[kwlug disc.] gpg / pgp key signing

Chris Frey cdfrey at foursquare.net
Sat Dec 2 19:35:34 EST 2006 

On Fri, Dec 01, 2006 at 09:21:25PM -0500, Chris Frey wrote:
> Google gives me this though:
> 
> http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html

Well, I took the plunge and finally got this working for myself.
The main roadblock for me is that I need to be able to sign things
remotely, yet keep my secret key on only one machine.

I solved this with netcat, ssh, and some shell scripting.  If anyone is
interested, I can post the scripts.

One thing I found confusing along the way was that the default key
generation process gives you a DSA key and an ElGamal key.  The DSA
key can only sign things, not encrypt them; while the ElGamal key is
for signing and encryption.  The ElGamal key is also a "subkey" of the
DSA key.

cdfrey at cube ~ $ gpg --list-keys
pub   1024D/DC6371D5 2006-12-02 [expires: 2011-12-01]
uid                  Chris Frey (cube) <cdfrey at foursquare.net>
sub   4096g/C2855553 2006-12-02 [expires: 2011-12-01]


If I want to reference this key from the command line, most of the time
I can just use my email address, like:

cdfrey at cube ~ $ gpg --fingerprint cdfrey at foursquare.net 
pub   1024D/DC6371D5 2006-12-02 [expires: 2011-12-01]
      Key fingerprint = 7D71 47F2 3F61 B0E1 5F3C  68A4 819A 39D8 DC63 71D5
uid                  Chris Frey (cube) <cdfrey at foursquare.net>
sub   4096g/C2855553 2006-12-02 [expires: 2011-12-01]


But when I went to upload my key to the keyserver, it demanded a
numeric key ID, and I wasn't sure which one to use.  Turns out that if
you are talking to a keyserver, referencing the DSA key ID takes
all the subkeys too:

cdfrey at cube ~ $ gpg --keyserver pgp.mit.edu --send-key DC6371D5


Importing it on another machine:

	gpg --keyserver pgp.mit.edu --recv-key DC6371D5

... gave me both public keys in my keyring on the other machine.

Anyway, looks like you'll have to put up with signed emails now on
the KWLUG list. :-)

- Chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://listserv.ccjclearline.com/pipermail/kwlug-disc/attachments/20061202/203d239e/attachment.bin

More information about the KWLUG-Disc mailing list