Hi, On Thu, Aug 19, 2010 at 02:26:07PM -0700, BernePGP wrote:
> After the recipient has loaded the programe he generates a personal key but > does he do as I have done and copy out his public key in a wordfile and send > it to me? Essentially, yes. It is usually advisable to use plain text files (i.e. files containing just the raw text, without any formatting), as these can be used from gpg directly. If you use gpg on the command line, the easiest way is to use the "--output" (or "-o") option, e.g. in order to export a key: gpg --output mykey.txt --export --armor 12345678 where you replace "mykey.txt" with the name of the file you wish to contain a copy of your public key, and 12345678 with the ID for your key. You can import such a file using gpg --import mykey.txt (again, replacing the file name). > In other words when the recipient got my email with my public key encrypted > in a wordfile , what does he then do? Does he copy and paste my public key > somewhere in his gnupgp programe? He needs to import the key using --import. For this it is vital that the key be available as plain text. If you have a Word file, you should copy and paste the text into Notepad, and import from there. Note that the communication channel you used to transfer the public key is not secure -- while an attacker could not use the key data for anything other than sending you an encrypted message, a man in the middle could swap the key for another one. Therefore, it is recommended that after importing, you list the contents of the keyring using the command gpg --fingerprint which will then show you one block for each known key, starting with "pub" then followed by a number and letter, a slash, then the key id and creation date, then in the next line listing a string of numbers. You should verify that these two lines are the same for both you and the recipient, if they are, then the key has not been tampered with in transit. You can then use gpg --sign-key 23456789 (replacing 23456789 with the other's key id), and follow the instructions there to sign their key using yours; with this, you amend the other's key with a signed note saying that you have verified their identity, as the note is signed it cannot be forged, and your local copy of gpg will then know that it is safe to use this key (otherwise it'll warn that the key is "untrusted" whenever it is used). > In what form should I expect to recieve the senders public key? Will it > arrive already encrypted in a word file and if so what do I do with that enc > public key in regard to my gnuPGP programe? The same thing as your party does with your key. Simon _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
