On Wed, Mar 06, 2002 at 11:37:36AM -0500, [EMAIL PROTECTED] wrote: > I have set up a keyserver (on a trial basis) and asked my colleagues to > add their keys to it. > > When I try to send them a mail and import their keys, I am told that the > "Key is not certified by the keyserver. Am I sure I want that key?" > > I assume, that a key signed by the private key of the server is one > which is certified?? Or am I missing something totally obvious?
The server doesn't need a key. If everyone trusts your private key, that can be the trusted key that bridges the gap. You can have one just for this purpose. You can have multiple in the hands of different people (in which case you can require more than one key to trust another key). In classic OpenPGP style, the server doesn't have a key to give, it lets humans do the signing, etc. The person who is doing the checking of the signature or encrypting (in this case you) needs to trust a key that signs the key in question (in this case, theirs). It can be any individual key that you have trusted. You can make that a company key, or use a web of trust within the company to do that. I don't recomend automation of this because it makes the system susceptible to abuse. Have a human do the keysigning. > Also, if I am using gpg and know just my friends email ID, how can I > import his key. The command > > gpg --keyserver "IP KS" --recv keys "username" doesnt work. It > needs the ID as the argument, not the username. Reading the man page > didnt seem to help. :( A few keyservers have a web server with search capability (wwwkeys.us.pgp.net for example). Through the gpg interface, I don't know if there is a way to use something other than the key-id. I think gpg doesn't offer this because you can upload keys with any contact info you want, and therefore you wouldn't want to specify a key by e-mail address, since I can upload a key with your e-mail address. you want to do it by key ID, which is individual for the key. Rob
msg04588/pgp00000.pgp
Description: PGP signature
