Diff: GPG/PGPNotes - Waikato Linux Users Group

Differences between version 54 and revision by previous author of GPG/PGPNotes.

Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History

Newer page:	version 54	Last edited on Monday, May 17, 2004 2:16:10 am	by StuartYeates	Revert
Older page:	version 43	Last edited on Tuesday, October 7, 2003 9:17:30 pm	by JohnMcPherson	Revert

@@ -17,10 +17,10 @@

See [GPGMailClients] for integrating encryption into your favourite email client.

Below, we give examples of how to set up GPG ready for use on your system.

-!!!__Creating And Managing Keys__

-![ SeaHorse]

+!!! __Creating And Managing Keys__

+! SeaHorse

There is a graphical interface to key management called [Seahorse|http://seahorse.sourceforge.net/]. It makes it easy to see who has signed whose keys, and you can edit/create keys as well as sign and encrypt/decrypt messages. It is still in development, and does not use protected memory (ie it is not setuid), so don't type your passphrase into it if others have access to your machine (and you are paranoid). There is an official debian package (apt-get install seahorse).

!GNU Privacy Assistant

@@ -40,9 +40,9 @@

Enter passphrase:

Please select what kind of key you want:

...

Command> save

-Don't forget to upload your key to a ~~key server~~ again so everyone else can see this!

+Don't forget to upload your key to a KeyServer again so everyone else can see this!

* A 10 byte [MD5] check-sum of the public key is called a "fingerprint" and is used to uniquely identify keys (in hexadecimal). You can refer to all the parts of a key with this ID. The last 4 bytes of the fingerprint can be used as a key ID in most places.

Here is an example:

@@ -71,9 +71,9 @@

Then you can find your key ID:

$ gpg --list-keys

-And submit it to a ~~key server~~

+And submit it to a GPG KeyServer:

$ gpg --send-key --keyserver the.earth.li <your public key ID>

Go register yourself as being someone where people can come and sign your key: http://www.biglumber.com/index.html

@@ -89,11 +89,11 @@

To get a key by email address you need to either use the web interfaces on the key servers (http://the.earth.li/) or if you are running a recent version of gpg(1) (more recent than the one in Debian 3.0) you can use:

gpg --search-key ''email@address''

-Also for ~~bleeding edge~~ gpg(1) you can also do:

+Also for recent versions of gpg(1) (1.2.1 and later ) you can also do:

gpg --refresh-keys

-to ~~d/l~~ new ~~versions of~~ all of the keys

+to download any new signatures for all of the keys in your keyring.

For example, quoted from PerryLorier:

''Perry's gpg-id is''

''pub 1024D/2F33F144 2000-09-23 Perry Lorier (Local network) <perry@coders.tla>''

@@ -153,17 +153,19 @@

OZoaEtcubsNMquuLCMWijYhGBBgRAgAGBQI36lRyAAoJECGRgM3bQqYOhyYAnj7h

VDY/FJAGqmtZpwVp9IlitW5tAJ4xQApr/jNFZCTksnI+4O1765F7tA==

=3AHZ

-----END PGP PUBLIC KEY BLOCK-----

+

+''Of course, if you are using the WebOfTrust, you can import it off the website and it doesn't matter if someone has tampered with it because any tampering will get cause the CryptographicHash not to match and so it won't be trusted anyway.'' --- StuartYeates

!!!Signing Someone's Key

After you have met someone in person and they have told you what their key ID (or fingerprint) is, and you have verified that they are who they say they are, you can sign their key.

1. Get their key (eg from a keyserver)

$ gpg --recv-key 2F33F144

2. Sign their key

$ gpg --sign-key 2F33F144

-3. Send it back to the ~~keyserver~~ so that others can see that you've signed it

+3. Send it back to one of the GPG [KeyServer]s so that others can see that you've signed it

$ gpg --send-key 2F33F144

(You may have to specify your key server on the command line for the above commands).

Signing keys is crucial for authentication (rather than simply encryption) purposes. See the WhySignEmail page.

@@ -211,5 +213,21 @@