On Wed, 6 Jun 2012 21:54, [email protected] said: > But it's a bit unclear to me on what basis you decided it looked correct? Your > mail suggests to me that you decided that based on the fact that the UID on > that key is "Werner Koch (dist sig)". But that would be the very first thing a
If you look at my OpenPGP mail header you will be pointed to a “finger”
address - enter it into your web browser (in case you don't know what
finger is) and you will see
pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
uid Werner Koch <[email protected]>
uid Werner Koch <[email protected]>
sub 2048R/FA8FE1F9 2008-03-21 [expires: 2011-12-30]
sub 1024D/77F95F95 2011-11-02
sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31]
pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
uid Werner Koch (dist sig)
sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
pub 1024R/1CE0C630 2006-01-01 [expired: 2011-06-30]
uid Werner Koch (dist sig) <[email protected]>
pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31]
uid Werner Koch (gnupg sig) <[email protected]>
1E42B367 is my standard key [encrypt and sign; use this one].
4F25E3B6 is used to sign software distributions [sign only].
5B0358A2 was used as my key until it expired on 2011-07-11;
it has been superseded by 1E42B367
1CE0C630 was used to sign software distributions [sign only];
it has been superseded by 4F25E3B6.
57548DCD was used to sign software distributions [sign only];
it has been superseded by 1CE0C630.
Please note that I use a subkey for signing messages; some old OpenPGP
implementations may not be able to check such a signature. The primary
key is stored at a more or less secure place and only used on a spare
laptop which is not connected to any network. If you find a key
certified by this one, you can be sure that I personally met this
person and checked the name part of the user ID against an official
looking passport or another suitable photo id. My signature does not
say anything about the email address (I merely check that the address
looks plausible).
followed by a public key block. If you check the signatures of the
current dist signing key (gpg --check-sigs 4F25E3B6):
pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
uid Werner Koch (dist sig)
sig!3 4F25E3B6 2011-01-12 Werner Koch (dist sig)
sig! 1CE0C630 2011-01-12 Werner Koch (dist sig) <[email protected]>
sig! 1E42B367 2011-01-12 Werner Koch <[email protected]>
[...]
you will notice that the key has in addition to the required
self-signature (note the “sig!3” line with the same key ID as the “pub"
line) a signature from the former dist signing key (1CE0C630), and one
From my regular key 1E42B367. Now check the my regular key and you will
notice that it is very well connected in the the Web of Trust.
Shalom-Salam,
Werner
p.s.
If you wonder about the subkey of the dist sig key: It is used for
ssh and, due to the “A” usage, ignored by gpg:
$ gpg2 --edit-key --batch 4F25E3B6 quit
Secret key is available.
pub 2048R/4F25E3B6 created: 2011-01-12 expires: 2019-12-31 usage: SC
trust: ultimate validity: ultimate
sub 2048R/AC87C71A created: 2011-01-12 expires: 2019-12-31 usage: A
[ultimate] (1). Werner Koch (dist sig)
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpSXMeLdfP9c.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
