[Nottingham] signing a key

Martin martin at ml1.co.uk
Fri May 18 21:11:37 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13/05/12 08:17, david at gbenet.com wrote:
> Hi All,
> 
> To the question "I attended a key party - so how do I set the trust
> and sign the keys?
[---]

Good comments there, thanks.


Brief further details:

After a key-signing party, the crucial bits you need to add are:

For the intended victim's key, you need to add the trust level "I
trust fully", and then sign the victim's key with /your/ key saying
that you have checked all their details carefully (eg from seeing
their photo-id paper documents).

Those actions can be done via Enigmail on Thunderbird with the OpenPGP
menu options "Set Owner Trust" and "Sign Key". Firstly, check the
victim's key details against the bits of paper you have from him/her
by selecting the menu option "Key Properties".

Those menu options are available from the OpenPGP 'Details' on an
email that has been signed by the victim, or by going into the OpenPGP
Key Management and selecting their key that way. You need to import
their key if you do not already have it.

Note that the "ultimate" level of trust is only for you for your own keys!

See:

Practical OpenPGP using GnuPG
http://www.allgoodbits.org/articles/view/11

and:

OpenPGP Trust Models
http://web.monkeysphere.info/doc/trust-models/


Finally, email their signed trusted key to the email address shown in
their key details, with the email encrypted with their key and signed
by your key again. That should avoid the danger of being duped by a
same-name imposter! (I wonder how many John Smiths there really are!)


Hope that helps,

Cheers,
Martin


- -- 
- - ------------------ - ----------------------------------------
- -    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- - martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- - ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+2uvsACgkQ+sI3Ds7h07ePTQCfa8JYF5cudO5D1C0tVAG8M4kX
nvwAnj1fkLai4de2mcjLiIPbvRIFO5Q/
=Qhbs
-----END PGP SIGNATURE-----



More information about the Nottingham mailing list