Graduate School of Library and Information Science, UT Austin
Information Technologies
and the
Information Profession
spacer


Shortcuts
Home
Syllabus
Introduction
Standards
Assignments
Grading
Tech Modules
Readings
Discussion Board
Resources
 
GSLIS Links
GSLIS Home
Tutorial Junction
IT Services
 
Site Tools
Site Map
Contact Info
 

PGP, Part 4: Decryption and Signing

First, a bit of explanation. PGP can be used for multiple tasks. The most common of these tasks are:

  1. encryption or decryption of files, and
  2. signing with or verifying keys

So what's the difference?
Recall that you've generated a secret key and a private key. These keys are actually generated by an algorithm that can go in two directions- items encoded with the public key can be decoded with the secret key, and items encoded with the secret key can be decoded with the public key.

So, you can actually use either key to encrypt a document. When someone uses a public key to encode a document, this is known as encryption. You must own the secret key in order to decrypt the document. In this way, only you as the owner of the secret key can see the contents of the document encrypted with your public key.

When you use a secretkey to encrypt a document, anyone with a public key can decrypt it, meaning that it is readable to anyone with your public key. This encryption isn't very "secret," but it does tell someone with your public key one thing for certain: the file was encoded by you (since you're the only one with your secret key and thus the only person who could have encrypted it with your secret key). So, you can sign a file with your private key, and recipients can verify that you were the person who created the file.

Again, this is covered in more depth in your readings on public key cryptography.

So, we're going to provide a file signed by us for you to verify with PGP. After that, you will encrypt the file with our public key and sign it with your key. First, getting and verifying the file:

  1. Download the pgpfile.pgp document. (The .pgp extension is added when a file is encrypted with PGP.)

  2. FTP this document to your account at GSLIS.

  3. The pgp command with only a filename as an argument will decrypt or verify a file.
    Type pgp pgpfile.pgp. (You can also type pgp pgpfile- pgp will recognize the three letter extension). You should receive a message stating:
    File is signed. Good signature from user "l38613dw <l38613dw@gslis.utexas.edu>
    At this point you will probably also get a message stating that the key is not certified by a trusted signature.

  4. Type ls. You should have the verified file named pgpfile in your directory, which is now readable. Notice that pgpfile.pgp is still in the directory- you should go ahead and delete it by typing rm pgpfile.pgp.

  5. Type cat pgpfile or more pgpfile to read the contents of the file. And to the next section we go...

<--Back | Home | Next-->
curve image  
  Foundations II: l38613dw@gslis.utexas.edu
Website Info: www@gslis.utexas.edu

Last updated 4 April 2001 by Don Drumtra
 
© As of July 2000, the material displayed here is under copyright by the LIS 386.13 class team at the Graduate School of Library and Information Science at UT-Austin: Ronald Wyllys, Philip Doty, Quinn Stewart, Carlos Ovalle, Lori Eichelberger, Tony Cherian, and Don Drumtra.
Appropriate educational and other non-profit use of the material is encouraged, provided that this copyright notice is appended, full attribution is given, and no fees are charged for access to the material.
For-profit use is strictly forbidden.