Coviant Software logo
Diplomat Products Solutions Support Partners Resources News/Events About Us
Search Login
Usage Scenarios
HIPAA
Sarbanes-Oxley
Security Tips
Understand OpenPGP
Track Email Attachments
Use Subkeys
 

Understand PGP

Keys are essentially very large numbers. If you were to look at a key, all you would see is a lot of apparently random digits.  

OpenPGP keys are always created as key pairs with a public key and a secret key. The owner of a key pair always keeps their secret key and gives their trading partner their public key.

Keys are used to encrypt/decrypt and to sign/verify files. An individual key pair can be created for signing/verification only. Or, a key pair can be created with a signing key and encryption sub-key. This type of key can be used for encryption and decryption, as well as signing and verification.

Digital signatures enable you to verify the authenticity of a file's origin and verify that the file is intact. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information.

When a file is signed with a secret key, only the public key that matches that secret key can be used to verify the signature. When you establish a relationship with a trading partner, they send you their public key. Each time they encrypt a file to send to you, they use their secret key to sign the file. When you decrypt the file, you determine whether your trading partner encrypted the file by using their public key to verify the signature. If you cannot verify their signature, then you should assume that your trading partner was not the source of the encrypted file.

Here is an example of which keys are used to encrypt/sign and decrypt/verify an inbound file from your trading partner:

  • You create a key pair to be used for encryption and decryption and give your trading partner the public key.
  • Your trading partner creates a key pair for signing and verification and gives you their public key.
  • Your trading partner encrypts the file with your public key, signs it with their secret key, and sends the encrypted/signed file to you.
  • You decrypt the file with your secret key and verify their signature with their public key.

The keys used for you to encrypt/sign and decrypt/verify an outbound file to your trading partner work in a similar way:

  • Your trading partner creates a key pair to be used for encryption and decryption and gives you the public key.
  • You create a key pair for signing and verification and give your trading partner your public key.
  • You encrypt the file with your trading partner's public key, sign it with your secret key, and send the encrypted/signed file to them.
  • Your trading partner decrypts the file with their secret key and verifies your signature with your public key.

 

    File transfer encyption keys

 

  

   
© Coviant Software 2004-2008. All rights reserved. Contact | Privacy Policy | Terms of Use