• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

MS PGP key on security bulletin

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions

View previous topic :: View next topic  
Author Message
Tom Decaluwe
Just Arrived
Just Arrived


Joined: 11 May 2005
Posts: 0


Offline

PostPosted: Wed May 11, 2005 3:31 pm    Post subject: MS PGP key on security bulletin Reply with quote

Hi all,

I have a more general question regarding PGP and MS signing it's documents using a pgp key.

I can see the value of digitally signing there security bulletin's but i have been looking for a while now how i can verify there PGP key?

Do i need software for this? Do i need to copy/past the GPG signature form the email to a website,... to check if this is a valid key made by MS?

In short what and how do i use this signing?

Kind regards,

Tom
Back to top
View user's profile Send private message
hugo
Forum Fanatic
Forum Fanatic


Joined: 14 Jun 2003
Posts: 16777215
Location: Netherlands, Europe

Offline

PostPosted: Wed May 11, 2005 3:55 pm    Post subject: Reply with quote

Roughly spoken (without getting too technical), PGP can encrypt and sign files. For the encryption process a set of keys is used; a private key to encrypt the file; and a public key to decrypt the file. (The way how this is done exactly is too mathematically complex for me to understand, but that's not *really* important.)

So, when someone signs a document with a PGP key, some mathemetical magic is performed on the document, using the authors private key, and some extra information is added to the document.

Using the public key, documents signed in this way can be verified. (I.e. the extra data that is appended to the document is checked by performing some more mathemetical magic using the original document and the public key.) This should match up. If it doesn't; and you are sure the public key is the correct one; this means the document was not signed with that person's private key.

Performing such a verification can be done by using the PGP-tool. You do need the public key however. Usually, when someone offers signed documents, there's a link to the public key somewhere on that page.

For more information on PGP encryption, I found this page here which explains it more.
Back to top
View user's profile Send private message
Tom Decaluwe
Just Arrived
Just Arrived


Joined: 11 May 2005
Posts: 0


Offline

PostPosted: Wed May 11, 2005 4:14 pm    Post subject: Reply with quote

Hi hugo,

Thanks for the reply. I am however up to date on the PKI system and the principal of signing and encrypting.

My main question is how do i verify emails from MS GPG. Do i need to download a tool for this? Is there an online website i can use to verify?

I have found the MS public key on there site at url:

https://www.microsoft.com/technet/security/bulletin/pgp.mspx

But there is no mention of how and what tools to use to verify there signing on this site or on the MS bullitens them self.

So in general the question can be translated like this: I recieved a security bulliten email from MS. Got there Pub key of the website, how do i bring these 2 together and verify this is a real MS bulliten.

kind regards,

Tom
Back to top
View user's profile Send private message
MattA
Trusted SF Member
Trusted SF Member


Joined: 13 Jun 2003
Posts: 16777193
Location: Eastbourne + London

Offline

PostPosted: Wed May 11, 2005 4:15 pm    Post subject: Reply with quote

Here's how to check a PGP signature
http://www.qorbit.net/documents/pgp-key-verification.htm
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register