gnuPGP Setup

Faramir faramir.cl at gmail.com
Fri Aug 20 22:42:25 CEST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El 19-08-2010 17:26, BernePGP escribió:
...
> In other words when the recipient got my email with my public key encrypted
> in a wordfile , what does he then do?  Does he copy and paste my public key
> somewhere in his gnupgp programe?

  Well, there are graphical interphases to use GnuPG easily. Since you
said you pasted your key into a word file, I assume (maybe a risky
asumption) you are using Windows. My favorite GUI is GPGShell, but it is
not open source, so you can either trust or distrust it. GPG4win package
includes other GUIs, and these are Open Source, so it is up to you what
you would like to use, if any.

  With GPGShell, I just double-click the public key file, and it is
imported to my keyring.

> Next:
> 
> In what form should I expect to recieve the senders public key?  Will it
> arrive already encrypted in a word file and if so what do I do with that enc
> public key in regard to my gnuPGP programe?

  Well, I guess the most common format is an ascii enarmored file
(file.asc), which can be opened into notepad, or imported directly to
GnuPG (using either the command line or a GUI). As Simon Richter said,
you should check the key fingerprint with the key owner, to make sure
you have the right key, and that should be done using a "secure
channel", like a phone call (assuming you know the voice of the key
owner and can detect if someone else is trying to impersonate him/her).
Another option is to upload your key to a public keyserver, and then
anybody can search by email address or name or keyID, and download your
key. Of course, that way is even easier to upload a bogus key, so you
should check you are downloading the right key.

  By the way, once you have uploaded your key to a keyserver, there is
no way to remove it from the keyserver. Most people don't care too much
about that, but a few persons don't like their keys to be uploaded to
keyservers, so you should ask permision from the key owner before
uploading his/her key to anywhere. So, usually, the recomendation is, if
you sign a key, send it back to the owner, and let him/her to chose to
upload or not upload it.

> Again a newbie , a few words to clear the matter please.  I did read the
> novice helpfile but you can see the whole process is not fully understood.

  Don't worry, these things take time to be fully digested.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMbuixAAoJEMV4f6PvczxAqOcIAJuqKRXGRPnwnVCUR9+e7AT2
eLgjy4gWZhVvba0Jb1eVoQTD6fzi17QjJZjQJEbOLoYM9y+mtTDkryboOIDlJ799
B9XocdqFwCDRJy9YCy4ZYGnbYVDG2koMsSLYaat3NucTqtMORg6RROudA6MBOIRG
o02nHFHJ20hRxFtHXoDAMrF/7ZrEgQ6Bz6SY98DBEa4wH9Gvvy3SuUWmV/yeMrhR
o3B6IVmU2is6GvXA0VyF+agJ9oeWLdqyBkC9mMye2oKPahHGpoAi1T6m6Fu5g8nd
DCnAEeXm1OkLpQl6YkZyUozK9eOjpM4NigjXPIuOgFi6nrwh3eYLnSorLMLSoco=
=2zBQ
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list