it is time for me to be a real security nerd and finally obtain pgp key

but first: figuring out what the heck that means

some questions to hunt down:

how the Heck does asymmetrical encryption work

what are pgp signatures good for and how do they work

single key encryption makes sense to me - you take a number and a message, perform math, obtain encrypted message, then perform math but backwards with the same number to get decrypted message

but, given a public key, shouldnt it be possible to calculate the private key?

like, presumably you stick a number into a function, and it spits out a public/private pair of numbers

and there should (?) be some way of getting one from the other

hmm

i guess not all functions have inverses, which might make that tricky

you need an inverse to be able to decrypt messages, but it turns out there are (probably, assuming p!=np) functions with really nasty inverses

huh

oh so it looks like pgp signatures are just the message but encrypted

and theyre useful when sending things in unsecured ways, to verify the message hasnt been changed and is really from me

wait a minute, is asymmetrical encryption actually symmetrical, just in a bit more of a roundabout way? like, either key can encrypt, but the other one is needed to decrypt

ah, so this lets me send a message, encrypted with both my private and your public, that is for sure...

...from me, and can only be read by you

hmm hmm HMM

okay so you have a function f(m,k)->e, where m is the message, k is the key, and e is the encrypted message

they are all integers because computer

furthermore, the public key and private keys are inverses for f: f(a,b)=1, f(f(m,a),b)=m, f(f(m,b),a)=m

right?

hmm there are these things called public key fingerprints which are hashes of a public key

these can supposedly be used to identify people?

but im not sure why these are any better than anything else, and i dont see any defense against ye olde ctrl+c ctrl+v

Follow

oh neat gnupg is already on my computer

and it looks like it can make keys for me

okay time to read some docs

okay making a key pair is pretty easy looks like

successfully signed a test file, encrypted, decrypted, imported a key, were good to go

my public key is at ianmhines.com/public-key if any of you crypt nerds want it

Sign in to participate in the conversation
Mastodon

a Schelling point for those who seek one