Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

PGP: Difference between revisions

← Older editNewer edit →
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,659 edits
CecilWard (talk | contribs)
252 edits
m Trust: Minor cleanup
Line 35: Line 35:
==Trust==
==Trust==


One of the big issues with any system for associating an identity with a person (e.g. a PGP key with a real person) is proving that link. How do you know someone is who they say they are. How do you know that someone's key is theirs.
One of the big issues with any system for associating an identity with a person (e.g. a PGP key with a real person) is proving that link. How do you know someone is who they say they are. How do you know that someone's key is theirs?


All keys have a fingerprint which is easy enough to read out over the phone or check on a business card, etc. This is one way to check a key is genuine. You can then tell the key management software you trust the key to be genuine.
All keys have a fingerprint, which is easy enough to read out over the phone or check on a business card, etc. This is one way to check a key is genuine. You can then tell the key management software that you trust that the key is genuine.


It is also possible to say that you trust someone to sign other keys. For example, if you trust the Andrews & Arnold Ltd company key to sign other keys, then any of our staff keys will immediately appear to be valid when you download them from a key server because the key itself is digitally signed by the Andrews & Arnold Ltd company key.
It is also possible to say that you trust someone to sign other keys. For example, if you trust the Andrews & Arnold Ltd company key to sign other keys, then any of our staff keys will immediately appear to be valid when you download them from a key server because the key itself is digitally signed by the Andrews & Arnold Ltd company key.


Even without knowing someone is who they say they are PGP provides a key factor for communications - consistency. If you have been exchanging signed emails with someone called Fred Bloggs for years, then that is in effect who they are from your point of view. If they send an email with the same key as always, it is the same person you communicated with last time.
Even without knowing someone is who they say they are, PGP provides a crucial factor for communications - consistency. If you have been exchanging signed emails with someone called Fred Bloggs for years, then that is in effect who they are from your point of view. If they send an email with the same key as always, it is the same person you communicated with last time.

==Changing your key/passphrase==
==Changing your key/passphrase==


Retrieved from "http://support.aa.net.uk/PGP"