I got as far as 'Really sign?' and then it didn't like my passphrase. I did gpg --fingerprint It seems that I already have a key that I allegedly made in December 2003. I don't remember doing this, and I don't understand how I could have done it without going through the procedure that we all just used this week. When I do gpg --list-sigs, my new key is listed as revoked. Did I screw up on following the first set of directions? I tried putting the new key ID in the default key line of my options file, and when I try to sign someone's key, I get the message gpg: no default secret key: unusable secret key Any suggestions on what to do? Thanks Greg Avedissian Charles R. Anderson wrote:
To complete the PGP Keysigning process:
1. Sign All The Verified IDs On The Verified Keys
gpg --keyserver pgp.mit.edu --recv-keys <Key_ID> gpg --sign-key <Key_ID>
[ Verify the fingerprint against your sheet. You probably want to select (3) I have done very careful checking in this case, since we met in person and verified physical photo ID's. ]
2. Send The Signed Keys Back Up To The Designated Keyserver
gpg --keyserver pgp.mit.edu --send-key <Key_ID>
Finally, once everyone has signed everyone else's keys and sent them to the keyserver, you will want to download the signed versions once more from the keyserver. You can do this at any time without fear of overwritting keys--GnuPG will always merge the changes into your local keyring (--recv-keys) or the remote keyserver (--send-keys) as necessary.
3. Download the Signed Keys from The Designated Keyserver
gpg --keyserver pgp.mit.edu --recv-key <Key_ID>
It is a good idea to periodically re-download keys to receive new signatures, learn of revoked keys, etc. You can tell a signature was added by the output of --recv-keys. You can list key signatures with:
gpg --list-sigs [<Key_ID>]
where <Key_ID> is optional.
You may notice some keys signed by unknown user ids. If you receive those keys from the keyserver(s) you can build your Web Of Trust to include people you don't know. This gets into how much you trust people with whom you have verified keys directly to sign *other* people's keys properly/securely. More on this later....
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug