Differences

This shows you the differences between two versions of the page.

--- pgp_workshop [2025/05/29 07:19] – [Signing and verifying signatures with OpenPGP] usera
+++ pgp_workshop [2025/05/29 07:47] (current) – [The actual Key signing] usera
@@ Line 276: / Line 276: @@
 GPG is a lot based on the trust that you are talking to the right person. Therefore, to tell to the whole world that you trust some public key, you should **sign the public keys** of other people.
+=== Note if you used Thunderbird and not Kleopatra ===
+To sign a key, you need to use the command line gpg, so as said before, if you used Kleopatra to generate your keys, you are good to go, as the gpg tool will already know your keys. However, if you used Thunderbird, you need to copy the keys you want to sign. This is how you do it.
+  - First, go to the PGP key manager in Thunderbird
+  - Select the public key you want to sign, then right click and click on Export public key to file and select a location on your computer
+  - Open a command line, navigate to the folder where your file is and enter ''%%gpg --import [FILENAME]%%'', where [FILENAME] is the file you exported the public key to
+  - repeat the operaton for each key you want to sign
+=== The actual Key signing ===
 This is how to do it (as recommended [[https://gist.github.com/F21/b0e8c62c49dfab267ff1d0c6af39ab84|here]]):
   - Alice (you) get the public key of Bob
-  - Alice sign it with her private key: <code>gpg --sign-key [key_id]</code> where <code>[key_id]</code> is the fingerprint of the Bob public key. In the process you will be asked to check that the fingerprint match with the key of the other person, which you should do in a secure channel, or in person, with the person owning the key.
+  - Alice sign it with her private key: ''%%gpg --sign-key [key_id]%%'' where ''%%[key_id]%%'' is the fingerprint of the Bob public key. In the process you will be asked to check that the fingerprint match with the key of the other person, which you should do in a secure channel, or in person, with the person owning the key. Note: you can at every time look at all signatures on a key with the command: ''%%gpg --list-sig [NAME]%%'', with [NAME] being for example part of the mail address associated with the key.
-  - Alice exports, then encrypts the signed key with Bob public key, with the following command: <code>gpg --armor --export [key_id] | gpg --sign --encrypt -r [key_id] > [filename]</code>, where <code>[key_id]</code> is the fingerprint of Bob public key and <code>[filename]</code>is the output filename
+  - Alice exports, then encrypts the signed key with Bob public key, with the following command: <code>gpg --armor --export [key_id] | gpg --sign --encrypt -r [key_id] > [filename]</code>, where ''%%[key_id]%%'' is the fingerprint of Bob public key and ''%%[filename]%%'' is the output filename. Note: you can alternatively, since you already configured your mails for this, just export the key with ''%%gpg --armor --export [key_id] > [filename]%%'', and attach it to a mail encrypted with your mail client.
   - Alice emails the key to Bob using the mail address associated with the key
-  - Bob receives it, then decrypt it with his private key and import it: <code>gpg --decrypt [filename]</code> and then <code>gpg --import [filename_decrypted]</code>
+  - Bob receives it, then decrypt it with his private key and import it: ''%%gpg --decrypt [filename]%%'' and then ''%%gpg --import [filename_decrypted]%%''
-  - He can then send it to a keyserver, containing Alice signature: <code>gpg --send_keys [key_id]</code>
+  - He can then send it to a keyserver, containing Alice signature: ''%%gpg --send_keys [key_id]%%''