|
|
| Previous | Table of Contents | Next |
After a key has been created, you should obtain the fingerprint and extract the key so that it can be sent to others. Only when someone else has the public key can it effectively be used to sign messages. Moreover, only with the public key can messages be encrypted.
The fingerprint verifies the key.
~? pgp -kvc tara Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, that is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/19 05:01 GMT Key ring: ‘/tmp/pubring.pgp’, looking for user ID “tara”. Type bits/keyID Date User ID pub 1024/D0C6326D 1995/11/14 Ruth Thomas <tara@mail.Free.NET> Key fingerprint = B0 22 D9 02 16 25 ED 6E 89 EF 0F 9D A5 5F 9A 1B
When a key is extracted, it is copied out of the public key ring into a keyfile that can then be sent to others.
~> pgp -kxa tara /tmp/keys.asc Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/19 05:00 GMT Extracting from key ring: ‘pubring.pgp’, userid “tara”. Key for user ID: Ruth Thomas <tara@mail.Free.NET> 1024-bit key, Key ID D0C6326D, created 1995/11/14 Transport armor file: /tmp/keys.asc Key extracted to file ‘/tmp/keys.asc’.
You can distribute the key either via e-mail, finger, the public keyservers, or a number of other means. The keyfile contains your public key certificate. It looks like this:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzCoUC0AAAEEAM65mYnk+d0i67fpDZbhTT2/xOOKL7umESWW4zYyna22dhHP BX6mE4oHqy5h1SkXtA4VinQvQWaNWhlTXLo46sEnzNTQKr3hXD5P7O08F4oMjMjT n5QTG+4Zq6BT1Nh0qN/Fv1rl6JgWEk4bZrBS6sx9JAg1mHjnQkj/XP7QxjJtAAUR tCBSdXRoIFRob21hcyA8dGFyYUBtYWlsLkZyZWUuTkVUPg== =327B -----END PGP PUBLIC KEY BLOCK-----
After your key has been distributed, you can sign messages. A signature is a digital stamp on a message that shows others that you have processed that message. A signature can have many meanings, but the important point is that if the message is modified at all, the signature will no longer be valid. For example, a signature can mean that the signer created the message, or it can mean that the signer saw the message, such as a digital notary. A signature enables you to check whether a message is authentic and has not been tampered with in transit.
Another use of a signature is called non-repudiation, in which a recipient of a message can prove that the sender actually sent the message. This is useful for signatures on digital contracts, for example, to show that a signature is really valid, rather than forged, on a document.
The following example shows how to sign a file.
~> pgp -sat message Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. >Current time: 1995/11/19 05:17 GMT A secret key is required to make a signature. You need a pass phrase to unlock your RSA secret key. Key for user ID “Ruth Thomas <tara@mail.Free.NET>” Enter pass phrase: Pass phrase is good. Key for user ID: Ruth Thomas <tara@mail.Free.NET> \\ 1024-bit key, Key ID D0C6326D, created 1995/11/14 Just a moment.... Clear signature file: message.asc
This message can then be sent to another user:
-----BEGIN PGP SIGNED MESSAGE----- This is a signed message. Actually, this is a clearsigned message. You can read the contents of the message and also verify the signature. It should be noted that although you can read this message, it is not really a plain-text message; it is a PGP file. The PGP header and footer should not be removed by hand, since the message may have been quoted by PGP. For example, lines that begin with a dash (-) or lines that begin with the string: “From “ will be quoted by PGP. - - this line originally had a leading dash, but PGP added a second one. -------------------------------------------------------------------- Messages should be input to PGP and only the output from PGP, which is the original message, should be used as input to other processors. Moreover, only the output of PGP should be trusted to be the signed message. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMK69z0j/XP7QxjJtAQFzJAP/ejfuughrVs7CRGDdRQWEW1QLk4l12qs9 4lvxbGqRcitbfNd/RG98sb1LMsgtmFqFAit+Wi7L5P6P4NHyTTwhvoYtruQ999Hi cBUoQrT3Lna6q+FElIE7ulH79alaKE9quTq6d3fsW+SghowoMpnTejUUnV+q1DXO cZ17Jg9fhpY= =HwTy -----END PGP SIGNATURE-----
| Previous | Table of Contents | Next |