[Wylug-help] Using GPG
simon
simon at mungewell.org
Sun Jan 15 06:04:42 GMT 2006
On Sun, Jan 15, 2006 at 12:32:54AM +0000, Roger Leigh wrote:
> Run
> gpg --export --armor <key-id>
> and attach this to the email. The recipient can then run gpg --import
> to import the key into their keyring.
Hi,
As no one else has mentioned finger-prints I thought I ought to....
When you are using gpg you want to ensure that the public key is really
from the person that you think it is. The reason that you want to do
this is to prevent 'man in the middle' attacks.
The way to do this is get the finger-print of the key, ie.
gpg --fingerprint user at domain
this will give you something like
Key fingerprint = 90B2 0989 447C 4AB9 1DB5 E90C C0A9 9F2D 575E 8783
You have two choices now; if the key is signed by some you trust (and
who you have validated) then you can know it is real, if not you will
have to validate yourself by personally contacting the person by
phone or in person to confirm that this is really the fingerprint of
their key.
Yours,
Simon.
More information about the Wylug-help
mailing list