Signing Keys before emailing
Anthony E. Greene
Tue Mar 26 16:57:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
On 26 Mar 2002, Brad Tilley wrote:
>Do you always have to sign a friend's key before using it to send them
>email? My gpg doesn't work unless I do this.
No, but GPG will tell you that the key is not guarunteed to belong to the
purported owner and ask if you still want to use it.
I use "gpg --lsign KeyID" to sign keys that I am confident belong to the
online identity that I am familiar with. That command creates a
non-exportable signature that basically means you trust the key enough to
tell GPG not to keep asking you about it, but not enough to publicly
endorse the key.
Anthony E. Greene <mailto:firstname.lastname@example.org>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <email@example.com>
-----END PGP SIGNATURE-----