How to get your first key signed

Faramir faramir.cl at gmail.com
Sat Oct 3 00:55:28 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 30-09-2015 a las 14:17, David Niklas escribió:
> Hello,

  Hello,

> Now, I'm a student (think penny less), and live in a rural area 
> 100mi from the nearest LUG and people out here are _very_ computer 
> illiterate

  Well, I live in the capital city of my country, I studied IT related
stuff, and yet... most signatures on my key are not from people I've
met in person. You'll see, most people I've met in person don't know
what an OpenPGP key is, and the few that know, can't care less about them.

...
> They just don't believe in security around here (Oh, that would 
> never happen to me! There are laws against that! You are a
> security freak.)

  I know that feeling.

> I want to develop FOSS and feel obligated to get a key to protect 
> uses of the software I'm modifying from MITM attacks.

  Well, you don't really need your key signed for that... at least,
not the key with your name on it. You can make a key using the name
"mysoftwarename distribution key", and use it to sign the files. Once
people start using the software, they may sign the key. They don't
know who is behind the key, but they will know it is the same key that
has been using since day 1.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJWDwtfAAoJEMV4f6PvczxAQNwH/3KJh71XeuE9up7WJ8xldYAR
7lwR7PcpGxDfUTavDc+BFaAnAYEt2l2Iqt7zgMsSApzKBKCBimOKvgpEIzn13FS5
FABoGrnTmoUZEptX1bB5yqzZloB6p625HntCzJXQhDC7wm67m9H/RvAtNtcaT5xk
WxQRyY/rKLLTFppTNbJ8V4lO2M1W7tsHLpFyuQL48Jy/1enMCRne1IWfrUEOdJIx
AzAnMPcIENmIec2fq9uK33H+YvJLxKU1WHcxkKDK825aTT69ZAtCrBjPpv+rFLob
TzI7D+mfGq7rTba68wZkshFgQdAzbFK2FJJhI4riHLe0txifno3fvEKjDrlyvL4=
=88BB
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list