Editing 1181: PGP

{{comic
| number    = 1181
| date      = March 4, 2013
| title     = PGP
| image     = pgp.png
| titletext = If you want to be extra safe, check that there's a big block of jumbled characters at the bottom.
}}

==Explanation==

{{w|Pretty Good Privacy|PGP}} (or GPG under linux) is a program which can be used to encrype and sign messages sent as emails.  Encrypting the message would prevent anybody from reading it if they didn't have the key to decrypt.  Signing the message would mean that the message can be verified as un-altereted, if the reader was to check the message against the signature.  People who uses such program typically only uses the feature to sign the message, since entryping it (which would give you the privacy) would mean that almost nobody would be able to read it, including the intended receipient as they rarely would have the keys and software installed to decrypt the message.    hence the irony here is that nobody actually verifies the "signature" either, but feel secure that the m essage appears to be signed.

The use of signign software is so rare that most people have never seen a signed message.  The joke here lies within the approach of ignoring actual privacy guarantees PGP provides.


PGP or {{w|Pretty Good Privacy}}, is a in part {{w|Public-key cryptography}}, which is defined in RFC-4880 [https://tools.ietf.org/html/rfc4880#page-60 RFC4880]-devised. The blob which makes the signature is a binary signature which is encoded into ascii using {{w|ASCII armor}}.

==Transcript==
:

{{comic discussion}}
[[Category:Comics with color]]
[[Category:Computers]]
@@ Line 8: / Line 8: @@
 ==Explanation==
-{{w|Pretty Good Privacy|PGP}} (Pretty Good Privacy) is a program which can be used to encrypt and/or sign data, including messages sent as emails. Encrypting means encoding data in a way that requires a secret key to decrypt and read; signing means that there is a code included in the data which can be used to verify the identity of the sender and that the data has not been altered in transit.
-In the case of the email in this comic, it has only been signed; not encrypted (hence, the top of the first line of text can be seen and is legible in normal English). This is more common than encryption, as reading an encrypted message would require the recipient to already be a PGP user. In fact, the use of PGP even to sign email messages is so rare that most people have probably never seen a signed message. Because a signed email is so rare, and because it is already legible and unencrypted, [[Randall]] is making the tongue-in-cheek observation that few users, technical or otherwise, actually know how to use the signature to verify the authenticity of the sender using the PGP signature, and that such users can safely assume that since there ''is'' a signature, that is good enough evidence that the message is authentic. Further, because PGP signatures are so rare and probably ignored by most recipients, he suggests one would not expect anyone to even bother creating a false PGP signature; therefore the mere existence of a PGP header would suggest authenticity.
+{{w|Pretty Good Privacy|PGP}} (or GPG under linux) is a program which can be used to encrype and sign messages sent as emails.  Encrypting the message would prevent anybody from reading it if they didn't have the key to decrypt.  Signing the message would mean that the message can be verified as un-altereted, if the reader was to check the message against the signature.  People who uses such program typically only uses the feature to sign the message, since entryping it (which would give you the privacy) would mean that almost nobody would be able to read it, including the intended receipient as they rarely would have the keys and software installed to decrypt the message.    hence the irony here is that nobody actually verifies the "signature" either, but feel secure that the m essage appears to be signed.
-The title text extends the joke by suggesting you confirm there's a bunch of random characters in the footer (this is the actual signature that PGP generates which can be used to verify the authenticity of the email). Again, Randall is humorously suggesting that the existence of the block is itself sure evidence of authenticity.
+The use of signign software is so rare that most people have never seen a signed message.  The joke here lies within the approach of ignoring actual privacy guarantees PGP provides.
+PGP or {{w|Pretty Good Privacy}}, is a in part {{w|Public-key cryptography}}, which is defined in RFC-4880 [https://tools.ietf.org/html/rfc4880#page-60 RFC4880]-devised. The blob which makes the signature is a binary signature which is encoded into ascii using {{w|ASCII armor}}.
 ==Transcript==
-:How to use PGP to verify that an email is authentic:
+:
-:Look for this text at the top
-:[In mail header, light grey.] Reply
-:[Highlighted, with arrow pointing to it from the text "Look for this text at the top" above.]
-:-----BEGIN PGP SIGNED MESSAGE-----
-:[In mail message, light grey.]
-:HASH: SHA256
-:Hey,
-:First of all, thanks for taking care of
-:[After mail message.]
-:If it's there, the email is probably fine
 {{comic discussion}}
 [[Category:Comics with color]]
-[[Category:Email]]
+[[Category:Computers]]
-[[Category:Cryptography]]