Differences between version 49 and predecessor to the previous major change of GPG/PGPNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 49 | Last edited on Wednesday, March 10, 2004 6:26:39 am | by StuartYeates | Revert |
Older page: | version 43 | Last edited on Tuesday, October 7, 2003 9:17:30 pm | by JohnMcPherson | Revert |
@@ -40,9 +40,9 @@
Enter passphrase:
Please select what kind of key you want:
...
Command> save
-Don't forget to upload your key to a key server
again so everyone else can see this!
+Don't forget to upload your key to a KeyServer
again so everyone else can see this!
* A 10 byte [MD5] check-sum of the public key is called a "fingerprint" and is used to uniquely identify keys (in hexadecimal). You can refer to all the parts of a key with this ID. The last 4 bytes of the fingerprint can be used as a key ID in most places.
Here is an example:
@@ -71,9 +71,9 @@
Then you can find your key ID:
$ gpg --list-keys
-And submit it to a key server
+And submit it to a GPG KeyServer:
$ gpg --send-key --keyserver the.earth.li <your public key ID>
Go register yourself as being someone where people can come and sign your key: http://www.biglumber.com/index.html
@@ -89,11 +89,11 @@
To get a key by email address you need to either use the web interfaces on the key servers (http://the.earth.li/) or if you are running a recent version of gpg(1) (more recent than the one in Debian 3.0) you can use:
gpg --search-key ''email@address''
-Also for bleeding edge
gpg(1) you can also do:
+Also for recent versions of
gpg(1) (1.2.1 and later
) you can also do:
gpg --refresh-keys
-to d/l
new versions of
all of the keys
+to download any
new signatures for
all of the keys in your keyring.
For example, quoted from PerryLorier:
''Perry's gpg-id is''
''pub 1024D/2F33F144 2000-09-23 Perry Lorier (Local network) <perry@coders.tla>''
@@ -153,17 +153,19 @@
OZoaEtcubsNMquuLCMWijYhGBBgRAgAGBQI36lRyAAoJECGRgM3bQqYOhyYAnj7h
VDY/FJAGqmtZpwVp9IlitW5tAJ4xQApr/jNFZCTksnI+4O1765F7tA==
=3AHZ
-----END PGP PUBLIC KEY BLOCK-----
+
+''Of course, if you are using the WebOfTrust, you can import it off the website and it doesn't matter if someone has tampered with it because any tampering will get cause the CryptographicHash not to match and so it won't be trusted anyway.'' --- StuartYeates
!!!Signing Someone's Key
After you have met someone in person and they have told you what their key ID (or fingerprint) is, and you have verified that they are who they say they are, you can sign their key.
1. Get their key (eg from a keyserver)
$ gpg --recv-key 2F33F144
2. Sign their key
$ gpg --sign-key 2F33F144
-3. Send it back to the keyserver
so that others can see that you've signed it
+3. Send it back to one of
the GPG [KeyServer]s
so that others can see that you've signed it
$ gpg --send-key 2F33F144
(You may have to specify your key server on the command line for the above commands).
Signing keys is crucial for authentication (rather than simply encryption) purposes. See the WhySignEmail page.