[oclug] gpg keys

Francis J. A. Pinteric linuxdoctor at linux.ca
Wed Jun 18 14:53:34 EDT 2003 

On Wed, 18 Jun 2003 14:27:09 -0400
Subba Rao <subba9 at cablespeed.com> wrote:

> 
> I have a personal key but would like that to be signed.  Who do I ask
> to sign it for me?  What if the key lost or had to be regenerated, do
> I go and ask the same people to sign my key?
> 

There are a number of options there.  First, read the "GNU Privacy
Handbook" found here http://www.gnupg.org/gph/en/manual.html for some
ideas.

You of course should protect your key by having several copies of it in
different places.  Put it onto a several floppies or CDROM and put them
in a save place.  Also be sure to generate a revocation certificate in
case the unthinkable happens and you actually loose your private keys or
your password has been discovered.

As for signing your keys, well that's something you'll have to go
through yourself.  That's where the web of trust is so important. 
Technically, getting your keys signed is not as important as you
signing other people's keys. You want to be able to trust information
coming to you, because you already know that the information you send
out is from you. The same works in reverse. If a person wants to be
certain of information coming from you, then that person would sign your
key.

That's the reason why you sign keys.  It isn't about you getting as many
signatures as possible on your key, although some people actually do
that, but so that you can be sure of the information being sent to you
by them.  It even works for information being sent to you by a perfect
stranger.  If his key has been signed by someone you know (and trust to
be responsible about signing keys) then you can be certain that the
stuff being sent to you is really from who the person claims to be.

That's what key signing is really all about.


>>>--fja->

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20030618/e22f2d8c/attachment.bin

More information about the OCLUG mailing list