About PGP Signing a File.
Tony Arnold
tony.arnold at manchester.ac.uk
Sun Feb 11 09:54:03 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
John Dangler wrote:
> You need to use gpg to generate a key pair, a secret key and the
> corresponding public key. gpg keeps these in a 'keyring' for you.
>> I can man gpg for this part...
Indeed. You can either do it on a command line, or you could use
Seahorse or GPA as a GUI to do it. (Under Gnome, there are probably
equivalents in KDE).
> You can then use evolution to sign outgoing messages. It's a while since
> I used Evo, but I think you can set it to do this automatically.
>> Yes, there is a place to put signatures in mail (it looks as though the
>> preferences can be set to email account specific.
Don't confuse PGP signing with the text signature that goes at the
bottom of you messages, i.e., the bit after the '--' line, usually.
In the 'Compose' window, there is a menu item 'Security' which has a PGP
Sign option. There is also a security tab when editing account details
for you to set up a default signing key etc.
Maybe this is what you meant!
> You also need to make your public key available as recipients will need
> this to verify your signature.
>> Public, as in, on a public web server somewhere?
Public keys are just text files, so they could go on a public WEB
server. Alternatively, you can register them with public key servers.
For example, my version of Seahorse talks to hkp://pgp.mit.edu:11371 and
ldap://keyserver.pgp.com but there are quite a few more.
Keyservers exchange there information, so you only need to publish to
one of them and they should eventually end up on all the others.
> An additional feature of PGP is that keys can be signed themselves.
> Typically you get someone who can confirm you are who you say you are to
> sign your key. Broadly speaking the more signatures a key has, the
> greater the chance of it being trustworthy.
>> Get someone to _sign_ your key? I'll need to read up on this...
If you check out my public key, then you will find its been signed by a
number of people. I've attached it for you.
Regards,
Tony.
- --
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFzue7IsyKE/d21hkRAksKAJ9ZOrT6AzR/HAPl5VkGfv+3KMOcnQCgi6am
okjpNyzU0wOnjh2PzwwIAkw=
=5wms
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgpkeys.asc
Type: application/pgp-keys
Size: 4844 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070211/04809138/attachment.key>
More information about the ubuntu-users
mailing list