PGP Corp.

Derek Atkins warlord at MIT.EDU
Mon Sep 15 12:12:32 EDT 2003


Hi,

eric <superuser at eloder.com> writes:

> derek, if you say pgp 8 and gnupgp 1.2.x are compatible (for
> particular algorithms), i'll take your word for it.  i've read your
> other posts and have learned quite alot.  the gui for pgp had several
> algorithms you could choose from.  aes, cast, tripledes, idea,
> twofish, dh, rss, a whole alphabet soup of confusion for me.  i cant
> remember for sure as i've already removed the program and installed
> gnupg and windows privacy tray (a pgp like gui that works pretty well,
> yes!).  i'm too much of a noob to say they don't play together as i
> might not have had my end configured correctly.
> 
> "are you sure you have Bill's key to verify his signature?"  -  do you
> mean...
> key as in "public key contains a composite number made from two large
> prime factors"

Sort of.. His key is more than that, but yea...

> signature like "-BEGIN PGP
> SIGNATURE-...iD8DBQE/X+VbugnqrmbF6SQRAj2VAJ4/5gmSFvwUgNojNPD/6EGTnhPOZACdHK1s..."

Yea..

> verify is the word that seems tricky in your question, 'cause i'm just
> not 100% sure.  this is what i did (don't laugh i'm a noob);  i copied

What part of "verify" don't you understand?  The dictionary definition
is pretty straightforward.

> his email to notepad and clicked verify on the pgp corp gui.  the app
> appeared to connect to a pgp corp server and automatically added his
> key to my keyring.  it was the first time i ever did it and now i had
> two keys.  mine and bill's.  or so it seems.  i think its true because
> it seemed i had more information about bill that i did before (all i
> had was his signature right, now i have a full name and expiration
> dates).  so i think i recieved his signature via email and the pgp
> corp app downloaded his public key from their server.  the reason i
> thought that maybe pgp and gnupg don't play together is that when i
> tried to have others get my key to validate my signature they
> encountered difficulties.  maybe i used some propriatary function not
> available to them?  could i have chosen other algorithims to use that
> are available to them from the pgp configuration screen?  i'm not
> sure.  i think i'll set up one of my computers with pgp and another
> with gnupg and play with them this weekend.  (my girlfriend
> permitting.)  it would be useful to know how they can work together.
> thanks for responding to my email, as it has got me a little excited
> over learning how this stuff works.  a new toy!  -eric.

Well, most likely you did not publish your own public key, so they
couldn't find it.  That has nothing to do with compatibility, it
means, well, you're just "not available"..  Think of it like the white
pages, where your public key is your phone number.  If you don't
publish your number then there is no way for someone to look you up
and contact you.  Similarly, there is no way for someone to verify
your signature (ala caller-id, to stay with the analogy) for the same
reason.

There should be a PGP option to "extract" your public key, which you
can then send to your friends, or upload to some keyservers.

-derek

> Derek Atkins wrote:
> 
>  >Well, GnuPG-1.0.7 isn't completely OpenPGP compatible, either.
>  >I can guarantee you that PGP 8 and GnuPG 1.2.x are compatible
>  >if you use openpgp-mandated algorithms.  For example, are you
>  >sure you have Bill's key to verify his signature?
>  >
>  >I will admit that MUA integration is a different matter.
>  >
>  >-derek
>  >
>  >eric <superuser at eloder.com> writes:
>  >
>  >>well, i guess pgp corp and gnupg don't play together.  i'll switch to
>  >>gnupg.  there are some front ends that might make life easier for the
>  >>noob.  thanks for the help.  eric.
>  >>
>  >>Bill Horne wrote:
>  >>
>  >>>-----BEGIN PGP SIGNED MESSAGE-----
>  >>>Hash: SHA1
>  >>>
>  >>>- ----- Original Message -----
>  >>>From: "eric" <superuser at eloder.com>
>  >>>
>  >>>
>  >>>>hello big dogs, it is the supernoob again.  i remember hearing that
>  >>>>PGP Corp products and GnuPG didn't like to play together.  i already
>  >>>>have PGP 8.0.2 on my wintel box (i really like the gui and other
>  >>>>toys) .  will this version work with GnuPG?  they say they're
>  >>>>compliant with some open pgp standard, but don't say whether it
>  >>>>works.  thanks for any suggestions.
>  >>>>
>  >>>Well, let's do a little test. This email was signed with GPG 1.0.7.
>  >>>
>  >>>If your PGP software can validate the signature, I'd bet that they're
>  >>>compatible.
>  >>>
>  >>>HTH.
>  >>>
>  >>>Bill Horne
>  >>>-----BEGIN PGP SIGNATURE-----
>  >>>Version: GnuPG v1.0.7 (GNU/Linux)
>  >>>
>  >>>iD8DBQE/X+VbugnqrmbF6SQRAj2VAJ4/5gmSFvwUgNojNPD/6EGTnhPOZACdHK1s
>  >>>lQGPe3JL5u9sWnvq+OWd5nw=
>  >>>=ND0t
>  >>>-----END PGP SIGNATURE-----
>  >
>  >
>  >
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



More information about the Discuss mailing list