The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:pgpauth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pgpfan:pgpauth [2025/10/11 10:46] – [The PGP OCFB-MDC Encryption Mode] Driving the point home. b.walzerpgpfan:pgpauth [2025/11/01 11:57] (current) – [The Why of PGP Authentication] Typo b.walzer
Line 1: Line 1:
-======The Why of PGP Authentication======+ ======The Why of PGP Authentication======
  
 There seems to be an ongoing misunderstanding of how PGP actually does authentication. That ends up being important in various discussions. Let's dig into perhaps the more interesting question of //why// PGP does the things it does and pick up the //how// along the way. There seems to be an ongoing misunderstanding of how PGP actually does authentication. That ends up being important in various discussions. Let's dig into perhaps the more interesting question of //why// PGP does the things it does and pick up the //how// along the way.
Line 5: Line 5:
 Authentication in a PGP context is a mechanism that makes it possible for the recipient of a file/message to verify that the file/message was certified by a particular entity/person. It also insures that the file/message was not tampered with after that certification. The most common convention is that the certification is a declaration that the certifier created a particular file/message. More generally, such a certification means that the certifier is taking responsibility for the file/message in some way. Authentication in a PGP context is a mechanism that makes it possible for the recipient of a file/message to verify that the file/message was certified by a particular entity/person. It also insures that the file/message was not tampered with after that certification. The most common convention is that the certification is a declaration that the certifier created a particular file/message. More generally, such a certification means that the certifier is taking responsibility for the file/message in some way.
  
-Cryptographic signatures will be important here so we should briefly define the term. The generation of a [[wp>Digital_signature|cryptographic signature]] requires knowledge of a secret value normally only known by single entity/person. There is a public value that corresponds to the secret value. Anyone can take that public value, the signed data and the cryptographic signature and verify that the signer had access to the secret value when they created the cryptographic signature. Cryptographic signatures often form the root of authentication schemes.+Cryptographic signatures will be important here so we should briefly define the term. The generation of a [[wp>Digital_signature|cryptographic signature]] requires knowledge of a secret value normally only known by single entity/person. There is a public value that corresponds to the secret value. Anyone can take that public value, the signed data and the cryptographic signature and verify that the signer had access to the secret value when they created the cryptographic signature. Cryptographic signatures often form the root of authentication schemes.
  
 =====PGP Authentication Doesn't Work This Way===== =====PGP Authentication Doesn't Work This Way=====
Line 76: Line 76:
  
 =====The PGP OCFB Encryption Mode===== =====The PGP OCFB Encryption Mode=====
 +
 +The very existence of this mode seems to confuse people...
  
 This is an encryption mode with no integrity check((The PGP OCFB mode is contained in the OpenPGP Symmetrical Encryption Data packet (SED).)). It is pure encryption. We should have a pretty good idea at this point why it exists. Since PGP authentication is done directly on the data there is simply no need for an integrity check. An encryption mode that provided an integrity check feature would be redundant and would cause inefficiency. This is an encryption mode with no integrity check((The PGP OCFB mode is contained in the OpenPGP Symmetrical Encryption Data packet (SED).)). It is pure encryption. We should have a pretty good idea at this point why it exists. Since PGP authentication is done directly on the data there is simply no need for an integrity check. An encryption mode that provided an integrity check feature would be redundant and would cause inefficiency.
  
-The very existence of this mode seems to confuse people... 
  
 =====The PGP OCFB-MDC Encryption Mode===== =====The PGP OCFB-MDC Encryption Mode=====
Line 100: Line 101:
  
 When working with PGP, it is important to clearly understand the difference between authentication and the integrity check. The integrity check is limited and often full authentication is required or more desirable. When working with PGP, it is important to clearly understand the difference between authentication and the integrity check. The integrity check is limited and often full authentication is required or more desirable.
 +
 +[[em:index|Encrypted Messaging index]]\\
 +[[pgpfan:index|PGP FAN index]]\\
 +[[:|Home]]
 +
  
pgpfan/pgpauth.1760179573.txt.gz · Last modified: by b.walzer