/usr/share/doc/gnupg-doc/GNU_Privacy

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Exchanging keys</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The GNU Privacy Handbook"
HREF="book1.htm"><LINK
REL="UP"
TITLE="Getting Started"
HREF="c15.htm"><LINK
REL="PREVIOUS"
TITLE="Getting Started"
HREF="c15.htm"><LINK
REL="NEXT"
TITLE="Encrypting and decrypting documents"
HREF="x111.htm"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The GNU Privacy Handbook</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="c15.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 1. Getting Started</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x111.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN57"
>Exchanging keys</A
></H1
><P
>To communicate with others you must exchange public keys.
To list the keys on your public keyring use the command-line 
option <CODE
CLASS="OPTION"
>--list-keys</CODE
>.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --list-keys</KBD
>
/users/alice/.gnupg/pubring.gpg
---------------------------------------
pub  1024D/BB7576AC 1999-06-04 Alice (Judge) &lt;alice@cyb.org&#62;
sub  1024g/78E9A8FA 1999-06-04</PRE
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN65"
>Exporting a public key</A
></H2
><P
>To send your public key to a correspondent you must first export it.
The command-line option <CODE
CLASS="OPTION"
>--export</CODE
>
is used to do this.
It takes an additional argument identifying the public key to export.
As with the <CODE
CLASS="OPTION"
>--gen-revoke</CODE
> option, either the key ID or any part of
the user ID may be used to identify the key to export.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --output alice.gpg --export alice@cyb.org</KBD
></PRE
><P
>The key is exported in a binary format, but this can be inconvenient
when the key is to be sent though email or published on a web page.
GnuPG therefore supports a command-line option 
<CODE
CLASS="OPTION"
>--armor</CODE
><A
NAME="AEN77"
HREF="#FTN.AEN77"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
>
that 
causes output to be generated in an ASCII-armored format similar to
uuencoded documents.
In general, any output from GnuPG, e.g., keys, encrypted documents, and
signatures, can be ASCII-armored by adding the <CODE
CLASS="OPTION"
>--armor</CODE
> option.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --armor --export alice@cyb.org</KBD
>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: For info see http://www.gnupg.org

[...]
-----END PGP PUBLIC KEY BLOCK-----</PRE
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN84"
>Importing a public key</A
></H2
><P
>A public key may be added to your public keyring with the
<CODE
CLASS="OPTION"
>--import</CODE
> option.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --import blake.gpg</KBD
>
gpg: key 9E98BC16: public key imported
gpg: Total number processed: 1
gpg:               imported: 1
<TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --list-keys</KBD
>
/users/alice/.gnupg/pubring.gpg
---------------------------------------
pub  1024D/BB7576AC 1999-06-04 Alice (Judge) &lt;alice@cyb.org&#62;
sub  1024g/78E9A8FA 1999-06-04

pub  1024D/9E98BC16 1999-06-04 Blake (Executioner) &lt;blake@cyb.org&#62;
sub  1024g/5C8CBD41 1999-06-04</PRE
><P
>Once a key is imported it should be validated.
GnuPG uses a powerful and flexible trust model that does not require
you to personally validate each key you import.
Some keys may need to be personally validated, however.
A key is validated by verifying the key's fingerprint and then signing
the key to certify it as a valid key.
A key's fingerprint can be quickly viewed with the
<CODE
CLASS="OPTION"
>--fingerprint</CODE
>
command-line option, but in order to certify the key you must edit it.

<PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --edit-key blake@cyb.org</KBD
>

pub  1024D/9E98BC16  created: 1999-06-04 expires: never      trust: -/q
sub  1024g/5C8CBD41  created: 1999-06-04 expires: never     
(1)  Blake (Executioner) &lt;blake@cyb.org&#62;

<TT
CLASS="PROMPT"
>Command&#62;</TT
> <KBD
CLASS="USERINPUT"
>fpr</KBD
>
pub  1024D/9E98BC16 1999-06-04 Blake (Executioner) &lt;blake@cyb.org&#62;
             Fingerprint: 268F 448F CCD7 AF34 183E  52D8 9BDE 1A08 9E98 BC16</PRE
>

A key's fingerprint is verified with the key's owner.
This may be done in person or over the phone or through any other means
as long as you can guarantee that you are communicating with the key's
true owner.
If the fingerprint you get is the same as the fingerprint the key's
owner gets, then you can be sure that you have a correct copy of the key.</P
><P
>After checking the fingerprint, you may sign the key to validate it.
Since key verification is a weak point in public-key cryptography,
you should be extremely careful and <I
CLASS="EMPHASIS"
>always</I
> check
a key's fingerprint with the owner before signing the key.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>Command&#62;</TT
> <KBD
CLASS="USERINPUT"
>sign</KBD
>
             
pub  1024D/9E98BC16  created: 1999-06-04 expires: never      trust: -/q
             Fingerprint: 268F 448F CCD7 AF34 183E  52D8 9BDE 1A08 9E98 BC16

     Blake (Executioner) &lt;blake@cyb.org&#62;

Are you really sure that you want to sign this key
with your key: "Alice (Judge) &lt;alice@cyb.org&#62;"

Really sign?</PRE
><P
>Once signed you can check the key to list the signatures on it and
see the signature that you have added.
Every user ID on the key will have one or more self-signatures as well
as a signature for each user that has validated the key.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>Command&#62;</TT
> <KBD
CLASS="USERINPUT"
>check</KBD
>
uid  Blake (Executioner) &lt;blake@cyb.org&#62;
sig!       9E98BC16 1999-06-04   [self-signature]
sig!       BB7576AC 1999-06-04   Alice (Judge) &lt;alice@cyb.org&#62;</PRE
></DIV
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN77"
HREF="x57.htm#AEN77"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>Many
command-line options that are frequently used can also be set in a
configuration file.</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="c15.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="book1.htm"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x111.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Getting Started</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="c15.htm"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Encrypting and decrypting documents</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
gnupg-doc 2003.04.06+dak1-1ubuntu1 / usr / share / doc / gnupg-doc / GNU_Privacy_Handbook / html / x57.htm
