[Nottingham] signing a key

david at gbenet.com david at gbenet.com
Sun May 13 07:18:12 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----

Hi All,

To the question "I attended a key party - so how do I set the trust and sign the keys?

(1) You can Google a key-sever! All key servers have the function of being able to search
for keys. You have to 0x - (that's a numerical zero) in front of the key ID that you were
given - an example: Key ID supplied DF951131 0xDF951121. When you  click on the entry the
public key of the person will be displayed. All you need do is select and copy the txt to
your clipboard.

(2) You can use any programme Kgpg GPA Kleopatra OpenPGP - open an editor and paste the new
keys details into it. Then look for an import public key - from the clipboard - and it
should say one key successfully imported.

(3) Then all you need do is highlight the new key. A right mouse click always  brings
options to set the trust of the key - to sign the key. So set the trust and sign the key.

What next?

(1) You need to highlight the key you have just set the trust on and signed then choose to
Export - to file - give the file a name user.asc i.e. david.asc or fred.asc - this saves the
file to your hard disk - remember where you saved the file!

(2) Then you start your mail client and choose to e-mail to the named recipient that gave
you their public key. Say "Hi Fred or David I have enclosed your newly signed key!

(3) Now you are faced with two options - making an attachment or selecting the key and
pasting it in the e-mail -

Note: I suggest pasting it in the e-mail because when you sign and then encrypt your message
- - you are encrypting with the recipients key then when you send your e-mail only the
recipient has the private key and passphrase to decrypt the e-mail.

When you paste their key into your email make sure you are sending plain txt messages. Then
you sign and encrypt to that persons key - then click send - enter your passphrase that's it.

Key-servers are very unreliable about distributing your public key. I suggest that you
upload your key to at least 6 key-servers.

What to do when someone says "I put your key ID in a dozen key servers and I could not find
your key!"

You have a number of options:

(1) Upload your public key to at least 6 key-servers.

(2) If like me you are using Thunderbird If you highlight the account name - then choose
settings then you will see that Openpgp has some options - click on it - one of those
options it to attach your public key with every e-mail that you send out. If you have just
started to use a mailing list - like this one - I suggest you attach your public key for a
week or two - which gives everyone on the list the opportunity to import your public key.

You can even in the options of Openpgp set it to send your key ID - this you want to leave
on forever. You can even set the URL to retrieve your public key - all this information is
put into your outgoing e-mails.

Now gnupgp/2 sets a time to refresh your keys - and does it without telling you. But in GPA
KGPG OpenPGP you can select all your keys and refresh them. I  have about 200 public keys I
refresh once or twice a week. This ensures that as people get their keys signed and then
upload to a key server I always have their fresh public keys.

Also, it's a good practice when your key has been signed to attach it to all out-going
e-mails. Whenever I get an e-mail with a public key attached - I always import it. Often
with no change - but sometimes their key has been newly signed.

Some Notes:

(1) It is always good practice to digitally sign ALL out-going e-mails. Why? When you
digitally sign your e-mails - each signature is different - it depends on the content of
each e-mail. So if your e-mail is intercepted - and words added to it - the checksum will
fail. OpenPGP will warn recipients of the failure of the checksum. I sign all e-mails by
default - even to people that do not use pretty good privacy (pgp).

Within OpenPGP and Thunderbird you have the opportunity to edit recipient rules. You can set
to sign and encrypt "by rules and e-mail addresses. It gives you an opportunity to edit i.e.
add a rule.

To add a rule is simple - click on add then select the e-mail address - always sign always
encrypt and then save. Every time you write an e-mail to that recipient you will always sign
and encrypt to them.

Your public key - by definition is public. There is no valid reason to keep your public key
to yourself. If you digitally sign your e-mails no one can confirm your signature. So
signing when not making your public key available is a waste of time. When this happens
people think "how selfish."

The whole idea behind public key cryptography is the set of keys. One set you keep private
and the other you make public. By signing keys and then the recipient uploads their key it
builds the web of trust. Also philosophically and politically you are making a public
statement to wit: "I support the principles of public key cryptography." Thus making Richard
Stallman proud of you!!

David


- -- 
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBT69gJeJpqm7flRExAQEG+QgAp7u+ZJEGLcRaiZrvuOTjjaUFyM31Us71
zIwD4vQi+4M28zzCxKT4HT3ITFNzaViRDNjQ66zq2Zl+cpQ6WuV6/USiJcX+pMn5
k0NvddlcOImjxUhctU1B/Tmgv3DwseQFtBf+ECA5MEsRLvjev5h3aq23G/tgsYZy
mct8TqTZ1yg1yyF3KsuM3nV+0KooAB2RbFcZPwDxQMch1iaE/SMXt47yvS3wuB3t
Wzas98RsxeEwuL/j16MuyUGN4cmrRsyo5jpY4AWNUhh8mVbK//db7S6q3HN6/E3o
WbcRudp+c49rfcyIoTmMy/UN2PpKHoJSOLOwe9r/STXrRXMzpu1MQw==
=aqvh
-----END PGP SIGNATURE-----

More information about the Nottingham mailing list