GPGP for Linux
 

The following is the command to get or rather download a key from a public key server to your public key ring.


gpg --import neukey.asc

In the above the words ' neukey.asc ' stand for the file. I mean the name of the key which you download.
[ This is my understanding. I may be wrong.]
----------------------------------------------------------------------

I looked at a server to get a public key. For example, the following one.

[ pub 1024/4AB2BE38 2005/05/05 Pawe?\x82 Rumian (gorky@jabberpl.org) <prumian@poczta.onet.pl>

Key fingerprint = A9E8 0878 EB08 0A0E 4E21 5A48 CE75 1951 4AB2 BE38 ]

------------------------------------------------------------------------

How can I get the above key and attached to my key ring?


When I double click to download, I got the lot of binary stuff. Please read the following


Public Key Server -- Get ``0x4ab2be38 ''

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.0.10

mQGiBEJ6o/gRBADC2tGliVmBuf5T3dO8Qj1avng76NlPkC9t0erh3pv1s/OwRzkyy/xWHvl9
xM84eFKTAy+uDIeDoXHuYhBgmkN/puS8nPHNoXA10UdgnY5LtqeqT2iZ97IrXJpXBqrthMOW
8OyPK6g/m+f5pFwmPe0HGhEA/NG//NYD1GuyMMybJwCgp9JtkOtklVNWolQssjSQboUOWtUD
/i/syGhe6RtDWc7d8i2ppTr37IsFZlOJp4Oh0gXI1bdTmMGfLe2hIFIoyqdKrZt/hT20RZ/9
A/8e2I4efiS6nZl39A5KSYYjEAdZXLV9eqgjnHjBra/SY8E6wvMhNxqO+RuHVHMgvdFX9uMJ
brHDNZCfiU3Z9WVim5ufBWMqKcDGBACBn5wRB4hMlA31ee384ABqZa60zFwDR4C8G88wNUap
ykwNSmAkgka6mVW1dzy9ipdMqwFYISc/wm9W5S0KkV3bqyrFj8T2YHtCRxumyCxoQV5IQth7
Pl4xjuMzkFOhSNeqkhvNUAuJ4qXFtR2WvNn2pUsll6LAqUWwVZgtYH29ybQ7UGF3ZcWCIFJ1
bWlhbiAoZ29ya3lAamFiYmVycGwub3JnKSA8cHJ1bWlhbkBwb2N6dGEub25ldC5wbD6IXgQT
EQIAHgUCQnqj+AIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRDOdRlRSrK+OJ2xAJ47dNIx
1lBJM2m4aGlpejbJ3eTmGACfX1bonSLjhW2tm0dvFud/S6C2pre5Ag0EQnqj/xAIAKxoHZLg
xYnPmnMlDqA1kngEawq30hC7ktEU43qSoqo9hr4dN9ym1HD07Ne8RaVWcs3EWuNwm6cV4l+Q
JyTe7mjqyG7s5k+vTNv4+/r+8EZ6XBEt+/WCbzwffQd+7D2eM6kOAdpCbUX3Q/3oQUutuVNT
aDLAknPICvlqkAaxhB0ABL4QIvx9xfqlEDpCuAFnCiVc//03L2DPuPMZZrpm+cqAX4oXPCZW
HNkSibBc4LYVOn9B2YM07lo26yBNmvHXL4mFtDJdMLNy9MSwhH74Wwaaz8NmSfbh0v/RksUc
L+kLHpkc7aMDbaT6wgmc9kKI7FnEPqO/eKFbCM3JbizkbCsAAwYIAJddjyklFKgLm6X/npn5
t2shvy3KBmhG8DmN4fBBh9nx1mexKfp4g+5N3Emgsxh96Syi6zuXqIU4DlnOp+0x8pDcfH0l
7JLR+vDcBdIDCkBFYHxzFn7UwxiW22rMvcptZ82u+b4MyT4v8upViF4Id+IHkrCxGFy41qxX
DqR6HtAzVjEg/PjUPasDHTr3mDjSy2a/462Z9mcxk86z78oLM8YSXleYYomyJEev8QjXk6St
Eu578fGAK1iIj13mca7+HmcA/94vjqNx8fXJBqKLPisHXqAgXvETjw8RjwruKV7JO7sVmu4o
Wh5imKfCIymNX4qy36+ehrescKqhX5wJLoCISQQYEQIACQUCQnqj/wIbDAAKCRDOdRlRSrK+
OLJ1AJ49ju2qyzzFvIDf2yfKsw0BnyRGXQCdE0Cu6r0WaLSrWsGCZ4uLTiBCJ3w=
=OizN
-----END PGP PUBLIC KEY BLOCK-----

-----------------------------------------------------------------

How can I attach the above key to my public key ring?
Your help is appreciated.

That's what an "exported" public key looks like. See man gpg, --export.

Thanks introuble for the reply.

The man page doesn't give me the information I want. I just want to know the command to import a key and vice versa.

I got the following from man page. It doesn't tell me the way to import and export a key.
---------------------------------------------------------------------------------------

--gen-revoke name
Generate a revocation certificate for the complete key. To
revoke a subkey or a signature, use the --edit command.

--desig-revoke name
Generate a designated revocation certificate for a key. This
allows a user (with the permission of the keyholder) to
revoke someone else's key.

--export [names]
Either export all keys from all keyrings (default keyrings
and those registered via option --keyring), or if at least
one name is given, those of the given name. The new keyring
is written to stdout or to the file given with option "out-
put". Use together with --armor to mail those keys.

--send-keys [names]
Same as --export but sends the keys to a keyserver. Option
--keyserver must be used to give the name of this keyserver.
Don't send your complete keyring to a keyserver - select only
those keys which are new or changed by you.

--export-secret-keys [names]

--export-secret-subkeys [names]
Same as --export, but exports the secret keys instead. This
is normally not very useful and a security risk. The second
form of the command has the special property to render the
secret part of the primary key useless; this is a GNU exten-
sion to OpenPGP and other implementations can not be expected
to successfully import such a key.

See the option --simple-sk-checksum if you want to import
such an exported key with an older OpenPGP implementation.

--import [files]

--fast-import [files]
Import/merge keys. This adds the given keys to the keyring.
The fast version is currently just a synonym.

There are a few other options which control how this command
works. Most notable here is the --keyserver-option merge-
only option which does not insert new keys but does only the
merging of new signatures, user-IDs and subkeys.

--recv-keys key IDs
Import the keys with the given key IDs from a keyserver.
Option --keyserver must be used to give the name of this key-
server.

I tried in vain the following:

[root@c83-250-110-112 nissanka]# gpg -a 'http://keyserver.veridis.com:11371/search?q=Ranjith'
gpg: can't open `http://keyserver.veridis.com:11371/search?q=Ranjith'
[root@c83-250-110-112 nissanka]#

What is the problem?
[It seems to me that many of our friends who contriute to this forum are not familiar with gpg. Because I don't get the response I expect.]
---------------
I found the public key in the following website.
http://keyserver.veridis.com:11371/search?q=Ranjith

You can't armor a URL.


Cheers,
Tink

Thanks Tinkster for taking time to reply me.

Now I found out the way to download a key from a public server. Please read the following:

[root@c83-250-110-112 nissanka]# gpg --keyserver http://wwwkeys.ch.pgp.net/ --recv-keys 4E706F5719AFA1CF
gpg: requesting key 19AFA1CF from http server wwwkeys.ch.pgp.net
gpgkeys: key 4E706F5719AFA1CF not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
[root@c83-250-110-112 nissanka]#

--------------------------------------------------

The key words are 'keyserver' and 'recv-keys'
You can't alter those words.

[root@c83-250-110-112 nissanka]# gpg --keyserver <URL of the key server> --recv-keys <Key ID>

For some reason, this doesn't work. I have been trying this for more than 2 hours.

Do you know why?

Save the part where the Public Block starts to where it ends to a file then gpg --import file_name.??? to import it into the keyring. eg save this

Thanks Happy for taking time to reply me.

So the following command wouldn't help to download a key.

[niss@c83-250-110-112 ~]$ gpg --keyserver <URL of the key server> --recv-keys <Key ID>

I found it on a website.

I am a newbie to gpg. So your comments are valuble. Please do comment on this.

Mate ... look at the man-page again :}

It's not http:// ... it's hkp:// to begin with.


Cheers,
Tink

Yes that should do it just use the address itself eg www.abc.def no need for http:// or hpk:// in front and for the key id you only need the last eight digits/letters in the id eg from above 19AFA1CF. The problem you are having is that key is not on the server that you are trying to get it from.

Thanks Tinkster taking time to reply me.

I always state those bloody man pages are user unfriendly.

They don't write in a simple manner.

By reading those pages, I can't get the answer I want. I simply want the command to download the keys from a public key server.

I don't get what I want from the following 'man page' details.
--------------------------------------------------------------
--keyserver name
Use name as your keyserver. This is the server that --recv-
keys, --send-keys, and --search-keys will communicate with to
receive keys from, send keys to, and search for keys on. The
format of the name is a URI: `scheme:[//]keyserver-
name[:port]' The scheme is the type of keyserver: "hkp" for
the HTTP (or compatible) keyservers, "ldap" for the NAI LDAP
keyserver, or "mailto" for the Graff email keyserver. Note
that your particular installation of GnuPG may have other
keyserver types available as well. Keyserver schemes are
case-insensitive.

Most keyservers synchronize with each other, so there is gen-
erally no need to send keys to more than one server. The
keyserver "hkp://subkeys.pgp.net" uses round robin DNS to
give a different keyserver each time you use it.

--keyserver-options parameters
This is a space or comma delimited string that gives options
for the keyserver. Options can be prepended with a `no-' to
give the opposite meaning. Valid import-options or export-
options may be used here as well to apply to importing
(--recv-key) or exporting (--send-key) a key from a key-
server. While not all options are available for all key-
server types, some common options are:

--------------------------------------------------------------

The name of the server is ---> http://pgp.mit.edu
The key ID is ---> 3BFB3F5F
The user ID is ---> Gunnar Johansson <info@gunnar-johansson.se>

[ Could you write me the command to download the above mentioned public key from the above mentioned server? ]

Those bloody 'man pages' are hopeless, as far as I am concerned.

>$ gpg --keyserver pgp.mit.edu --recv-keys 3BFB3F5F
gpg: requesting key 3BFB3F5F from hkp server pgp.mit.edu
gpg: key 3BFB3F5F: public key "Gunnar Johansson <info@gunnar-johansson.se>" imported
gpg: Total number processed: 1
gpg: imported: 1

Thanks so much Happy Tux. So you solved a big problem.
--------------------------------------------------------------
[root@c83-250-110-112 nissanka]# gpg --keyserver pgp.mit.edu --recv-keys 3BFB3F5F
gpg: requesting key 3BFB3F5F from hkp server pgp.mit.edu
gpg: key 3BFB3F5F: public key "Gunnar Johansson <info@gunnar-johansson.se>" imported
gpg: Total number processed: 1
gpg: imported: 1
[root@c83-250-110-112 nissanka]#
---------------------------------------------------------------
So our friend Tinkster made a mistake by suggesting some 'hpk' to precede with the downloading server's address.This is a tall order. I mean not everybody knows pros cons of gpg.

The next step is to attached it to my key ring. I guess I must know the location of this key or rather the file to go ahead with the attaching.

[root@c83-250-110-112 nissanka]# find / -name 3BFB3F5F
[root@c83-250-110-112 nissanka]#

[root@c83-250-110-112 nissanka]# find -name 3BFB3F5F
[root@c83-250-110-112 nissanka]#

[root@c83-250-110-112 nissanka]# locate 3BFB3F5F
[root@c83-250-110-112 nissanka]#

How do I find the downloaded file? I guess it has an .asc ending. Please help me. Now I want to attache it to the key ring.

The command you used downloaded and imported it into your keyring use gpg --list-keys and you will see it there.

I tried the command ' [root@c83-250-110-112 nissanka]# locate *asc '
Please read the following output. I don't know which one to select.
--------------------------------------------------------------------------



[root@c83-250-110-112 nissanka]# locate *asc
/etc/RPM-GPG-KEYS/22458a98.asc
/etc/RPM-GPG-KEYS/70771ff3.asc
/etc/RPM-GPG-KEYS/9b4a4024.asc
/home/nissanka/Desktop/gnupg-1.4.4/doc/samplekeys.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-1.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-3.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/secring.skr.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-2o.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/pubring.pkr.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-2.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-1-pgp.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/pubdemo.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-3o.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/secdemo.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/secring.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/pubring.asc
/home/nissanka/Desktop/gnupg-1.4.4/checks/plain-1o.asc
/usr/share/doc/gnupg-1.4.2.2/samplekeys.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/div.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/pod.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/rtfadv.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/rtfbasic.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/rtffull.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/rtfloop.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/cmp/rtfmeta.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/match/div.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/pod/pod.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/rtf/rtfbasic.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/rtf/rtfadv.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/rtf/rtffull.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/rtf/rtfloop.asc
/usr/share/doc/apache-HTML-Embperl-2.0.54_2.0.0/test/html/rtf/rtfmeta.asc
/usr/share/printer-testpages/testpage.asc
[root@c83-250-110-112 nissanka]#

Thanks Happy Tux.
It is there.

[root@c83-250-110-112 nissanka]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------

pub 1024D/3BFB3F5F 2005-12-04
uid Gunnar Johansson <info@gunnar-johansson.se>
sub 4096g/6DEDFD24 2005-12-04

[root@c83-250-110-112 nissanka]#

It seems that I don't have to bother about the location of the downloaded key. I could just go ahead with the 'import' command to attach to the key ring.

[root@c83-250-110-112 nissanka]# gpg --fingerprint 3BFB3F5F
pub 1024D/3BFB3F5F 2005-12-04
Key fingerprint = 383E F0E4 3D64 41FB 9E34 F377 6215 2549 3BFB 3F5F
uid Gunnar Johansson <info@gunnar-johansson.se>
sub 4096g/6DEDFD24 2005-12-04

[root@c83-250-110-112 nissanka]# gpg --import 3BFB3F5F
gpg: can't open `3BFB3F5F': No such file or directory
gpg: Total number processed: 0
[root@c83-250-110-112 nissanka]#

Why is the reason for failure of import command ?
I believe this import command is the one you use to attach the downloaded keys to your ringg

Your welcome the --import I show above is for the Public Key block that has been exported/saved to a file, you would be importing the file.???.

Happy Tux
I don't understand what you are trying tell me here. What is the error?

Ok when you are using the import command that is used with a file like gpg --import file.asc this file needs to have been saved to your hard disk so you are importing it directly into the key ring. The proper command for your error above would be the already used gpg --keyserver pgp.mit.edu --recv-keys 3BFB3F5F that downloads then imports from a keyserver. So to use the gpg --import file.asc you would have to instead of using a keyserver to get the key, downloaded the file.asc (which the person owning the key used the gpg --export key_id file.asc then posted for download) from a webpage and saved it to your hard disk then import. Hopefully this clears up the confusion.

Thanks Happy Tux for all your effort to help me.
To be candid, this is still confused.

1] Are you telling me that I downloaded the wrong file?

2] Do you want me to go the server and download the correct file again?

3] Do you want me to download the file which has the .asc at the end?

4] If you want me to download a file which has .asc at the end, what is the command?

I would like to hear from you again.
--------------------------------------------------------------------------

[**] I could save the following binary file. How do I save? I can copy it to the Open Office wordprocessor and save. I can use the 'vi' editor and save. What should be the name of the file? It seems it should be an .asc file. Please tell me.

The following is this particular public key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Key Server 0.9.6

mQGiBEOTPj0RBADQMDqWP4Fgbp8LodKr/NzNGQjHZQ1ys3Vn+rrak9JHw78csIR3
y4/tfAGN0YoWZZn67bQ3ZED2d/UFVyayaDQ8J0kCxxmfR8KofARKcfOlWmwpFDtr
BzwXnz9l3T8BmuRwB9uJMISqHC01ubST8o1LjzUivKOUXASCQNpwcSVKCwCg807P
XXZfgFeF88lwx91SRzbJk28D/jpBnqollhyb6MSAGHTXguNMPGaDQUGJ7Amx2bYM
FgbUIEbARNnyOczbixRTfV+JmTzrhUDbLf9BaSVrrCxEE5lbFbmSKGQlllmiPnSC
Omtaid85bT3YD1LjcM5tcdP8F1Y0kYoeIyGAj/X0MXd5K6salfkLVuptiophlerf
Aty/BACtdDw7XVdixxuv45it/+r55gQT9jdujZ6pRZ0m0ZvGSXlizJZyoBVrd+ZG
jxYnNvaaMZ8VOJHpUS/ox/EDZ41Q19StTL/YwxpSrbfHppuNI25XdP4nbzSu+pDa
v5Ok/Hj21jSs2QClD/AWKzkgTfx8ctjKbak1ArHoOi3RWvG//bQrR3VubmFyIEpv
aGFuc3NvbiA8aW5mb0BndW5uYXItam9oYW5zc29uLnNlPohbBBMRAgAbBQJDkz4+
BgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEGIVJUk7+z9fiOoAoLOIZfKxy2TPKNeb
bw/7ten1fEXUAKDTSXqPZMDil/UmITmtwh8aQ6I6nrkEDQRDk02yEBAAgAfMT8/b
XSzDMORF/MC+pqz8F2BOf9wXHSysR+vxWIu34F9Uu0fGCGxUIdSHLDfsnkcCwFxi
eb0OTTzfVh0Lu/RHOQBkwXsrDLFJLUd5L9Nf+tp/hzxDQU2uMzIWjP4qnMxg3yyT
/qOZD16roH8PVeGT0So/tmBLDx8kB8OKtdSUmKDMMyCMA0zrPje5quGG61jE86PP
tZqVnrhkvlaYbe7jfWE3Kv1p/WwYkwH31VpFij1wt+uQA2WRY0YdyvGTaC/qgR1v
Le+mTN3IjorrIbNPZWWHp6Zsf8p0De/hz3Xivys+/Y6Q00Yrmp4lxb3lcF84VgWb
6yB+Z37b40A1JP64/ymMJnX3bqbXORyUxZgtBx6JkzZx6nxgCxBhXAzz+KY90h5/
UfItnZEG7Jvib7pRcAnrb2lZkaf7jgestGYSjJhBxQO+GOgH0H7yhdHJ5bnElldO
pFp4GlQk2WEMoov47sLSxFdc0In7s6yMbhstJaR8be7Ei0ZWucAw/SIX1qAOPJ58
aiQZw4MIrWujZbinlKzpkvs9nUZRt5c/oC9GRrCdPApydWCTkAPkOfvpsMeNM/Cn
xam9rp0506KPXCHBo6/rfFY1yoRtloctWI3oxZY6rstjlSijNZkFMfW9XsjtPn++
FM8koLBegS0smDY0Jsl+M7DnWymaOEfTp6MAAwYP/1J0+Z/4X79IsV3NMsts88hD
PmbSDkQEfTDldgGXmSuT3lpxP+IjnuX2ez8dvmbibD5GhFBotjbOESgEjcuqeYYy
DPcpZmkWeCqkSv06XOWsBHT61xp4VIHKw3aV/Wi1yjSRgbY6y7R5M321SGlmwzEM
xDIZOQj1FTvO79wkwcZg+vyzbH4Qzi8DMvAWbUD/P7OaP0B/+2YOHVk6mzcXFA3f
tqnp+H5RuuzFaaxCSJe7ijugls7N2ymU98xBdr1k101WIBHI03MoATirN6ynxdAo
JKf+R6hPya5LfBHCOzNBfBiRJQ8sVbELanrDenpV8vt3UbP6sIq9vDc7iTAeS92t
3m6TMXbyKXXmU8NNtrNRM5J2Wgv8XXF9MKb2zO8ta0mbbU6XdifU3AtzLeFB6aly
JYYuPdotEonlCLdHEh5PNCquZm4jPUeL/X542LDeUyH5gYeh9Gimv2KFZj9ubCK9
vrkze1cHrkUQV07PKwzS73a+n+kbteZzut+ZZnEnk/GtAY77uZC84PPlPy7BhEbf
Nru9BRikCYsxVvujr0ZNOQul6HDQvXIwEl7rpJFFi0qHm/zZASCBuym1CZSXH9Aa
oQSG9vFhQ7bT1R2maDzuDFWCjHtBGKKj8tA5b0nKUp4fPODbq/VwRhAiLYc6BlAy
Cgj5QthI9RV8BXRN5Yr3iEYEGBECAAYFAkOTTbIACgkQYhUlSTv7P1/y5ACfZTZ8
Tbx18XTE0SQ1ZJdx2gSK/AcAoMud6ykRF5dOa0UJJqI34WxQlanJ
=sP+n
-----END PGP PUBLIC KEY BLOCK-----

Not really ...


Cheers,
Tink

Thanks Tinkster

I am waiting a reply from Happy Tux.

No with the gpg --keysever command you got the public key you wanted imported into your keyring there is nothing else to do.
No if you did do that for another key then that is not available on a keyserver but which has a posted .asc file you would use the already mentioned gpg --import file.asc to put it into your keyring.

If you were on a webpage then a right click and use the save as option, if for instance you wanted to do it from the command line then in the case of my public key you could use.

Which would use wget to download my public key into the current directory then if you wanted to put my key into your keyring

Would import my key.

Any editor should work the file extension/name does not matter gpg will recognize it as a signature when the --import was done but the .asc is the commonly used extension so people can see that it is supposed to be a gpg signature.

That is very touching :)

I would have loved to respond in private, but unfortunately
you disabled e-Mails. I think you owe me an apology ;}


Cheers,
Tink

Thanks Happy Tux. You have taken pains to provide me a lengthy reply.

The following worked.

[root@c83-250-110-112 nissanka]# wget http://users.eastlink.ca/~stephencormier/publickey.asc
--20:45:54-- http://users.eastlink.ca/~stephencormier/publickey.asc
=> `publickey.asc'
Resolving users.eastlink.ca... 24.222.0.104
Connecting to users.eastlink.ca|24.222.0.104|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,860 (1.8K) [text/plain]

100%[==================================================================>] 1,860 --.--K/s

20:45:55 (221.73 MB/s) - `publickey.asc' saved [1860/1860]

[root@c83-250-110-112 nissanka]#

-----------------------------------------------------

Is it necessary to sign a key?
What would happen if you didn't sign a key?

I saved this key or rather downloaded file of the key using the vi editor.
I named it ' gunnar1.asc ' .

Afterwards, I copied it onto the folder where 'gpg' resides. Because when I created the file 'gunnar1.asc' , it will remain in the folder 'Desktop' .

------------------------------------------------------------
[nissanka@c83-250-110-112 ~]$ cp /home/nissanka gunnar1.asc /home/nissanka/Desktop/gnupg-1.4.4
cp: omitting directory `/home/nissanka'
[nissanka@c83-250-110-112 ~]$ ls
------------------------------------------------------------

Now I know the import command should work. So tried it and it worked.

[root@c83-250-110-112 nissanka]# gpg --import gunnar1.asc
gpg: key 3BFB3F5F: "Gunnar Johansson <info@gunnar-johansson.se>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
[root@c83-250-110-112 nissanka]#

Is signing of the key a necessary step?

The signing of a key should not be done unless you have personally verified the persons identity eg. by meeting them in person and seeing some form of official identification or you know someone who you have the same level of trust with and they have personally verified the information. A key in your keyring that is unsigned by you just remains as an untrusted key there is no harm in it you can still use it for sending encrypted communications to that person with their key.

Thanks Happy Tux for the explanation.

I want to send the public key to a keyserver.

Let us say I want to send to the following keyserver.

http://www.keyserver.net

I guess the following command is the correct one.

[root@c83-250-110-112 nissanka]$ gpg --keyserver search.keyserver.net --send-key gorky@outgun.com

Please tell me if I am wrong.


-----------------------------------------------------

I know the commad to armour the key. Is it necessary? I guess you don't have to do it if you just send to a public key server. Because anyone could go to a public key server and collect the key.

[root@c83-250-110-112 nissanka]$ gpg --armor --export gorky@outgun.com

I have a hunch that armouring means creating a file which has .asc at the end.
Please tell me whether it is necessary to armour the key.

You would want the ID of the key like ABC12EFG not the email address associated with it and just use the address of the keyserver like the pgp.mit.edu where you got the original key from earlier in the thread.


Yes the armour is used when exporting to a file not keyserver and again use the keyid not email address.

Thanks Happy Tux for taking time to reply me again.
I just want a small clarification on exporting and importing.

When you download or rather get a public key from a key server, it is not importing.

When you attach the downloaded public key to your key ring, it is called importing.
Please tell me if I am wrong.

[root@c83-250-110-112 nissanka]#gpg --import -name_of_the_file

It is the same thing just different method the --recv-keys gets the key from the keyserver then imports it into your keyring so it is importing just not using the --import command to do it.

Thanks Happy Tux for helping me again.

I went to the following server and submitted my key.

http://keyserver.veridis.com:11371/import.jsp

If you look at the above site, you will see the 'Browse' button.

I used that button and went deep into the folder where I have this program.
I found a file called ' pubring.asc '. I double clicked it. Then the file appeared on the screen. Afterwards I clicked the 'submit' button

It was successful.

Now if you search in that server, my key is not there.

What went wrong?

If you searched the public key of ' Nissanka De Silva', it should be there.

However, it is not there.

That page only gives me the option to sumbit an exported armored signature file there is no browse however on www.veridis.com you get a search in the keyring and your is not there. If you want a simple way to have your key distributed the use gpg --keyserver pgp.mit.edu --send-key <KEY_ID> which will send your key to one of the main keyservers and in turn once it gets mirrored through the network of keyservers will be available everywhere.

[root@c83-250-110-112 gnupg-1.4.4]# gpg --keyserver pgp.mit.edu --send-key Nissanka De Silva
gpg: "Silva" not a key ID: skipping
gpg: "De" not a key ID: skipping
gpg: "Nissanka" not a key ID: skipping
[root@c83-250-110-112 gnupg-1.4.4]#

Why didn't this work?

This is my key --> 6D090EE9
My key ID is --> Nissanka De Silva
Am I wrong?

---------------------------------------------------------------

Now I tried with the key. Please read the following:

[root@c83-250-110-112 gnupg-1.4.4]# gpg --keyserver pgp.mit.edu --send-key 6D090EE9
gpg: sending key 6D090EE9 to pgp.mit.edu
[root@c83-250-110-112 gnupg-1.4.4]#

I don't think it worked.

Because you are still trying to send/use the wrong part of the key.
Now this succeeded because you used the proper key_id (6D090EE9) it would give you an error like in the first part if it had not worked.

Edit:And just to test your key is already available on MIT keyserver it just needs to get into the rest of the keyserver network when the next mirroring happens.

Now I searched it in the following server.

http://keyserver.veridis.com:11371/s...&submit=Search

I got the following:

Your search - Nissanka De Silva - did not match any public keys.

If I succeeded, it should be there.
What is the problem?

Now assuming that veridis.com is part of the public keyserver network then it will definitely take some time for the key to get to it depending as to when it syncs its keys with the other keyservers, it is not going to happen immediately.

Thanks Happy Tux for the reply. You have taken pains to help me. I take my hat off for all the support.

Yesterday I downloaded your public key. Please read the following:

[root@c83-250-110-112 gnupg-1.4.4]# wget http://users.eastlink.ca/~stephencormier/publickey.asc
--18:01:37-- http://users.eastlink.ca/~stephencormier/publickey.asc
=> `publickey.asc'
Resolving users.eastlink.ca... 24.222.0.104
Connecting to users.eastlink.ca|24.222.0.104|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,860 (1.8K) [text/plain]

100%[==================================================================>] 1,860 --.--K/s

18:01:38 (92.56 KB/s) - `publickey.asc' saved [1860/1860]

[root@c83-250-110-112 gnupg-1.4.4]#
----------------------------------------------------

Now I just want to test with someone by sending an email. However, you have disabled your email address. I respect to your privacy. Some people don't want to publish their email addressess on public forums like this.

In any case, I can simply import your public key to my key ring.

By the way, I searched you on that server under the name 'Stephen Cormier'. You were not there.

Sure you can send me an email my address that I use with the key are listed in the key itself either of them are fine to send too. I doubt my key would be there yet all this gpg talk finally got me to upload my key to the pgp.mit.edu yesterday instead of just providing a link to it on my webspace in my email signature.

Thanks Happy Tux.
I successfully imported your key to my key ring.
---------------------------------------------------------
[root@c83-250-110-112 gnupg-1.4.4]# gpg --import publickey.asc
gpg: key 28BAD9AF: public key "Stephen Cormier <s.cormier@gmx.net>" imported
gpg: Total number processed: 1
gpg: imported: 1
[root@c83-250-110-112 gnupg-1.4.4]#




[root@c83-250-110-112 gnupg-1.4.4]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/6D090EE9 2006-08-15 [expires: 2056-08-02]
uid Nissanka De Silva (Le Grand Homme) <nissanka@swipnet.se>
sub 1024g/AD4FDA0A 2006-08-15 [expires: 2056-08-02]

pub 1024D/0B16D094 1997-10-04
uid Dilum Ranatunga <ranatnga@princeton.edu>
sub 2048g/BF167CB3 1997-10-04

pub 1024D/28BAD9AF 2004-03-29
uid Stephen Cormier <s.cormier@gmx.net>
uid Stephen Cormier <scormier@gmx.net>
sub 2048g/FAD240A1 2004-03-29

[root@c83-250-110-112 gnupg-1.4.4]#
---------------------------------------------------------

You have permitted me to send a message. I would do so. Not write now. I have to attend a few other things. I will try either on this Saturday or Sunday.
[ Did you see my nick name? I am Le Grand Homme. I speak some French too.]

Happy Tux

I hope this key signing is not essential to send you a message.
Please tell me if I must do it.

I speak little french I could maybe read a menu in a restaurant and order that is about it. The use of my key when sending to me would be to encrypt a file/message to send so only I could decrypt it with my private key/password. When sending you would want to do what is called signing the message with your public key.

Happy Tux

Let us say the name of the file that I want to send is ' test1 '

I believe the following command will encrypt that file

[root@c83-250-110-112 nissanka]# gpg -e -r scormier@gmx.net test1

The above will create a file with a .gpg ending. I will send it to you.

Please tell me if I am wrong.

Yes that will work so that only I will be able to decrypt the test1.gpg when I get it.

Thank you again Happy Tux for taking time to reply me. It is a yeomen effort from you to help me. I will send a message either this Saturday or Sunday.

I am very tired now. I came home from an hour ago. After work, I went to the gym. I am training 3 times a week. The work and training took all my energy. I must sleep soon instead of working with the computer.

By the way, my kmail works fine.

I am very surprised by the fact that my public key has not spread to all the servers. I submitted to the following server:
http://pgp.mit.edu/
It is there when I searched.


The following server says it is not there. What would be the problem?
http://keyserver.veridis.com

That I really have no idea about as to when/how the keyservers get updated or even if the veridis.com is part of the network.

Thanks Happy Tux for the reply.
Do you know any other servers apart from keyserver.verdis which keep public keys?

Please check your mail.