RSA is a public key cipher. That is, there is not one key, but two components, which are used for specific purposes. In this text, P0() is your public key and S0() is your private key. Anything encrypted by one can be decrypted by the other, and it is considered impossible to determine S0() from P0().
Suppose X is a message. P0(X) is meaningless gibberish, however S0(P0(X)) = X. Similarly, S0(X) is gibberish, but P0(S0(X)) = X.
IDEA is a symmetric key cipher. This is "normal" cryptography: the same key encrypts and decrypts the message. IDEA uses a 128 bit key to transform a message into meaningless gibberish. The same key, when applied to the meaningless gibberish, will produce the original message.
Suppose X is a message and k is a key. Then IDEA(X,k) is meaningless gibberish, but IDEA(IDEA(X,k),k) = X.
MD5 will produce an essentially unique 128 bit one way hash of any input. It is considered impossible to determine the input when given the hash, and the chance of two different inputs having the same hash is extremely small. Think of a hash as a very good checksum.
md5(X) is a 128 bit representation of X.
In the case that you want to encrypt the message to two recipients, the random key k is encrypted with the public keys of each recipient, but the actual message is only encrypted once. Now (IDEA(X,k), P1(k), P2(k), ...) is sent to each recipient, who has to pick out the bit which is encrypted with his public key himself.
Normally, the signature is put before the actual message you are sending, but if you use the "clearsign" option, the signature will be put below the message. Additionally, when you "clearsign" a message, spaces and tabs after a line are stripped off first, and newlines are converted to carriage return/newline pairs. This ensures that mail and news transport programs will not mangle the message in such a way that the signature becomes invalid.
Of course, you have to be sure that the public key you use to check the signature really belongs to the person it claims to be from.
[ Table of Contents | About this FAQ | Glossary ]