Introduction | The Algorithm | History | CMEA | PGP | Decrypting | Wrap up | Words

Now at the risk of sounding like Magnum P.I., I know what you're thinking. You're thinking "AAUUUGH!  I put my letter through a blender!  Oh the humanity!"  Just calm down.

Remember, it's moronic to encrypt messages that can't be decrypted (this doesn't go for some password protecting ideas and for "digital signatures," but those aren't really messages and we'll chit chat about that in the next primer).  At first glance, for all we know, that mess up there might just be random garbage.  Guess what?  We can prove that it ain't.  You wrote the letter to yourself and encrypted it with your own public key, didn't ya? You have your private key and can decrypt the message even easier than you encrypted it!  Ha ha ha HA!

Here's what ya do:

1. Highlight the entire ciphertext, from the beginning of the "-----BEGIN
PGP.." to the end of the " END PGP MESSAGE-----"
2. Hit Ctrl-C to copy it onto your clipboard.  (I know it was already there from last time but let's pretend you just got this particular blob sent to you from somebody else)
3. Go to wherever your PGP menu is and click on "Decrypt/Verify clipboard" and put in your passphrase when asked for it. (When you see the box that says "Decryption Successful," that means that it just decrypted the stuff on your clipboard but left it there)
4. Go to your original document and click down past the stuff you already put there.
5. Hit Ctrl-V to paste.
6. Voila!

Dear Tim, quit doing that with your eyes or they'll freeze that way.

Ta-DUM!  Isn't this a momentous occasion?  I think I'm misty-eyed ...  

A. Getting someone else's public key

This is easy.  You find the text version of their key on either a website or from a text file or email or whatever.  I showed you part of mine, it looks a lot like the encrypted mess we just saw.

1. Highlight the whole thing again, from the beginning of the " -----BEGIN PGP PUBLIC KEY ... " to the end of the " ... --END PGP PUBLIC KEY BLOCK-----."
2. Then hit Ctrl-C to copy the key to your clipboard.
3. Now go to the PGP menu and just pick the option that says "Add Key from Clipboard."
4. You'll see a window open up telling you that PGP saw the key and knows what it is, and you hit the "import" button.  Simple, huh?  

A. What PGP really does

It's a plain and simple truth that most secret-key programs run way faster than public-key systems.  So PGP makes the best of both worlds.

When you encrypt a message to someone with PGP, it first compresses the message to make sure it won't take up a whole lot of space.  It then makes its own little secret symmetric key (like from DES or something) and encrypts the text with that (really fast) symmetrical algorithm.

After that, it takes the receiver's public key and encrypts just the secret DES-type key.  Since it's only encrypting a key, it goes way quicker than if it were encrypting the whole message.  The PGP message is both of these blobs of ciphertext all crammed together.

When the receiver's PGP program gets the message, it uses the private key of the recipient to decrypt the secret key from the blob first (goes quickly cuz it's just a key).

It then uses the symmetric key it just deciphered to decrypt the rest of the message from the blob quickly, and decompresses the message the rest of the way into readable form.  

V. OTHER WAYS TO START USING CRYPTO

A. Secure your Netscape connection

- Part One: Your browser COULD be secure:

Dude, it suuuuuuuucks that people haven't done this more often yet.  Check it out.  If you have the right version, Netscape can connect to cooperating web sites in a really secure way.  Try it, instead of typing "http://", type "https://".  That tells your net machine to try to connect with the server using its "Secure Sockets Layer."  That's the part of your browser that can encrypt everything going between you and the server you're surfing to.

You know the little key type thingy in the lower corner of your browser?  It usually has a slash through it or shows an open lock or something.  This means you are wandering around the web making non-secure connections.  If you hook up a secure connection using "https" to a web server, it will show a complete key, or a closed lock, or various other "locked" looking things.

>Oooooooh! Aaaaaah!<

If you don't see a change, or get a message saying "hey doofus, this isn't an https site," don't worry.  Most websites aren't set up to let you connect securely, there's usually no reason to.  You'll find the places with "https" addresses at online stores, banks, and other places where security would be needed.  I mean, do you REALLY care how many people know you post to the Nine Inch Nails board seven hundred times a day?