[colug-432] Keysigning Party at OLF

[Rob Stampfli]

On Sat, Sep 03, 2011 at 01:07:45PM -0400, Steve VanSlyck wrote:
> A wider question. If I start encryping my mail and sending with keys n 
> such, how do I send mail to others, that don't have my key? Do I have to 
> reset mail options n such? (Thunderbird).

Several people have responded to this question already, although not
all the comments have been strictly correct.  Here's my two cents:

GPG/PGP in general covers two facets of security:  Encryption and Signing.
The protocols it uses are based on Public Key cryptography, where each key
consists of two parts:  A public component, which is widely disseminated
and freely available, and a private component which only the originator
has access to.

Encrypting involves using the intended recipient's public key to obscure
the content in a way that only he or she can decipher.  Indeed, strictly
speaking, even you cannot decode a message you have just enciphered using
another's public key.  (However, there are ways to cause GPG/PGP to encrypt
with multiple keys, so that multiple recipients, including yourself, may
retrieve the original content.)

Signing OTOH involves using your own private key to prove that the message
really did come from you and has not been forged or altered -- something
which may be verified by anyone possessing your public key.  It is somewhat
analagous to a written signature on a paper document.  In this case, the
content is not obscured by a strong cipher, and anyone intercepting the
message can read it.

Messages may be signed, encrypted, or both (or neither).  It they are
both signed and encrypted, the signature key and encryption keys are
usually different.

Many mail clients (MUAs) provide facilities to make digital signatures
(signing) and encryption of mail an easy option.  You would probably not
want to make either a default, but rather, use them selectively as the
need for security or authenticity arises.

YMMV,
(the other) Rob