Quote from: Monster666 on July 19, 2012, 11:05 pmGotta try...-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1- -----BEGIN PGP MESSAGE-----Version: GnuPG v2.0.17 (MingW32)hQGMA7pmVyGp4Z9uAQv/bqqhWK/Ou8R3jTAwI4HHMjezgHyosgnOTu6bspAsuDTKIy93L5Nk75vw49trccU9njj0YuDdrH/ySEX+BhjCjmRQc43FTmDvMibsOk01nCv5x9bpZmfSwWbom0dLSf1U6p6bKx1OOLAu9tcbSG1TWXZYRxNx36BPy7Vb86u23DVJApKdgxl0eVsp6FnhaVkorqMZj4PaUqjZg/cH2S8FLoCMpxN93lD5s5EFijwJCqayDcIvcbYmlgw6v1a2/25xZ0ft9rGAw5tb41rZZJdUgRwEmdg79JrranezFi+rDWeg0RUfasY5pBbK1Llp8g/ztTeJb5YPzo/MQtIRdZazbm6nRcP3jqRzALzXGBU+0uXejkxZVQ0IM/nwXPER07PsTyyZQZV2fNoOgE7QKD+9Xv3YtGPGylobST62WVlUeuOy7Tk0Vzf3aozQg0rP33z0nBOOG0zQoG20pEDDwk8gseTL5kmy731WaRVVneSzFGkl1Hldq+KQcn9U/5DVdz3C0oABaWB01UXn7jQ6A6pT7SxEcwK5qk1JGM8bqt6GNSZ9tIUL8n8LA/bJ/9jUSucvwT+ncaJEypUBudUmMhnZ+qiMdial+PJKU+Uu39beK2hCWNfpE+QvfI3qh3tg4cCxxcWflKunjEQKhapGK3ywmQgXYcwiC+at2RPVuL4sSDl4nw===KqAN- -----END PGP MESSAGE----------BEGIN PGP SIGNATURE-----Version: GnuPG v2.0.17 (MingW32)iQEcBAEBAgAGBQJQCJGlAAoJEG4YnzZ09Tv5G8cH/3cWUfcRZTdCFLGCl5SWjZl0H+eRbDU2GngHxCNy7w1QJZHeXyWyiuT+K6mAuCjFY0PAK3jh99899t0hVbPlSyoO9CVrV597c0vQMJxeLzzh1s2QzrYtq3B4rDwsHQPrLXkL4SBIACblVlfS471rB4SxJfxwqnUgQrbx10UU1iDo9/Qd5MhYpKy//5ErVrBKfv3DdnZ1MXWaO5zaNjwwdGUFBVA23yBSuFIfXAcxc3hd4+B7ZdFaxJHePE7xtnIpYBIA2IH5PXMqVqY0nkU5LQi4WFH+KqcnX4LtoTid3KNF9GEQJjF8rwbnvnWVV0PlG6kCYvQ1yJPoQ+5iNCuyHiw==n0v/-----END PGP SIGNATURE-----Hello!Yes, that works great, I was able to decrypt your message, so you know how to download, import and encrypt a message using somebody's public key. 50% of way there comrade!There are two outstanding related issues to make it better though:1. Give me your public key so that I may send you an encrypted message using your public key (then you will have completed what I'm calling 'The PGP handshake', thus making you a crypto-anarchist effective immediately).2. In other for me to verify your signed PGP message (signing a message and encrypting it are two different but related things), I need your public key also. Secondly, you typically won't sign a message before somebody has sent your their public key.So: A PGP signature is where you use your private key (part of your PGP key) to sign a message to a recipient. The recipient can then double check that you, and only you, are the person who previously sent him or her messages.Talking of 'checks'...The reason behind all of this is demonstrated by the following metaphor:If I, pine, am a bank manager, I see many cheques pass before my table. Sometimes, a cashier will hand me a cheque that she feels is a little suspect due to the demeanor or appearance of the client handing it in. For example, maybe the signature on the cheque is peculiar.If the cheque is for a withdrawal from a bank account that has recently opened such that there has been no previous history of cheque based withdrawals, then there is nothing I can do about it, the cheque is accepted as valid (stretching the truth here a little, but only to make a point).However, the owner of this particular cheque and its signature has frequently paid for items with his cheque. So, I go to my filing cabinet and extract another cheque that our bank previously received on behalf of the cheque's owner.I then place the two cheques before me, and use a magnifying glass to compare the suspect cheque's signature to the signature of the older cheque that I am sure is valid. If they are a match, great. Otherwise, the suspect cheque is rejected. --The cheque represents the PGP encrypted message.That the PGP message is a signed one represents the signature on a cheque.That the bank manger required a previous cheque signature on an older cheque represents that I requireyou to have sent an (unsigned) encrypted message to me beforehand which includes your public key.Finally, that the two cheque signatures may not match up represents the PGP verification process you can do with a PGP signed encrypted message to ensure that the sender of the message is the same person you communicated with beforehand.As metaphors go, it's not quite perfect, but you see the parallels.HTHPine