Discussion:
PGP insecurities?
briztuk@yahoo.com [PGP-Basics]
2014-06-27 07:48:03 UTC
Permalink
Hey all,

I'm thinking about using PGP to send secure e-mails, one thing I've been wondering, if someone were to intercept & open the e-mail on-route would they be able to decrypt the message using the senders public key?

If the answer to this is Yes, what alternatives are there for completely private email?

Thanks,
Anthony Papillion papillion@gmail.com [PGP-Basics]
2014-06-27 12:00:54 UTC
Permalink
Nope! You encrypt to the recipients public key but only their private key
can decrypt the message. The private key is not shared with anyone ever and
is protected by a passphrase. In order to decrypt the message, someone
would need both the private key AND the passphrase to unlock the key.

Anthony
Post by ***@yahoo.com [PGP-Basics]
Hey all,
I'm thinking about using PGP to send secure e-mails, one thing I've been
wondering, if someone were to intercept & open the e-mail on-route would
they be able to decrypt the message using the senders public key?
If the answer to this is Yes, what alternatives are there for completely private email?
Thanks,
FederalHill federalhillrent@yahoo.com [PGP-Basics]
2014-06-27 15:43:25 UTC
Permalink
Is this the PGP by symantec that is interacts withe black beery phone and is fips approved by NIST?  AS opposed to non Fips approved open pgp?  If you want a govt contract then you need to be fips approved do you not?  Once I asked someone why we used Office instead of Word Perfect or Open Office, he said The govt told us to use it and we do not get paid unless we use it; so we use it.


Makes sense to me.



________________________________
From: "Anthony Papillion ***@gmail.com [PGP-Basics]" <PGP-***@yahoogroups.com>
To: PGP-***@yahoogroups.com
Sent: Friday, June 27, 2014 5:00 AM
Subject: Re: PGP insecurities?







Nope! You encrypt to the recipients public key but only their private key can decrypt the message. The private key is not shared with anyone ever and is protected by a passphrase. In order to decrypt the message, someone would need both the private key AND the passphrase to unlock the key.

Anthony
Post by ***@yahoo.com [PGP-Basics]
 
Hey all,
I'm thinking about using PGP to send secure e-mails, one thing I've been wondering, if someone were to intercept & open the e-mail on-route would they be able to decrypt the message using the senders public key?
If the answer to this is Yes, what alternatives are there for completely private email?
Thanks,
MFPA 2014-667rhzu3dc-lists-groups@riseup.net [PGP-Basics]
2014-06-27 18:29:17 UTC
Permalink
Hi


On Friday 27 June 2014 at 4:43:25 PM, in
Post by FederalHill ***@yahoo.com [PGP-Basics]
Is this the PGP by symantec that is interacts withe black beery
phone and is fips approved by NIST?  AS opposed to non Fips approved
open pgp? 
PGP by Symantec is just one example of an implementation of the
OpenPGP standard. Anthony's answer applies equally to all
implementations.
Post by FederalHill ***@yahoo.com [PGP-Basics]
If you want a govt contract then you need to be fips
approved do you not? 
No idea, but it sounds anti-competitive to me.
Post by FederalHill ***@yahoo.com [PGP-Basics]
Once I asked someone why we used Office
instead of Word Perfect or Open Office, he said The govt told us to
use it and we do not get paid unless we use it; so we use it.
Again, sounds anti-competitive. I wonder how much it costs to obtain a
ruling like that?
--
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Reality is nothing but a collective hunch.



------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org
FederalHill federalhillrent@yahoo.com [PGP-Basics]
2014-06-27 18:37:54 UTC
Permalink
Thats the U.S. govt. but anyway...



________________________________
From: "MFPA 2014-667rhzu3dc-lists-***@riseup.net [PGP-Basics]" <PGP-***@yahoogroups.com>
To: "FederalHill ***@yahoo.com [PGP-Basics] on PGP-BASICS" <PGP-***@yahoogroups.com>
Sent: Friday, June 27, 2014 11:29 AM
Subject: Re: PGP insecurities?


Hi


On Friday 27 June 2014 at 4:43:25 PM, in
Post by FederalHill ***@yahoo.com [PGP-Basics]
Is this the PGP by symantec that is interacts withe black beery
phone and is fips approved by NIST?  AS opposed to non Fips approved
open pgp? 
PGP by Symantec is just one example of an implementation of the
OpenPGP standard. Anthony's answer applies equally to all
implementations.
Post by FederalHill ***@yahoo.com [PGP-Basics]
If you want a govt contract then you need to be fips
approved do you not? 
No idea, but it sounds anti-competitive to me.
Post by FederalHill ***@yahoo.com [PGP-Basics]
Once I asked someone why we used Office
instead of Word Perfect or Open Office, he said The govt told us to
use it and we do not get paid unless we use it; so we use it.
Again, sounds anti-competitive. I wonder how much it costs to obtain a
ruling like that?
--
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-***@riseup.net

Reality is nothing but a collective hunch.



------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
------------------------------------

______________________________________________________________
Archives:                  http://groups.yahoo.com/group/PGP-Basics/messages
OT List:                        http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:                mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust                          http://www.gswot.org


------------------------------------

Yahoo Groups Links



    http://groups.yahoo.com/group/PGP-Basics/



    https://info.yahoo.com/legal/us/yahoo/utos/terms/
'Mark W. Walton' mark.walton@sympatico.ca [PGP-Basics]
2014-06-27 21:58:18 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What is FIPS?

Mark Walton
***@sympatico.ca

- -----Original Message-----
From: PGP-***@yahoogroups.com [mailto:PGP-***@yahoogroups.com]
Sent: Friday, June 27, 2014 2:29 PM
To: FederalHill ***@yahoo.com [PGP-Basics] on PGP-BASICS
Subject: Re: PGP insecurities?

Hi

On Friday 27 June 2014 at 4:43:25 PM, in
Post by FederalHill ***@yahoo.com [PGP-Basics]
Is this the PGP by symantec that is interacts withe black beery phone
and is fips approved by NIST? AS opposed to non Fips approved open
pgp?
PGP by Symantec is just one example of an implementation of the OpenPGP
standard. Anthony's answer applies equally to all implementations.
Post by FederalHill ***@yahoo.com [PGP-Basics]
If you want a govt contract then you need to be fips
approved do you not?
No idea, but it sounds anti-competitive to me.
Post by FederalHill ***@yahoo.com [PGP-Basics]
Once I asked someone why we used Office
instead of Word Perfect or Open Office, he said The govt told us to
use it and we do not get paid unless we use it; so we use it.
Again, sounds anti-competitive. I wonder how much it costs to obtain a
ruling like that?
- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Reality is nothing but a collective hunch.

- ------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
- ------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.1 (Build 13100) - not licensed for commercial use: www.pgp.com
Charset: utf-8

wj8DBQFTrejuHRaqEjvQ2I4RAuBDAJsHAZHU4ig9aVFcxvZpsfDFPKJL6gCgkP8w
UgeLXFexPP5MQSLvO/9r6hc=
=NVva
-----END PGP SIGNATURE-----



------------------------------------
Posted by: "Mark W. Walton" <***@sympatico.ca>
------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org
MFPA 2014-667rhzu3dc-lists-groups@riseup.net [PGP-Basics]
2014-06-28 09:37:46 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 27 June 2014 at 10:58:18 PM, in
Post by 'Mark W. Walton' ***@sympatico.ca [PGP-Basics]
What is FIPS?
[0] lists quite a few possibilities, of which the most promising is
"Federal Information Processing Standard."

[1] lists current Federal Information Processing Standards, with
links.



[0] <www.acronymfinder.com>
[1] <http://www.nist.gov/itl/fipscurrent.cfm>

- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Coffee doesn't need a menu, it needs a cup.
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlOujO9XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pT74D/2Nso4ns/pRC7we6dbqlHXlfR9WgBQJsMQut
HZIlWAyDHMwLbT2P6bnhLcLkLrvHsLQY+0bopmM96jKAqCB0ZDqpxpjCGZ8fOhup
IH7FUsJb7GlA6pjyFToEBdlnKZ6AMjbwr86iXUdOwHoi553i37FLVlZUxNJ8TB02
EN2/w3ps
=5EMN
-----END PGP SIGNATURE-----



------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org
'Robert J. Hansen' rjh@sixdemonbag.org [PGP-Basics]
2014-06-27 22:32:31 UTC
Permalink
Federal information processing standard.


Sent from my Verizon Wireless 4G LTE Smartphone

-------- Original message --------
From: "'Mark W. Walton' ***@sympatico.ca [PGP-Basics]" <PGP-***@yahoogroups.com>
Date:06/27/2014 5:58 PM (GMT-05:00)
To: PGP-***@yahoogroups.com
Subject: RE: PGP insecurities?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What is FIPS?

Mark Walton
***@sympatico.ca

- -----Original Message-----
From: PGP-***@yahoogroups.com [mailto:PGP-***@yahoogroups.com]
Sent: Friday, June 27, 2014 2:29 PM
To: FederalHill ***@yahoo.com [PGP-Basics] on PGP-BASICS
Subject: Re: PGP insecurities?

Hi

On Friday 27 June 2014 at 4:43:25 PM, in
Post by FederalHill ***@yahoo.com [PGP-Basics]
Is this the PGP by symantec that is interacts withe black beery phone
and is fips approved by NIST?  AS opposed to non Fips approved open
pgp?
PGP by Symantec is just one example of an implementation of the OpenPGP
standard. Anthony's answer applies equally to all implementations.
Post by FederalHill ***@yahoo.com [PGP-Basics]
If you want a govt contract then you need to be fips
approved do you not? 
No idea, but it sounds anti-competitive to me.
Post by FederalHill ***@yahoo.com [PGP-Basics]
Once I asked someone why we used Office
instead of Word Perfect or Open Office, he said The govt told us to
use it and we do not get paid unless we use it; so we use it.
Again, sounds anti-competitive. I wonder how much it costs to obtain a
ruling like that?
- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-***@riseup.net

Reality is nothing but a collective hunch.

- ------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
- ------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.1 (Build 13100) - not licensed for commercial use: www.pgp.com
Charset: utf-8

wj8DBQFTrejuHRaqEjvQ2I4RAuBDAJsHAZHU4ig9aVFcxvZpsfDFPKJL6gCgkP8w
UgeLXFexPP5MQSLvO/9r6hc=
=NVva
-----END PGP SIGNATURE-----



------------------------------------
Posted by: "Mark W. Walton" <***@sympatico.ca>
------------------------------------

______________________________________________________________
Archives:                  http://groups.yahoo.com/group/PGP-Basics/messages
OT List:                         http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:                 mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust                           http://www.gswot.org


------------------------------------

Yahoo Groups Links
FederalHill federalhillrent@yahoo.com [PGP-Basics]
2014-06-27 22:36:04 UTC
Permalink
Would someone briefly list other common PGP applications besides Symantec?



________________________________
From: "'Robert J. Hansen' ***@sixdemonbag.org [PGP-Basics]" <PGP-***@yahoogroups.com>
To: "'Mark W. Walton' ***@sympatico.ca [PGP-Basics]" <PGP-***@yahoogroups.com>
Sent: Friday, June 27, 2014 3:32 PM
Subject: RE: PGP insecurities?







Federal information processing standard.


Sent from my Verizon Wireless 4G LTE Smartphone

-------- Original message --------
From: "'Mark W. Walton' ***@sympatico.ca [PGP-Basics]"
Date:06/27/2014 5:58 PM (GMT-05:00)
To: PGP-***@yahoogroups.com
Subject: RE: PGP insecurities?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What is FIPS?

Mark Walton
***@sympatico.ca

- -----Original Message-----
From: PGP-***@yahoogroups.com [mailto:PGP-***@yahoogroups.com]
Sent: Friday, June 27, 2014 2:29 PM
To: FederalHill ***@yahoo.com [PGP-Basics] on PGP-BASICS
Subject: Re: PGP insecurities?

Hi

On Friday 27 June 2014 at 4:43:25 PM, in
Is this the PGP by symantec that is interacts withe black berry phone
and is fips approved by NIST?  AS opposed to non Fips approved open
pgp?
PGP by Symantec is just one example of an implementation of the OpenPGP
standard. Anthony's answer applies equally to all implementations.
If you want a govt contract then you need to be fips
approved do you not? 
No idea, but it sounds anti-competitive to me.
Once I asked someone why we used Office
instead of Word Perfect or Open Office, he said The govt told us to
use it and we do not get paid unless we use it; so we use it.
Again, sounds anti-competitive. I wonder how much it costs to obtain a
ruling like that?
- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-***@riseup.net

Reality is nothing but a collective hunch.

- ------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
- ------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.1 (Build 13100) - not licensed for commercial use: www.pgp.com
Charset: utf-8

wj8DBQFTrejuHRaqEjvQ2I4RAuBDAJsHAZHU4ig9aVFcxvZpsfDFPKJL6gCgkP8w
UgeLXFexPP5MQSLvO/9r6hc=
=NVva
-----END PGP SIGNATURE-----



------------------------------------
Posted by: "Mark W. Walton" <***@sympatico.ca>
------------------------------------

______________________________________________________________
Archives:                  http://groups.yahoo.com/group/PGP-Basics/messages
OT List:                         http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:                 mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust                           http://www.gswot.org


------------------------------------

Yahoo Groups Links
John Clizbe jpclizbe@tx.rr.com [PGP-Basics]
2014-06-27 23:40:37 UTC
Permalink
Post by FederalHill ***@yahoo.com [PGP-Basics]
Would someone briefly list other common PGP applications besides Symantec?
GnuPG 1.4 and 2.0

gnupg-for-java (JNI wrapper for gpgme)
BouncyCastle
STEED
Didisoft OpenPGP library for Java

OpenPGP.js

iPGMail - iOS

OpenPGP Keyring (Android)
APG (Android Privacy Guard)
Keyring (Android)
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-***@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



------------------------------------
Posted by: John Clizbe <***@tx.rr.com>
------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org
'Robert J. Hansen' rjh@sixdemonbag.org [PGP-Basics]
2014-06-28 02:56:28 UTC
Permalink
Post by John Clizbe ***@tx.rr.com [PGP-Basics]
GnuPG 1.4 and 2.0
Don't forget Peter Gutmann's cryptlib.




------------------------------------
Posted by: "Robert J. Hansen" <***@sixdemonbag.org>
------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org
MFPA 2014-667rhzu3dc-lists-groups@riseup.net [PGP-Basics]
2014-06-28 09:41:52 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 27 June 2014 at 11:32:31 PM, in
Post by 'Robert J. Hansen' ***@sixdemonbag.org [PGP-Basics]
Federal information processing standard.
Sorry, Robert. I didn't realise you had already answered the question.
My MUA has threaded your reply under the first post in the thread, not
the post you were answering.



- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Never trust a dog with orange eyebrows
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlOujeZXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pR0YD/1RpgT2iFmXkrn2PbOy1RbRGoEktDO47ts2O
8Jpxg1kMzhKZwjjJ3I7lz4sAUhx3vLz6ng4lKHRNo/QTBTS84sODw78iOhS31fv4
tgZwtsXz//I6tWLh0YUDYyQ4dNq0KXIv4bhx/yXg7XGaVGg9JwnBfNdGiFo2KZsU
Lo8BmYkj
=zZ5W
-----END PGP SIGNATURE-----



------------------------------------
Posted by: MFPA <2014-667rhzu3dc-lists-***@riseup.net>
------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org
Loading...