Networking/Security Forums :: View topic - MS PGP key on security bulletin

MS PGP key on security bulletin

Networking/Security Forums -> Beginners // Misc. Computer Questions

Author: Tom Decaluwe,

Posted: Wed May 11, 2005 3:31 pm Post subject: MS PGP key on security bulletin
----
Hi all,

I have a more general question regarding PGP and MS signing it's documents using a pgp key.

I can see the value of digitally signing there security bulletin's but i have been looking for a while now how i can verify there PGP key?

Do i need software for this? Do i need to copy/past the GPG signature form the email to a website,... to check if this is a valid key made by MS?

In short what and how do i use this signing?

Kind regards,

Tom

Author: hugo, Location: Netherlands, Europe

Posted: Wed May 11, 2005 3:55 pm Post subject:
----
Roughly spoken (without getting too technical), PGP can encrypt and sign files. For the encryption process a set of keys is used; a private key to encrypt the file; and a public key to decrypt the file. (The way how this is done exactly is too mathematically complex for me to understand, but that's not *really* important.)

So, when someone signs a document with a PGP key, some mathemetical magic is performed on the document, using the authors private key, and some extra information is added to the document.

Using the public key, documents signed in this way can be verified. (I.e. the extra data that is appended to the document is checked by performing some more mathemetical magic using the original document and the public key.) This should match up. If it doesn't; and you are sure the public key is the correct one; this means the document was not signed with that person's private key.

Performing such a verification can be done by using the PGP-tool. You do need the public key however. Usually, when someone offers signed documents, there's a link to the public key somewhere on that page.

For more information on PGP encryption, I found this page here which explains it more.

Author: Tom Decaluwe,

Posted: Wed May 11, 2005 4:14 pm Post subject:
----
Hi hugo,

Thanks for the reply. I am however up to date on the PKI system and the principal of signing and encrypting.

My main question is how do i verify emails from MS GPG. Do i need to download a tool for this? Is there an online website i can use to verify?

I have found the MS public key on there site at url:

https://www.microsoft.com/technet/security/bulletin/pgp.mspx

But there is no mention of how and what tools to use to verify there signing on this site or on the MS bullitens them self.

So in general the question can be translated like this: I recieved a security bulliten email from MS. Got there Pub key of the website, how do i bring these 2 together and verify this is a real MS bulliten.

kind regards,

Tom

Author: MattA, Location: Eastbourne + London

Posted: Wed May 11, 2005 4:15 pm Post subject:
----
Here's how to check a PGP signature
http://www.qorbit.net/documents/pgp-key-verification.htm

Networking/Security Forums -> Beginners // Misc. Computer Questions

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1