Joined: 14 Jun 2003 Posts: 16777215 Location: Netherlands, Europe
Posted: Wed May 11, 2005 3:55 pm Post subject:
Roughly spoken (without getting too technical), PGP can encrypt and sign files. For the encryption process a set of keys is used; a private key to encrypt the file; and a public key to decrypt the file. (The way how this is done exactly is too mathematically complex for me to understand, but that's not *really* important.)
So, when someone signs a document with a PGP key, some mathemetical magic is performed on the document, using the authors private key, and some extra information is added to the document.
Using the public key, documents signed in this way can be verified. (I.e. the extra data that is appended to the document is checked by performing some more mathemetical magic using the original document and the public key.) This should match up. If it doesn't; and you are sure the public key is the correct one; this means the document was not signed with that person's private key.
Performing such a verification can be done by using the PGP-tool. You do need the public key however. Usually, when someone offers signed documents, there's a link to the public key somewhere on that page.
For more information on PGP encryption, I found this page here which explains it more.
But there is no mention of how and what tools to use to verify there signing on this site or on the MS bullitens them self.
So in general the question can be translated like this: I recieved a security bulliten email from MS. Got there Pub key of the website, how do i bring these 2 together and verify this is a real MS bulliten.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum