Quote from: Californication on July 16, 2012, 11:54 pmWill someone be so kind as to send me a message and their public key, so I can be sure that I've got this down. Much obliged.Your key and the message you posted in this thread indicate you are using IGolder instead of a real GPG installation. This is a bad idea because:1) Anything that you generated on their website or processed on their website can be secretly stored by them. They claim they don't, but do you trust them? This includes secret keys, passphrases and messages that are in the form when the button is clicked.2) They are using BCPG which is a very old and buggy implementation of the OpenPGP standard.3) The keys generated are very weak and do not meet current recommendations.Here are the details for your key:Quotebash-3.2$ gpg -v --import pub.asc gpg: pub 1024R/F980C8F7 2012-07-16 californication1001@hotmail.comgpg: key F980C8F7: public key "californication1001@hotmail.com" importedgpg: Total number processed: 1gpg:       imported: 1 (RSA: 1)bash-3.2$ pgpdump pub.asc Old: Public Key Packet(tag 6)(141 bytes)Ver 4 - newPublic key creation time - Mon Jul 16 23:49:37 UTC 2012Pub alg - RSA Encrypt or Sign(pub 1)RSA n(1024 bits) - ...RSA e(17 bits) - ...Old: User ID Packet(tag 13)(31 bytes)User ID - californication1001@hotmail.comOld: Signature Packet(tag 2)(156 bytes)Ver 4 - newSig type - Generic certification of a User ID and Public Key packet(0x10).Pub alg - RSA Encrypt or Sign(pub 1)Hash alg - SHA1(hash 2)Hashed Sub: signature creation time(sub 2)(4 bytes)Time - Mon Jul 16 23:49:37 UTC 2012Sub: issuer key ID(sub 16)(8 bytes)Key ID - 0x28849283F980C8F7Hash left 2 bytes - a3 6f RSA m^d mod n(1023 bits) - ...-> PKCS-1bash-3.2$ gpg -k calipub 1024R/F980C8F7 2012-07-16uid         californication1001@hotmail.combash-3.2$ This shows that your key is an old style 1024-bit RSA key which includes the signing and encryption functions in the master key. Your key does not have any subkeys. It is only capable of encrypting messages using the CAST5 cipher, which has been superceded by AES256 (AES was formally published as the standard in 2001, which gives an idea of how far behind your key is). Your key also uses SHA1 only hash it is capable of and that algorithm has numerous exploitable flaws; it has since been superceded by the SHA2 series, with people generally using SHA256 or higher.Now, compare that to my key:Quotebash-3.2$ gpg -a --export cyphre > lc.ascbash-3.2$ gpg -k cyphrepub 4096R/DD7B4576 2012-06-16uid         Louis Cyphre <lcyphre@tormail.org>sub 2048R/195D71B8 2012-06-16sub 4096g/D677EF45 2012-06-16bash-3.2$ pgpdump lc.asc Old: Public Key Packet(tag 6)(525 bytes)Ver 4 - newPublic key creation time - Sat Jun 16 05:19:03 UTC 2012Pub alg - RSA Encrypt or Sign(pub 1)RSA n(4096 bits) - ...RSA e(17 bits) - ...Old: User ID Packet(tag 13)(34 bytes)User ID - Louis Cyphre <lcyphre@tormail.org>Old: Signature Packet(tag 2)(576 bytes)Ver 4 - newSig type - Positive certification of a User ID and Public Key packet(0x13).Pub alg - RSA Encrypt or Sign(pub 1)Hash alg - SHA1(hash 2)Hashed Sub: signature creation time(sub 2)(4 bytes)Time - Sat Jun 16 05:19:03 UTC 2012Hashed Sub: key flags(sub 27)(1 bytes)Flag - This key may be used to certify other keysFlag - This key may be used to sign dataHashed Sub: preferred symmetric algorithms(sub 11)(10 bytes)Sym alg - AES with 256-bit key(sym 9)Sym alg - Twofish with 256-bit key(sym 10)Sym alg - Camellia with 256-bit key(sym 13)Sym alg - AES with 192-bit key(sym 8)Sym alg - Camellia with 192-bit key(sym 12)Sym alg - AES with 128-bit key(sym 7)Sym alg - Camellia with 128-bit key(sym 11)Sym alg - Triple-DES(sym 2)Sym alg - CAST5(sym 3)Sym alg - Blowfish(sym 4)Hashed Sub: preferred hash algorithms(sub 21)(7 bytes)Hash alg - SHA512(hash 10)Hash alg - SHA384(hash 9)Hash alg - SHA256(hash 8)Hash alg - SHA224(hash 11)Hash alg - RIPEMD160(hash 3)Hash alg - SHA1(hash 2)Hash alg - MD5(hash 1)Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)Comp alg - BZip2(comp 3)Comp alg - ZLIB <RFC1950>(comp 2)Comp alg - ZIP <RFC1951>(comp 1)Comp alg - Uncompressed(comp 0)Hashed Sub: features(sub 30)(1 bytes)Flag - Modification detection (packets 18 and 19)Hashed Sub: key server preferences(sub 23)(1 bytes)Flag - No-modifySub: issuer key ID(sub 16)(8 bytes)Key ID - 0x7E8BE6B1DD7B4576Hash left 2 bytes - e2 ea RSA m^d mod n(4096 bits) - ...-> PKCS-1Old: Public Subkey Packet(tag 14)(269 bytes)Ver 4 - newPublic key creation time - Sat Jun 16 05:20:21 UTC 2012Pub alg - RSA Encrypt or Sign(pub 1)RSA n(2048 bits) - ...RSA e(17 bits) - ...Old: Signature Packet(tag 2)(830 bytes)Ver 4 - newSig type - Subkey Binding Signature(0x18).Pub alg - RSA Encrypt or Sign(pub 1)Hash alg - SHA1(hash 2)Hashed Sub: signature creation time(sub 2)(4 bytes)Time - Sat Jun 16 05:20:21 UTC 2012Hashed Sub: key flags(sub 27)(1 bytes)Flag - This key may be used to sign dataSub: issuer key ID(sub 16)(8 bytes)Key ID - 0x7E8BE6B1DD7B4576Sub: embedded signature(sub 32)(284 bytes)Ver 4 - newSig type - Primary Key Binding Signature(0x19).Pub alg - RSA Encrypt or Sign(pub 1)Hash alg - SHA1(hash 2)Hashed Sub: signature creation time(sub 2)(4 bytes)Time - Sat Jun 16 05:20:21 UTC 2012Sub: issuer key ID(sub 16)(8 bytes)Key ID - 0x236E422D195D71B8Hash left 2 bytes - aa 70 RSA m^d mod n(2048 bits) - ...-> PKCS-1Hash left 2 bytes - 12 3e RSA m^d mod n(4094 bits) - ...-> PKCS-1Old: Public Subkey Packet(tag 14)(1037 bytes)Ver 4 - newPublic key creation time - Sat Jun 16 05:21:29 UTC 2012Pub alg - ElGamal Encrypt-Only(pub 16)ElGamal p(4096 bits) - ...ElGamal g(3 bits) - ...ElGamal y(4094 bits) - ...Old: Signature Packet(tag 2)(543 bytes)Ver 4 - newSig type - Subkey Binding Signature(0x18).Pub alg - RSA Encrypt or Sign(pub 1)Hash alg - SHA1(hash 2)Hashed Sub: signature creation time(sub 2)(4 bytes)Time - Sat Jun 16 05:21:29 UTC 2012Hashed Sub: key flags(sub 27)(1 bytes)Flag - This key may be used to encrypt communicationsFlag - This key may be used to encrypt storageSub: issuer key ID(sub 16)(8 bytes)Key ID - 0x7E8BE6B1DD7B4576Hash left 2 bytes - de c8 RSA m^d mod n(4096 bits) - ...-> PKCS-1bash-3.2$ My key has a 4096-bit RSA master key with certification and signing properties, a 2048-bit RSA subkey for signing (messages and files) and a 4096-bit Elgamal subkey for encryption. My key supports messages encrypted with the AES, Twofish, Camellia, Triple-DES, CAST5 and Blowfish ciphers; it also lists an order of preference for those ciphers. My key supports SHA2 (SHA512, SHA384, SHA256 and SHA224, in that order), RIPEMD160, SHA1 and MD5 with an order of preference.My key provides me with a level of security that will be robust enough to last for the foreseeable future. Current NIST recommendations place that until at least 2030. Your key, on the other hand, has been superceded by NIST recommendations already.I highly recommend you switch to a proper installation for your operating system. If you share computer access with anyone else then you should definitely use GPG4USB on an encrypted flash drive.Postscript: I just noticed your post saying you've done this. Excellent! :)I decided to post this anyway so that we can point to it when someone else says, "but IGolder/BCPG is so easy!"