Hi Alfred, Andreas,
so why then all these emails that say "Your signed PGP key" ?
These emails all have an attachment (and I still don't know how to create
such an attachment for the other participants).
And my guess (understanding would be to too much) so far was that the
attachment
contains my key signed by the sender and that I should some upload the
attachment
content to the keyserver. Your final step below suggests, however, that
I should (1) fetch
somebody's key from the keyserver (I managed to do that), (2) sign it
with my key, and
(3) upload it to the keyserver again. That would be pretty simple and
involve no emails
whatsoever.
Still confused,
Jürgen
On 08/20/2014 03:24 PM, Alfred M. Szmidt wrote:
gpg --no-tty --no-auto-check-trustdb --batch --no-armor --always-trust
-r 531B6686 -e /tmp/pius_tmp/pius_tmp
That is trying to encrypt (the -e option) the file
/tmp/pius_tmp/pius_tmp, very little to do with signing a key.
To sign a key, first import it:
$ gpg --keyserver KEYSERVER --recv-keys KEYID
Then check the fingerprint:
$ gpg --fingerprint KEYID
Finally, sign it:
$ gpg --sign-key KEYID
(If you have multiple private keys, pass the --default-key KEY-TO-USE
option as well)
And as a final step, so others can get an updated version of the key,
upload it to a keyserver (yes, that is the KEYID of the key you just
signed, not the key you used to sign it with!):
$ gpg --keyserver KEYSERVER --send-key KEYID
A good keyserver is certserver.pgp.com.
