Great!! Signed and edit key ...Works like a charm. Thank you >>> Daniel Kahn Gillmor <d...@fifthhorseman.net> 10/14/2009 4:40 PM >>> Hi Connie--
I'm glad that was useful. On 10/14/2009 05:07 PM, CONNIE RODRIGUEZ wrote: > I attempted key signing but was not successful. I received the following > output: > > [la...@lsftest1/usr/local/bin # ./gpg --edit-key REWARD > pub 1024D/C2126D6D created: 2009-02-23 expires: never usage: SC > trust: unknown validity: unknown > sub 2048g/4D5AFE2E created: 2009-02-23 expires: never usage: E > [ unknown] (1). REWARD data interchange 2009 > > Command> sign > gpg: no default secret key: secret key not available > > Command> > > Any help is appreciated! It sounds to me like you might be confusing validity with ownertrust. In my earlier note, i suggested that you *trust* the keyholder of some key that will certify the keys you are encrypting to. Instead, it looks to me like you've chosen to try to *sign* one of the keys you're encrypting to directly from the server. It helps me to separate out these concepts into two ideas: 0) who do you know (i.e. who can you identify)? 1) who do you trust to identify others? And since you're dealing with two different gpg installations (one on the server and one that you control elsewhere) you probably want to think about those from separate perspectives. I don't know what you're planning to do on your server, but i'll pretend for the moment that you're working with a web application which is expected to recieve information over the web, and then encrypt it to someone. I'll refer to that someone as the "encryption target". from the webapp's view, how does it know it's encrypting info to the right person? let's say you're the administrator of such a system, and you want the webapp to believe you when you certify that a certain key belongs to a given person. Then you (as the admin) would have your own OpenPGP key, stored off of the server (probably on your own workstation someplace). Let's assume that key is key ID 0xDECAFBAD. You'd upload the public part of 0xDECAFBAD to the server, and import it into the webapp's keyring. After import *as the webapp user* you'd say "i trust the sysadmin to identify encryption targets" by doing: gpg --edit-key 0xDECAFBAD trust and then designate "ultimate" ownertrust. Then, you'd use your own key to certify the key belonging to the encryption target -- you'd "sign the target's public key" with your own key. Then you'd upload the target's public key (with your certification) to the server, and import it into the webapp's keyring. Does this make sense? The advantage of this arrangement is that now your webapp can be used to encrypt to a variety of people -- you'll just need to sign their keys, and they can be encryption targets as well. hope this helps, --dkg Please consider the environment before printing this e-mail. This e-mail, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing, or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Children's Medical Center Dallas immediately at 214-456-4444 or via e-mail at priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all applicable privileges related to this information. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users