From: John Beckett 

"Antti Kurenniemi"  wrote in
message news::
> Zoink -> quick jump to a whole different topic here: What's with
the "PGP
> signed message" stuff in this posting?

A bit more technical stuff...

A message can be:
- Signed, or
- Encrypted, or
- Signed and encrypted.

Signed = signature appended to message. The "BEGIN" stuff
indicates the region of the message that is checked by the signature, and
the actual signature. Outlook (not PGP) uses S/MIME to specify these
regions.

Signature = Hash of message combined with private key of sender (in this
case, the hash algorithm was SHA-1).

You could get the public key of the sender, and use it to check the
signature. If ok, you know the sender had the private key (proving who the
sender was), and you know the message has not been altered.

For encryption, a random session key is created by the sender. That key
encrypts the message. The session key is then encrypted with the
recipient's public key, and appended. The recipient uses their private key
to decrypt the session key, then uses the session key to decrypt the
message.

John

--- BBBS/NT v4.01 Flag-5