Signing Keys before emailing
Anthony E. Greene
agreene@pobox.com
Tue Mar 26 16:57:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26 Mar 2002, Brad Tilley wrote:
>Do you always have to sign a friend's key before using it to send them
>email? My gpg doesn't work unless I do this.
No, but GPG will tell you that the key is not guarunteed to belong to the
purported owner and ask if you still want to use it.
I use "gpg --lsign KeyID" to sign keys that I am confident belong to the
online identity that I am familiar with. That command creates a
non-exportable signature that basically means you trust the key enough to
tell GPG not to keep asking you about it, but not enough to publicly
endorse the key.
Tony
- --
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>
iD8DBQE8oJnMpCpg3WyUI50RAhBdAJ46wOriNOkxn93RO7aFFjTMTNAkDgCgl2rl
s/BxKOqQFI88+BUAnogHWnQ=
=DbUC
-----END PGP SIGNATURE-----