[TriLUG] GPG: And now what?

Nathan Conrad conrad at cs.unc.edu
Thu Jan 10 22:24:45 EST 2002 

Tanner, other security experts,

Now that we have verified your identity, what do we do?

As far as I can tell, we have two options at this point:

* Sign Tanner's key, and upload it to a key-server for him
* Sign Tanner's key, and send the signed key to him

And the same is for what he is going to do with our keys. Do we let
him upload our keys?

Here is how to sign a key, as far as I can tell (please comment on
it, I may be missing something crucial):

<Obtain the public key>

conrad at max:(528)~$ gpg --keyserver certserver.pgp.com --recv-key DE7639D4
gpg: requesting key DE7639D4 from certserver.pgp.com ...
gpg: key DE7639D4: public key imported
gpg: Total number processed: 1
gpg:               imported: 1


<Verify the key as being correct, from his printout>

conrad at max:(529)~$ gpg --fingerprint DE7639D4
pub  1024D/DE7639D4 2001-09-25 Wayfarer RPMS <rpms at wayfarer.org>
     Key fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
uid                            Tanner Lovelace <lovelace at wayfarer.org>
sub  1024g/3418E274 2001-09-25 [expires: 2003-03-19]

<Sign the key>

conrad at max:(532)~$ gpg --sign-key DE7639D4

pub  1024D/DE7639D4  created: 2001-09-25 expires: 2003-03-19 trust: f/q
sub  1024g/3418E274  created: 2001-09-25 expires: 2003-03-19
(1)  Tanner Lovelace <lovelace at wayfarer.org>
(2). Wayfarer RPMS <rpms at wayfarer.org>

Really sign all user IDs? yes
                             
pub  1024D/DE7639D4  created: 2001-09-25 expires: 2003-03-19 trust: f/q
             Fingerprint: A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4

     Tanner Lovelace <lovelace at wayfarer.org>
     Wayfarer RPMS <rpms at wayfarer.org>

Are you really sure that you want to sign this key
with your key: "Nathan Conrad <conrad at cs.unc.edu>"

Really sign? yes
                
You need a passphrase to unlock the secret key for
user: "Nathan Conrad <conrad at cs.unc.edu>"
1024-bit DSA key, ID 91703112, created 2002-01-07

Password: <#)($*%&)(#*$%&#)(*$%&)#$&%>

<??? Do we need to set the level of trust of Tanner to 3???>

<Follow either option 1 or 2 depending on Tanner's preference>

<Option #1: upload>

conrad at max:(533)~$ gpg --keyserver certserver.pgp.com --send-key DE7639D4
gpg: success sending to `certserver.pgp.com' (status=200)

<Option #2: export & email>

conrad at max:(535)~$ gpg -a --export DE7639D4 > tanner.pub.asc

<attach tanner.pub.asc to email message addressed to Tanner>

-Nathan Conrad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020110/438a9bf3/attachment.pgp>

More information about the TriLUG mailing list