I got as far as Really sign? And then it asked for my passphrase, but I'm not sure it really knows who I am. It has my rcn address, which is not the one I used to create the key. WTF??? What do I do if my passphrase fails? Why is my middle initial missing? Why is my key ID different from what it was when I created it, and how did I create it in 2003? when I do gpg --fingerprint, I get the key I didn't know about, the one I made this week, and one from somebody I don't know and who doesn't appear in my address book (Vincent Danen). When I do gpg --list-sigs, my new key is listed as revoked. Did I screw up on following the first set of directions? Greg Charles R. Anderson wrote:
To complete the PGP Keysigning process:
1. Sign All The Verified IDs On The Verified Keys
gpg --keyserver pgp.mit.edu --recv-keys <Key_ID> gpg --sign-key <Key_ID>
[ Verify the fingerprint against your sheet. You probably want to select (3) I have done very careful checking in this case, since we met in person and verified physical photo ID's. ]
2. Send The Signed Keys Back Up To The Designated Keyserver
gpg --keyserver pgp.mit.edu --send-key <Key_ID>
Finally, once everyone has signed everyone else's keys and sent them to the keyserver, you will want to download the signed versions once more from the keyserver. You can do this at any time without fear of overwritting keys--GnuPG will always merge the changes into your local keyring (--recv-keys) or the remote keyserver (--send-keys) as necessary.
3. Download the Signed Keys from The Designated Keyserver
gpg --keyserver pgp.mit.edu --recv-key <Key_ID>
It is a good idea to periodically re-download keys to receive new signatures, learn of revoked keys, etc. You can tell a signature was added by the output of --recv-keys. You can list key signatures with:
gpg --list-sigs [<Key_ID>]
where <Key_ID> is optional.
You may notice some keys signed by unknown user ids. If you receive those keys from the keyserver(s) you can build your Web Of Trust to include people you don't know. This gets into how much you trust people with whom you have verified keys directly to sign *other* people's keys properly/securely. More on this later....
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug