PGP keys allow correspondents to secure their e-mail exchanges.
In order to use PGP encryption, both the sender and the recipient of the e-mail must have a pair of PGP keys:
- a public one, which they must communicate to his correspondents
- a private one, which they must keep carefully
PGP uses an asymmetric encryption with a pair of keys. If a message has been encrypted with one of the keys, it is necessary to use the other key of the pair to decrypt it.
- if the sender uses the recipient's public key, the latter must use their private key to read the message (the message is encrypted)
- if the sender uses their own private key, the recipient must use the sender's private key to read the message (the message is signed)
- for a maximal security, the sender can both encrypt and sign the message, by using both their own private key and the recipient's public key
postel.bzh offers an easy way to use PGP, both for the encryption and the signature of the messages.
Each user keeps a PGP keyring, made of their own pairs of keys and the public keys of their correspondents.
To generate a pair of PGP keys, one must provide:
- an e-mail address
- an identity (for instance first and last names), which will appear in the public keys which is communicated to the correspondents
In order to reinforce the security of the generated pair of keys, it is also possible to indicate:
- a passphrase, which will be asked for every time the private key is used (to sign a sent message or to decrypt a received message)
- the period of validity for the pair of keys; after this period, the keys cannot be used for new messages any more and new ones must be generated
Beware! If you forget your passphrase, your will be unable to use your PGP key. postel.bzh does not keep the passphrase, has no way to find it, and cannot reset it either.