Created
February 2, 2016 14:48
-
-
Save lichti/97e60b1be31c40be86d8 to your computer and use it in GitHub Desktop.
pgp Key signing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Find the key ID on the fingerprint. The fingerprint will have an 8-character ID listed after the key size. Typically it looks like this: '1024D/64011A8B'. The actual ID portion is the '64011A8B'. You'll notice this is also the last 8 characters of the fingerprint itself. | |
| Fetch the public key using the key ID. If you're running GnuPG on the command line, you can do this by typing | |
| gpg --keyserver pgp.mit.edu --recv-keys <KeyID> | |
| (where KeyID is obviously the ID of the key you want). | |
| Check that the fingerprint of the key you've just fetched matches the fingerprint on the slip of paper: run | |
| gpg --fingerprint <KeyID> | |
| and compare it with the hard copy in front of you. | |
| If (and only if) you are happy that the fingerprints match and the person showed you sufficient ID, you can do the actual 'signing' part of the process: type | |
| gpg --sign-key <KeyID> | |
| and answer the questions it asks. | |
| Next you need to send the signed copy of their key back to them. Now upload the signed key back to the server | |
| gpg --keyserver pgp.mit.edu --send-key <Key_ID> | |
| You should get back something like 'gpg: sending key <Key_ID> to hkp server pgp.mit.edu' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment