May 14, 2008
Apple updates PGP key
Posted May. 14, ’08, 5:48 AM PT by Derik DeLong
Category | Security
Apple authenticates itself to users using a PGP key and updates it every two years. I’ve probably written about this before, but the quick version is that authentication security is based on asymmetric keys. In other words, pairs of keys are used, one public and one private. Apple holds onto the private one not telling it to anyone. The public one is listed here. The key (pun unintended) of this is that something encrypted one key can be unencrypted by the other.
By encrypting a message (or some version thereof, like a hashed version) using the private key, we can check that Apple sent the message by decrypting with the public key. If the two match up, Apple wrote it. No one but Apple knows the private key, therefore if the public key decrypts it, Apple must have written it.
Now, given enough time, brute force methods could discover the private key (how long is up to theorists to decide). Therefore, Apple spawns a new key pair every two years, effectively removing that threat. Apple puts the new public key on its website (which we have an expectation that it isn’t hacked) and sends it out in email, authenticating it with the old key (making that the final use). Now you can verify those security mailing list messages from Apple and know why it works. Don’t you feel better?
2 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- Wondercow on From Apple with love: The name's Update. Security Update.
- sdf on Apple says some MacBook Pro Nvidia chips are flaky
- Dan Moren on From Apple with love: The name's Update. Security Update.
- Inkling on From Apple with love: The name's Update. Security Update.
- Rich on ExpanDrive 1.3 is expandier than ever
- Andre Da Costa on October 14th MacBook event is a go
Categories
- Apple (219)
- Advertising (157)
- Events (228)
- Huh? (179)
- Humor (254)
- News (146)
- People (246)
- Rivals (395)
- Speculation (161)
- Steve Jobs (163)
- Stores (204)
- Apple TV (58)
- Business (439)
- Games (140)
- Geekery (452)
- Hardware (894)
- Accessories (72)
- Intel Macs (161)
- Ihnatko (18)
- Internet (448)
- Legal (230)
- MacUser (93)
- Macalope (2)
- Money (169)
- Music (338)
- Podcasting (100)
- Photography (71)
- Security (240)
- Software (1510)
- Updates (519)
- Tips (352)
- Troubleshooting (187)
- Video (392)
- Windows (214)
- iPhone (197)
- iPod (593)
- iPod Accessories (94)
- iPod Software (59)
- iTunes (128)
- iTunes Store (436)
Archives
- October 2008 (37)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
The key of this is that something encrypted one key.
Further proof that whenever says "pun unintended" (or, more commonly, "not intended"), it most certainly is.