formatting of gpg blocks

0 ypLxswPm8C24VUMt at lavabit.com
Sun Jun 19 10:20:10 CEST 2011


> This is needed to make sure OpenPGP (i.e. gnupg) doesn't misinterpret stuff inside the block. Imagine enclosing some signed data inside a
> signed block. How does gnupg tell apart the "END" lines from the
> inner/outer blocks? 

Is this design better than one allowing the last END line to be the
closing one?
I see that nested blocks are possible, but is this format documented
somewhere?
I suppose I keep wondering where the format is described because when I
first came across this, I spent a lot of time trying to import the
public key embedded in a clear-signed message. I didn't realize that I
needed to decrypt it until you mentioned it. And now I'm trying to learn
how not to make that mistake again in general.

> Be careful to distinguish between data signatures (signing a message)
> and certifications (signing a key). Are you trying to wrap a data
> signature around the key? Unless you have a special use-case, that
> probably doesn't make sense. Instead try to use a certification.

I see. I read that it is a good practice to sign one's public key before
giving it to other people. I thought they meant signing the key as a
message. Now that you clarified this, I went to seahorse, Names and
Signatures, sign key. It gives me a choice to let others see this
signature. Should I allow that? I would also appreciate it, if you could
explain how key certification is useful.





More information about the Gnupg-users mailing list