decisions are being made through email..."