it is time for me to be a real security nerd and finally obtain pgp key
but first: figuring out what the heck that means
some questions to hunt down:
how the Heck does asymmetrical encryption work
what are pgp signatures good for and how do they work
single key encryption makes sense to me - you take a number and a message, perform math, obtain encrypted message, then perform math but backwards with the same number to get decrypted message
but, given a public key, shouldnt it be possible to calculate the private key?
like, presumably you stick a number into a function, and it spits out a public/private pair of numbers
and there should (?) be some way of getting one from the other
hmm
i guess not all functions have inverses, which might make that tricky
you need an inverse to be able to decrypt messages, but it turns out there are (probably, assuming p!=np) functions with really nasty inverses
huh
wait a minute, is asymmetrical encryption actually symmetrical, just in a bit more of a roundabout way? like, either key can encrypt, but the other one is needed to decrypt
ah, so this lets me send a message, encrypted with both my private and your public, that is for sure...
...from me, and can only be read by you
hmm hmm HMM
okay so you have a function f(m,k)->e, where m is the message, k is the key, and e is the encrypted message
they are all integers because computer
furthermore, the public key and private keys are inverses for f: f(a,b)=1, f(f(m,a),b)=m, f(f(m,b),a)=m
right?
hmm there are these things called public key fingerprints which are hashes of a public key
these can supposedly be used to identify people?
but im not sure why these are any better than anything else, and i dont see any defense against ye olde ctrl+c ctrl+v
oh neat gnupg is already on my computer
and it looks like it can make keys for me
okay time to read some docs
okay making a key pair is pretty easy looks like
successfully signed a test file, encrypted, decrypted, imported a key, were good to go
my public key is at http://ianmhines.com/public-key if any of you crypt nerds want it
oh so it looks like pgp signatures are just the message but encrypted
and theyre useful when sending things in unsecured ways, to verify the message hasnt been changed and is really from me