HostedDB - Dedicated UNIX Servers
-->
Internet Security Professional Reference:PGP
Previous Table of Contents Next


Adding Keys to the Public Key Ring

To use a key to encrypt a message or verify a signature, it must be on a public key ring. There are a number of ways to acquire a key, and they all involve just a few steps. The first step is to obtain the key. This can be done via e-mail, ftp, a keyserver, a floppy, or by typing the key. After you have a key, you tell PGP to add it to your key ring using the -ka option.

When you first use PGP, it is helpful to add the keys that are in the PGP release to your personal key ring. One reason is that the PGP release is signed by at least one of these keys, usually; adding the key to the public key ring enables users to check the signature on the PGP distribution. The keys are held in a file called keys.asc:

~> pgp -ka keys.asc
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/21 18:01 GMT

Looking for new keys...
pub  1024/0DBF906D 1994/08/27  Jeffrey I. Schiller <jis@mit.edu>
pub   512/4D0C4EE1 1992/09/10  Jeffrey I. Schiller <jis@mit.edu>
pub  1024/0778338D 1993/09/17  Philip L. Dubois <dubois@csn.org>
pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <colin@nyx.cs.du.edu>
pub  1024/C7A966DD 1993/05/21  Philip R. Zimmermann <prz@acm.org>
pub  1024/8DE722D9 1992/07/22  Branko Lankester  <branko@hacktic.nl>
pub  1024/9D997D47 1992/08/02  Peter Gutmann <pgut1@cs.aukuni.ac.nz>
pub  1019/7D63A5C5 1994/07/04  Hal Abelson <hal@mit.edu>

Checking signatures...
pub  1024/0DBF906D 1994/08/27  Jeffrey I. Schiller <jis@mit.edu>
sig!      C7A966DD 1994/08/28  Philip R. Zimmermann <prz@acm.org>
sig!      C1B06AF1 1994/08/29  Derek Atkins <warlord@MIT.EDU>
sig!      4D0C4EE1 1994/08/27  Jeffrey I. Schiller <jis@mit.edu>
pub   512/4D0C4EE1 1992/09/10  Jeffrey I. Schiller <jis@mit.edu>
sig!      4D0C4EE1 1994/06/27  Jeffrey I. Schiller <jis@mit.edu>
sig!      C1B06AF1 1994/06/19  Derek Atkins <warlord@MIT.EDU>
sig!      C7A966DD 1994/05/07  Philip R. Zimmermann <prz@acm.org>
pub  1024/0778338D 1993/09/17  Philip L. Dubois <dubois@csn.org>
sig!      C7A966DD 1993/10/19  Philip R. Zimmermann <prz@acm.org>
pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <colin@nyx.cs.du.edu>
sig!      C7A966DD 1994/05/07  Philip R. Zimmermann <prz@acm.org>
sig!      FBBB8AB1 1994/05/07  Colin Plumb <colin@nyx.cs.du.edu>
pub  1024/C7A966DD 1993/05/21  Philip R. Zimmermann <prz@acm.org>
sig!      0DBF906D 1994/08/30  Jeffrey I. Schiller <jis@mit.edu>
sig!      4D0C4EE1 1994/05/26  Jeffrey I. Schiller <jis@mit.edu>
sig!      C7A966DD 1994/05/07  Philip R. Zimmermann <prz@acm.org>
pub  1024/8DE722D9 1992/07/22  Branko Lankester  <branko@hacktic.nl>
sig!      C7A966DD 1994/05/07  Philip R. Zimmermann <prz@acm.org>
sig!      8DE722D9 1993/11/06  Branko Lankester  <branko@hacktic.nl>
pub  1024/9D997D47 1992/08/02  Peter Gutmann <pgut1@cs.aukuni.ac.nz>
sig!      C7A966DD 1994/02/06  Philip R. Zimmermann <prz@acm.org>
pub  1019/7D63A5C5 1994/07/04  Hal Abelson <hal@mit.edu>
sig!      0DBF906D 1994/09/03  Jeffrey I. Schiller <jis@mit.edu>
sig!      C7A966DD 1994/07/28  Philip R. Zimmermann <prz@acm.org>
pub   709/C1B06AF1 1992/09/25  Derek Atkins <warlord@MIT.EDU>
sig!      0DBF906D 1994/08/30  Jeffrey I. Schiller <jis@mit.edu>
sig!      4D0C4EE1 1994/06/19  Jeffrey I. Schiller <jis@mit.edu>
sig!      C7A966DD 1994/05/07  Philip R. Zimmermann <prz@acm.org>

Keyfile contains:
   8 new key(s)

One or more of the new keys are not fully certified.
Do you want to certify any of these keys yourself (y/N)? No

After a new key is added, you usually are asked if you want to certify it, or sometimes how much trust should be put in a key to sign other keys. When you sign a key, you make a statement about the authenticity of that key. A signature states that you believe that the userid on the key actually names the user or group who has the secret key.

Users should never sign arbitrary keys. You should never sign a key without first verifying its authenticity by using the key fingerprint and talking to the key’s owner. Whether a key should be trusted as an introducer is really a question in your trust in the key and the owner of the key. Do you believe that this key really belongs to the person whose userid is on the key? Do you know this person? Do you trust this person to sign other keys properly? Do you know if the user is easily spoofed? How much do you trust him or her to sign keys consistently? Ask yourself these questions before trusting a key as an introducer.


Previous Table of Contents Next