Re: More on learning "Public Key Authentication" [correction]

Mark Conrad <NoSpamDammit@xxxxxxxxxxx> wrote:

> In article <1h2iw3p.17ln6621fka1doN%navn@xxxxxxxxxxxxxxx>, Jon Aalborg
> <navn@xxxxxxxxxxxxxxx> wrote:
>
> > Maybe it's my "Be Good To Mark-Week"?
>
> Gadd, that would be good, for a very rare change, but I do not believe
> that the Unixy types here are up to that sort of challenge.

They'll have to speak for themselves.

> They would rather so me suffer, that gives them a lot of sadistic
> pleasure.

We-e-ell, to tell the truth, you don't always make it easy for people,
you know! ;-)

> My _specific_ questions about the Terminal-babble "man" pages are the
> following:
>
> 1) I can't find any option to display on-screen the un-encrypted
> _private_ key that I created. As the person who created that private
> key, I should be able to view it, right?

No. It's permanently encrypted. No-one can see it "unencrypted". But it
works! Please read those PGP pages that I directed you towards earlier.

> 2) I can see a short line called "key fingerprint" described in my
> book, the line being someting like:
> 62:47:b5:71:2b:23:08:ee:87:e2:cc:7d:0b:ce:4d:44
>
> What is a "key fingerprint" used for, if anything?

I _think_ (but again, check those man pages or other documentation) that
it is a character sequence that uniquely identifies your key and thereby
yourself in conjunction with a Private Key/Public Key. You should be
able to use it to verify that a message, encrypted or no, actually comes
from whoever it claims to come from - provided you already have the
signature. But I may be wrong here, I'm no expert. I'm just trying to
explain what little I know or believe I know.

(In other words, don't, please don't, persist in asking ever more
detailed questions on this; that's what earned you your own FAQ...
Perhaps you don't need to know just _everything_ before using something
like this?)

> 3) The -B option displays the so-called "bubblebabble digest" of the
> specified private or public key file. What it that? What is it used
> for? How do I "specify" the file?

I have no idea.

> 4) I can create public/private key pairs, however there are no
> instructions in my book or in the man pages as to the file-path in the
> _other_ computer, the file path I need to know before I can manually
> transfer the long 2048 digit public key to the other computer.

Are you supposed to put it somewhere special? The other user (OK, that's
you...) needs to keep the key somewhere accessible, no more. You use it
with appropriate software (e.g., PGP) to generate encrypted data to
transfer to the owner of the key, who will then be able to decrypt it
with his/her private key. AFAIK, in most cases it shouldn't need to live
in any very particular place.

> 5) And this priceless tower-of-Bable excerpt from the man pages:
>
> "The -f <filename> specifies the filename of the key file"
>
> WHAT !!! - - - if I have to enter the filename right after -f , then
> what in the hell use is the -f option, which is *supposed* to show
> the filename.

It isn't supposed to /show/ the filename, you know.
Doesn't say so anywhere.

As far as I can see, it is actually supposed to let you specify the
specific keyfile you want to use to encrypt or sign a specific data
file. As I said above, that file doesn't need to live anywhere special,
which means that you need to tell the software where it is. Also, you
could conceivably have more than one. Again, you'd need to specify.

> SHEESH -

We-e-ell? I suppose I could throw that one back...

> Anyhow, the most serious gap in my knowledge is item 4) above, because
> I am manually moving the public key between computers.
>
> I absolutely need to know the full path and name of the file where I
> should deposit that public key.

As I said, I don't think you do. If you think you do, I believe you are
misunderstanding the use of PKA - again. And again, my answer is to
check out those PGP pages that describe the PKA in detail before asking
more. And maybe accepting some trial and error on the basis of that
before asking again.

> That necessary bit of information is
> nowhere to be found, in my books.

See above. And don't stretch my "Be Good To Mark-Week" rosy, warm
feeling too much. ;-)

At some point, you need to
a) Get out there and DO IT, or
b) Accept that you maybe don't really, really need this, and if so,
c) Stop using too much of other people's time for something not really
important.

Cheers! :-)
--
/Jon
Put "jaalborg" for "navn", remove ".invalid".
.

Relevant Pages

  • Re: Encryption question
    ... will be able to encrypt and decrypt the same messange. ... it with alice private key.... ... >>messange with his public nor with is private. ... she will encrypt it with his public key. ...
    (Security-Basics)
  • RE: Basic Questions about PKI
    ... Private key. ... If we would like to encrypt the information for another ... Can someone that knows PKI cold confirm my knowledge of PKI? ... People ENCRYPT messages to me with my PUBLIC key and send the encrypted ...
    (Security-Basics)
  • Re: private to public decrypt now working
    ... If you switch it to use the public key to encrypt and private to decrypt it works. ...
    (microsoft.public.dotnet.security)
  • Re: Basic Questions about PKI
    ... People ENCRYPT messages to me with my PUBLIC key and send the ... > PRIVATE key can decrypt messages encrypted with my PUBLIC key. ... If I want to SIGN a message, I use my private key to sign the message ... > signed message uses my PUBLIC key to DECRYPT my encrypted message digest. ...
    (Security-Basics)
  • Re: When to use Public/Private Key & when to gen new one?
    ... The key pair is uniquely bound to each other: you can't have one private key ... options for extracting the public key, but not one for 'build new public key ... I was including in assemblies whatever it had spat one ... probably keep the same snk file across various builds of an assembly, ...
    (microsoft.public.dotnet.languages.csharp)