| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| pgp_workshop [2025/05/29 07:36] – [Sign the public key of someone] usera | pgp_workshop [2025/05/29 07:47] (current) – [The actual Key signing] usera |
|---|
| - Open a command line, navigate to the folder where your file is and enter ''%%gpg --import [FILENAME]%%'', where [FILENAME] is the file you exported the public key to | - Open a command line, navigate to the folder where your file is and enter ''%%gpg --import [FILENAME]%%'', where [FILENAME] is the file you exported the public key to |
| - repeat the operaton for each key you want to sign | - repeat the operaton for each key you want to sign |
| | |
| | === The actual Key signing === |
| |
| This is how to do it (as recommended [[https://gist.github.com/F21/b0e8c62c49dfab267ff1d0c6af39ab84|here]]): | This is how to do it (as recommended [[https://gist.github.com/F21/b0e8c62c49dfab267ff1d0c6af39ab84|here]]): |
| |
| - Alice (you) get the public key of Bob | - Alice (you) get the public key of Bob |
| - Alice sign it with her private key: <code>gpg --sign-key [key_id]</code> where <code>[key_id]</code> is the fingerprint of the Bob public key. In the process you will be asked to check that the fingerprint match with the key of the other person, which you should do in a secure channel, or in person, with the person owning the key. | - Alice sign it with her private key: ''%%gpg --sign-key [key_id]%%'' where ''%%[key_id]%%'' is the fingerprint of the Bob public key. In the process you will be asked to check that the fingerprint match with the key of the other person, which you should do in a secure channel, or in person, with the person owning the key. Note: you can at every time look at all signatures on a key with the command: ''%%gpg --list-sig [NAME]%%'', with [NAME] being for example part of the mail address associated with the key. |
| - Alice exports, then encrypts the signed key with Bob public key, with the following command: <code>gpg --armor --export [key_id] | gpg --sign --encrypt -r [key_id] > [filename]</code>, where <code>[key_id]</code> is the fingerprint of Bob public key and <code>[filename]</code>is the output filename | - Alice exports, then encrypts the signed key with Bob public key, with the following command: <code>gpg --armor --export [key_id] | gpg --sign --encrypt -r [key_id] > [filename]</code>, where ''%%[key_id]%%'' is the fingerprint of Bob public key and ''%%[filename]%%'' is the output filename. Note: you can alternatively, since you already configured your mails for this, just export the key with ''%%gpg --armor --export [key_id] > [filename]%%'', and attach it to a mail encrypted with your mail client. |
| - Alice emails the key to Bob using the mail address associated with the key | - Alice emails the key to Bob using the mail address associated with the key |
| - Bob receives it, then decrypt it with his private key and import it: <code>gpg --decrypt [filename]</code> and then <code>gpg --import [filename_decrypted]</code> | - Bob receives it, then decrypt it with his private key and import it: ''%%gpg --decrypt [filename]%%'' and then ''%%gpg --import [filename_decrypted]%%'' |
| - He can then send it to a keyserver, containing Alice signature: <code>gpg --send_keys [key_id]</code> | - He can then send it to a keyserver, containing Alice signature: ''%%gpg --send_keys [key_id]%%'' |
| |
