19
5
Okay, I have no clue what this is, but I just received an email that has this in it.
-----BEGIN PGP PUBLIC KEY BLOCK-----
[redacted]
-----END PGP PUBLIC KEY BLOCK-----
If this means something, could someone decode it for me? If not, then could someone just tell me what it is?
user958945
Posted 2018-10-30T16:04:53.423
Reputation: 279
61
This is the PGP public key belonging to (presumably) the email's author. Its primary uses are:
to encrypt messages that you're sending to the key's owner (i.e. email privacy);
to verify digital signatures made by the key's owner (proof of authorship).
The PGP standard is used by such software as GnuPG (Gpg4win), Enigmail, OpenKeychain, Symantec Desktop Email Encryption (aka PGP.com), and so on.
As for why it was sent to you: you'll have to ask the person you got it from. Note that some mail apps begin automatically attaching the sender's PGP key to all messages as soon as the feature is set up, even if the sender didn't exactly ask for it.
If the sender didn't specifically request usage of PGP encryption or signing, and if you don't intend to use it either, then the attachment can be ignored.
user1686
Posted 2018-10-30T16:04:53.423
Reputation: 283 655
22Obligatory warning that the xkcd comic is joking. I could just write that text at the top of an email and it means nothing. Don't fall for it! – Lightness Races with Monica – 2018-10-31T14:04:56.767
However, the people who would fall for that particular thing are all very security conscious. Even banks don't send signed emails at this point, which is stupid. – xyious – 2018-10-31T19:25:49.327
@xyious PGP is dead, okay? See https://moxie.org/blog/gpg-and-me/ , https://www.schneier.com/blog/archives/2016/12/giving_up_on_pg.html . https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/ , https://blog.filippo.io/giving-up-on-long-term-pgp/ , and there are many, many more.
– Joker_vD – 2018-10-31T20:17:47.983PGP/GPG is NOT dead, however it has a education and non geek usability issue. It is one of the simpler PKI methods to use for things like email. I use PGP almost daily as is. – linuxdev2013 – 2018-12-27T15:29:23.503
15
It's harmless, and possibly useful. Users of PGP (Pretty Good Privacy) (and other similar apps) send a 'public key', such as you saw in the message, so folks who have the key for that user can verify the message really came from the named sender. The 'public key' can also be used to encrypt a message which anyone with a PGP-like app can send to that user which only that user can decrypt with their private key.
K7AAY
Posted 2018-10-30T16:04:53.423
Reputation: 6 962
2
I used to know a website that did PGP packet decoding, but I can't find it now, so here's one from my system:
# off=0 ctb=99 tag=6 hlen=3 plen=269
:public key packet:
version 4, algo 1, created 1537793680, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
keyid: 19C85A0C5ACBA088
# off=272 ctb=b4 tag=13 hlen=2 plen=33
:user ID packet: "[snipped]"
# off=307 ctb=89 tag=2 hlen=3 plen=334
:signature packet: algo 1, keyid 19C85A0C5ACBA088
version 4, created 1537793680, md5len 0, sigclass 0x13
digest algo 10, begin of digest d2 ec
hashed subpkt 33 len 21 (issuer fpr v4 16683B6345CFB4E0D68C3A6819C85A0C5ACBA088)
hashed subpkt 2 len 4 (sig created 2018-09-24)
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID 19C85A0C5ACBA088)
data: [2047 bits]
# off=644 ctb=b9 tag=14 hlen=3 plen=269
:public sub key packet:
version 4, algo 1, created 1537793680, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
keyid: 4364B1912195D6CB
# off=916 ctb=89 tag=2 hlen=3 plen=310
:signature packet: algo 1, keyid 19C85A0C5ACBA088
version 4, created 1537793680, md5len 0, sigclass 0x18
digest algo 10, begin of digest 20 d2
hashed subpkt 33 len 21 (issuer fpr v4 16683B6345CFB4E0D68C3A6819C85A0C5ACBA088)
hashed subpkt 2 len 4 (sig created 2018-09-24)
hashed subpkt 27 len 1 (key flags: 0C)
subpkt 16 len 8 (issuer key ID 19C85A0C5ACBA088)
data: [2046 bits]
It contains an RSA-2048 masterkey (id 19C85A0C5ACBA088) signed by itself, as is standard, and not countersigned/endorsed by anybody else, which may (or may not) affect whether and how much you trust it, and which specifies the e-mail address of the owner (on gmail -- presumably the person who sent you the mail). It also contains an RSA-2048 encryption subkey (4364B1912195D6CB) signed by the masterkey, as is standard. If you decide this key block is truly from that person (not faked), you can use it to encrypt emails (or files) so they are secure: no one other than that person should be able to decrypt them.
dave_thompson_085
Posted 2018-10-30T16:04:53.423
Reputation: 1 962
13I'm not sure if is nice to put that person's personal email address in the clear for thousands of people to see. Twice. – Graipher – 2018-10-31T06:15:22.813
What kind of attachment was that in? – BruceWayne – 2018-10-30T16:59:29.347
52What did the searching/research you performed before asking this question turn up? What details did it not explain? – jpmc26 – 2018-10-31T03:38:43.287