Sign key and export for each UID
Doug Barton
dougb at dougbarton.us
Mon Sep 16 22:33:41 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 09/16/2013 12:45 PM, MFPA wrote:
| Hi
|
|
| On Monday 16 September 2013 at 7:57:04 PM, in
| <mid:52375480.7020606 at dougbarton.us>, Doug Barton wrote:
|
|> I send encrypted e-mail to each uid with a pseudo-random string
|> and ask the person to send me back the string in a signed
|> message. That allows me to determine if the person has control of
|> all 3 elements of the uid; the e-mail address, private, and
|> public keys.
|
| I thought that as soon as a public key is published or shared, the
| person who created it no longer has control.
That's one way to look at it. :) However you may be surprised at the
number of people who participate in key signing parties that haven't
the foggiest clue how PGP works. If I encrypt a message to their
public key and they cannot read it, and/or they cannot sign a
response, IMO they are not "in control" of their key; whether it is
published or not. Feel free to substitute other terminology if you
wish, hopefully the concept is clear.
Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAEBCAAGBQJSN2slAAoJEFzGhvEaGryEPUEH/0+Bowo2Oqp9QcylketWRQI6
ty0xyCcxdII3xLSub5A3zCNlSbKeUZCyRQKNJRtu4Oz4zbsg+V5PdrEpKqfNT9ek
cTSLXP5ez7QzBZ6lbghLeSwGjoXF8mt8EjDo2yj2HRZWN/1ocbL7SAC41EtCBTC8
n04T1Xv+jcaWusHL5PisalJASS7Bk3AAgqBlNPOmJbQo1jOrUOekZ3mRivwyKTD3
Om+lgQI+xrEUqI+4HYfUtrS+E5e2HdEe9x0ZcshvB/MhAPcd18pZ16OtnVXU70uJ
bAP7AW23NQNffLqrSyTenuGuXt8MxporY+asCVptk1857J1JiVRCX89X0ZekQlY=
=6etn
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list