some beginner questions

Francesco Ariis fa-ml at
Sat Apr 1 18:22:46 CEST 2017

Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge):

On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote:
> 1. It seems that the keyservers never forget. In creating keypairs while
> trying to figure this out every few years and then forgetting the
> passwords or losing the private keys and revocation certificates (which
> at the time, I didn't understand the ramifications of and was definitely
> not careful enough), it seems like I've left a bit of litter out there.
> Do I just move on and try not to do that in the future, or is there any
> hope for cleaning up?

You got it correctly, they indeed "never forget". Littering is something
which many folks do from time to time (I think Phil Zimmermann himself,
the creator of PGP, has an unrevoked/unrecoverable key in the servers).
Just carry on and you will be fine!

> 2. In everyday use, what is the norm for folks to publish their keys to
> get other folks to use them? Do y'all put the fingerprint in your
> emails, attach your signatures (I see some of you on this list do), put
> the key on your social media, or what?

There are a handful of options: fingerprint in the sig, mail headers
(like `X-PGP-Key:`), advertising on social media or on your personal
I chose the latter, but fingerprints/key IDs are so short they fit
in a Twitter bio, so I'd say all are valid choices.
If you advertise it to the "general public", maybe you want to link
to a tutorial too, so people who have never used PGP can quickly learn
how to send messages to you (that's what I did [1]).

> 4. Is it safe to refer to my public key/fingerprint information as I did
> in the previous question with output from gpg?



More information about the Gnupg-users mailing list