>> I do remember that I had a key, and it was signed and may have even been >> available on a server but I don't remember what server or how to find it >> so that I can update the public key. Is there a search for stuff like that? >> > Only half of the key pair would have been uploaded (the half > designated as the public key). The private key would have been on > your computer. >
Gustin is correct - but there is more.. The keyservers auto-magically merge changes to a public key so in effect anyone can add signatures to your public key (or even upload one on your behalf/without your permission). Some servers synchronize between themselves to propagate changes. Here's one which is easy to remember: http://www.stinkfoot.org:11371/ You do not need the private key to effect a public key! The most notable example of this is a 'revoke cert', which can mark a key as 'null and void'. It is sensible to print off a copy of this 'revoke cert' when generating a key pair so that you can kill a public key should the need arise where you don't have access to the private key. Simon. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
