Trusted Signatures on your Public key?
Thu Jul 19 14:04:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 19 July 2001 11:58, Peter Lavender wrote:
> * Marc Mutz (Marc.Mutz@uni-bielefeld.de) wrote:
> > Basically, yes. You go to key-signing parties of your local
> > <insert-os-here>-User-Group or bug people on expos. Or you search
> > for people you may get your hands on using the keyserevers.
> I have the FAQ here, but I gather how to do this, ie how to get
> signatures on your public key is discussed in the docs?
> That's what I was curious about, just how do you do this, take your
> key on a floppy, and then get people to sign it.. then come home and
> import it?
print the output of
gpg --fingerprint --list-keys <my-key-id>
several times (_many_ times if you want to go to somting as big as
LinuxTag - calculate in the 50-or-more regime) and sign it (by hand,
i.e. with a pen as you would sign a contract). The others will do the
same and on the event, you just exchange these papers.
After a look at the other one's passport or driving license (or
whatever -see different thread), you sign _his_ paper and take it home
with you. There, you compare the fingerprints on the paper with the one
shown by GnuPG from the downloaded pubkey and if they match, you sign
the peer's key and send it to him.
You may additionally send an encrypted "ping" message to all UIDs on
the peer's key before signing just to make sure that the peer is in
fact in control of all UIDs and has the secret key.
Marc Mutz <Marc@Mutz.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----