GPG Key Signing Documentation

Revision as of 19:39, 18 August 2010 by 203.197.87.94 (talk) (Created page with " Note: Substitute suitable values in between angular brackets ('<>') 1) Create a gpg key pair. gpg --gen-key...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Note: Substitute suitable values in between angular brackets ('<>')

1) Create a gpg key pair.

  gpg --gen-key

Select default values. Keep your private key safe. Don't use it on a shared system. 2) Upload your public key.

2a)  gpg --send-key 0x<last 8 digits of your key finger print>

OR

2b) gpg --armor --output pubkey.txt --export <Your Name.asc>
  upload the content in the file pubkey.txt on this website : keys.gnupg.net
  and add your 8 digit finger print(eg : 0x23455778) on that website.

3) Take printout of your key fingerprint.

  gpg --fingerprint 0x<last 8 digits of your key finger print>

Take multiple copies of the output (you have to give one copy each to every participant) 4) Physical verification

5a) Ask for a trusted identity card (normally a government issued id card like 

passport, driver's license or election id card)

5b) Verify name on the fingerprint matches exactly with id provided.
5c) Verify if the person is same as printed on the id card

5) Download other person's public key

  gpg --recv-key 0x<last 8 digits of other person's key finger print>

6) Sign other person's public key gpg --edit-key 0x<last 8 digits of other person's key finger print>

> sign
  	sign all the users
> trust

Normally trust fully (option 4)

> save

7) Export other person's public key gpg --output <other person's name.key.asc> --export --armor 0x<last 8 digits of other person's key finger print> 8) Sign and encrypt other person's public key gpg -se -r <other person's email> <other person's name.key.asc> 9) send the .gpg file to other person as an attachment. You can use any email program or web interface to send this. Alternatively, if your email program already supports it (eg kmail, thunderbird with enigmail add-on) you can just attach the public key and select encrypt and sign option from menu before sending mail.