Changes between Version 3 and Version 4 of openpgp/software/gpg


Ignore:
Timestamp:
Aug 28, 2012, 12:52:46 PM (13 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • openpgp/software/gpg

    v3 v4  
    104104== Signing a key ==
    105105
    106 caff is a command line tool to help verify and sign keys.
     106There are at least two ways to sign a key.
     107
     108=== Simple Method ===
     109
     110{{{
     111gpg --edit-key jamie@mayfirst.org
     112}}}
     113
     114That will put you in the gpg edit mode.
     115
     116Next type:
     117
     118{{{
     119sign
     120}}}
     121
     122And follow the prompts.
     123
     124When you are done, type:
     125
     126{{{
     127quit
     128}}}
     129
     130Now you have a signature in your local key ring. At this point, you can choose to either:
     131 * Publish the key directly:
     132  * First, lookup the key id:
     133  {{{
     134        gpg --list-key ross@ross.mayfirst.org
     135  }}}
     136  * Next, send the key, referencing the key id:
     137  {{{
     138  gpg --send-key EEC168BA
     139  }}}
     140
     141This method has a draw back. If you are not certain that the owner of the key really does control the email address of the User ID that you just signed, you could be tricked into signing (and publishing publicly) and false key.
     142
     143The following method is safer:
     144
     145 * Email the signature (and entire key) to the recient
     146  * First, export the key to a text file:
     147  {{{
     148  gpg --export --armour ross@ross.mayfirst.org > ross.asc
     149  }}}
     150        * Next, send ross.asc as an attachment to the key owner.
     151
     152There is still a small risk with this method - since the recipient may get a validly signed key that they could accidentally publish.
     153
     154=== Secure Method ===
     155
     156caff is a command line tool to help verify and sign keys in a more secure manner. With caff, the each user id on the key is individually signed, encrypted to that key and emailed to the email address associated with the key id. This ensures that it will only be published if the owner of the email address is also the owner of the corresponding private key.
    107157
    108158You can access it by installing the `signing-party` debian package:
     
    112162}}}
    113163
    114 caff depends on a working mail transport agent, which you can setup by following our [wiki:email_setup_postfix_debian postfix faq].
     164caff depends on a working mail transport agent, which you can setup by following our [wiki:linux_simple_mail_relay esmtp faq].
    115165
    116166Then, lookup the keyid of the person whose key you would like to send, and type:
     
    119169caff <KEYID>
    120170}}}
     171
     172And follow all prompts. Near the end you will be left with a gpg prompt and no instruction. At this point, simply type: quit to save your signature and go to the next step.