Signatures and pub-key qustions...
Sun May 12 00:15:02 2002
=2D----BEGIN PGP SIGNED MESSAGE-----
On Saturday 11 May 2002 18:40, Marian Stepka wrote:
> submit that key to public key server. I lost key pairs for that
> address. Of coarse I can download back public key, but secret one is
> does not exist any more. Is there way to remove obsolete public key
> from servers or will it stay there forever?
Nope. Lost is lost.
> Another quesion will be similar to previous one. I created key pair
> and one extra UID for that key pair and submitted public key to
> servers. Afterwards I removed UID and exports key again, but UID stay
> on servers. Is there way to submit key again without extra UID?
You can revoke the self-signature of the UID you want to "delete". Like=20
with whole keys, there's almost nothing that you can delete on=20
keyservers. You can only add. In this case, you'd add the OpenPGP=20
equivalent of a "don't use this UID anymore" sticky paper to your key.
> My last question is about signing. I don't sign keys of persons which
> I personally don't know.
You shouldn't even sign keys of persons that haven't given their key's=20
fingerprint to you personally. ;-)
> But if my public key is signed with someone
> do I need import it to my keyring again and then submit it to public
> servers so others can read signature?
Depends. If you went to a keysigning event, you most likely exchanged=20
sheets of paper with key fingerprints on them. The other person will=20
download your key from a keyserver, sign the key, and either
1. upload it to one or more keyservers again.
(in this case, you'd just need a gpg --recv-keys <your-key-id>)
2. send it to you in private mail.
(in this case, you'd import the key into your keyring to add the new=20
sigs, then upload to a keyserver so everyone else sees them).
Marc Mutz <email@example.com>
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
=2D----END PGP SIGNATURE-----