signing documents and others

[Lawrence Chin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

After being too busy, I'm back with questions and questions....

I'm using openoffice.org writer. I don't know how many of you are
familiar with it. My first question is:

(1) I notice that openoffice writer allows you to digitally sign the
document created. But I already noticed that I can sign and encrypt any
document I have created with GPGEE's context menu. Are the two really
the same thing?

(2) In the "help" file of openoffice.org, it says:

"When you receive a signed document, and the software reports that the
signature is valid, this does not mean that you can be absolutely sure
that the document is the same [as] that [which] the sender has sent.
Signing documents with software certificates is not a perfectly secure
method. Numerous ways are possible to circumvent the security features.
Example: Think about someone [who] wants to camouflage his identity to
be a sender from your bank. He can easily get a certificate using a
false name, then send you any signed e-mail pretending he is working for
your bank. You will get that e-mail, and the e-mail or the document
within has the "valid signed" icon. Do not trust the icon. Inspect and
verify the certificates. On Windows operating systems, the Windows
features of validating a signature are used. On Solaris and Linux
systems, files that are supplied by Thunderbird, Mozilla or Firefox are
used. You must ensure that the files that are in use within your system
are really the original files that were supplied by the original
developers. For malevolent intruders, there are numerous ways to replace
original files with other files that they supply."

I have very little idea even til now as to what exactly certificate
does. I suppose I get a certificate with CaCert to validate my identity
and then get them to sign my keys? But what's the "Windows system of
validating a signature"? (I use Vista and IE) On the "Certificates"
windows in the "internet options" in my IE 7 browser, I saw that there
are a lot of certificates of big companies listed in "trusted root
certificate authorities" and "intermediate certification authorities",
but none in "other people" and "personal". I suppose if I can get a
x.509 through CaCert, then I would put that x.509 in "personal"? Is that
right?

I got more questions.

(3) To tell you guys the truth, I don't even know where my private keys
and my key ring are stored in my computer. Do you guys know the possible
file names and path?

(4) And -- I know this question must have been asked 100 times already
here, but I want to ask instead of spending the next 3 hours doing
research -- how exactly to save my private keys onto like a USB drive or
a CD?

(5) How to add an additional UID to my kurt c key on the keyserver? I
want to add my real name to it.

Thanks for helping out an idiot here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjdk5kACgkQE7PX/Y51jV+GfACglo3jzH2onwjUUf3nQgg5LvgW
yqYAn2cC3vz9sW+cWxAqX8BiJ+ekuRT1
=Dj7I
-----END PGP SIGNATURE-----