Lab 9 Exercise 3

Trusting and signing other public keys.

First PGP public key we've generated (pub) was signed by the secret key (sec) from the same keypair. GnuPG treats this public key as ultimately trusted because it was generated on the same machine. This public key is used to identify the key owner.

Encryption key (sub) was signed by 'master key' (pub), and as this 'master key' is ultimately trusted, GnuPG considers that ownership of sub is verified.

The problem is -- you should get other people to trust your keys.

Assume that Adam has downloaded and imported your public keys (both pub and sub). He wants to send you some secret message, and uses the sub key to encrypt it. Unfortunately he is getting a warning similar to that you've got in task 3 or previous exercise.

There are two options for Adam.

1. Adam talks to you personally and verifies that you are the actual owner of the pub key, carefully checks the key fingerprints, and once he as absolutely that he has got the correct public key of yours, he signs it and adds you key to his trusted key list.

2. Alternatively, Adam checks what other people have signed your key. If there were enough signers whom Adam trusts, he will consider your key ownership verified automatically, without contacting you.

Anyway, you'll need to get your key signed by as much people as possible.

Sign the key

By now, you should have one set of keys that you have generated yourself, and another set of keys you got from your neighbor.

Carefully verify the key fingerprint with your neighbor. Use this command to dump key fingerprint:

    gpg --fingerprint <neighbor-key-id>

Sign the key once you are sure you are signing the right one:

    gpg --sign-key <neighbor-key-id>

Import other keys

For this task, we will need 3 public keys generated by different people.

Adam signs Bob's public key.

Charlie imports Bob's public key signed by Adam and Adam's own public key.

Charlie signs Adam's public key and marks it as trusted.

Charlie should be now able to encrypt messages for Bob (no key ownership warnings).

Page edit