[02:30] <jrib> cjae_: the bot's instructions have some enigmail info in them as well
[02:30] <cjae_> jrib, but you do know about encryption right
[02:31] <cjae_> I have pgp in thunderbird now from what you explained enigmail is like a wizard for it or no
[02:32] <jrib> it's a plugin that makes it easy to do encryption
[02:32] <cjae_> anyway do I have the general idea right each person on either side of the email (send/receiver) has two keys one pblic and one private right?
[02:32] <jrib> it provides buttons for "sign message" and "encrypt message", stuff like that
[02:33] <jrib> cjae_: yes
[02:34] <cjae_> ok so I use pgp to encrypt it with my public key right?
[02:34] <jrib> well
[02:34] <jrib> if you want to make it so only you can open it and read it, yes
[02:35] <cjae_> ok so i want to use my private key so someone else can read it
[02:35] <jrib> you wouldn't do that
[02:35] <cjae_> this is where i am confused
[02:35] <jrib> lets call your friend bob
[02:35] <cjae_> k
[02:35] <jrib> you want to encrypt and email so only bob can read it
[02:36] <cjae_> k
[02:36] <jrib> so you encrypt the message with his public key.  At this point, not even you can decrypt it.  The only way to decrypt it is for bob to use his private key.  And since it's private, only he can read it
[02:37] <jrib> get it?
[02:37] <cjae_> ah the keys work together
[02:37] <cjae_> makes snese or it wouldn't have been very secure
[02:37] <jrib> if he wants to send you a message that no one but you can read, he goes to a key server and gets your public key (like anyone can) and encrypts the message with that.  Then you get the message and decrypt it with your private key
[02:38] <cjae_> where does one find these servers
[02:38] <jrib> the !gpg link explains how to get your key onto a key server
[02:38] <cjae_> k
[02:38] <jrib> the other thing you do is sign messages
[02:39] <cjae_> must one do this too
[02:39] <jrib> basically, that works by encrypting a hash of your message with your private key.  Then anyone can decrypt it with your public key and verify they get the right hash for the message
[02:40] <cjae_> sort of like md5
[02:40] <jrib> hash is used just for sake of space...
[02:40] <jrib> you could do the whole message I guess
[02:41] <jrib> but the important thing is that you can't create the string that when the public key is applied to it gives you back the original message unless you know your private key.  And only you know your private key, so it must be you that signed the message