On Wed, 6 Jun 2012 21:54, pe...@digitalbrains.com said: > But it's a bit unclear to me on what basis you decided it looked correct? Your > mail suggests to me that you decided that based on the fact that the UID on > that key is "Werner Koch (dist sig)". But that would be the very first thing a
If you look at my OpenPGP mail header you will be pointed to a “finger” address - enter it into your web browser (in case you don't know what finger is) and you will see pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] uid Werner Koch <w...@gnupg.org> uid Werner Koch <x...@g10code.com> sub 2048R/FA8FE1F9 2008-03-21 [expires: 2011-12-30] sub 1024D/77F95F95 2011-11-02 sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31] pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] uid Werner Koch (dist sig) sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31] pub 1024R/1CE0C630 2006-01-01 [expired: 2011-06-30] uid Werner Koch (dist sig) <dd...@gnu.org> pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31] uid Werner Koch (gnupg sig) <dd...@gnu.org> 1E42B367 is my standard key [encrypt and sign; use this one]. 4F25E3B6 is used to sign software distributions [sign only]. 5B0358A2 was used as my key until it expired on 2011-07-11; it has been superseded by 1E42B367 1CE0C630 was used to sign software distributions [sign only]; it has been superseded by 4F25E3B6. 57548DCD was used to sign software distributions [sign only]; it has been superseded by 1CE0C630. Please note that I use a subkey for signing messages; some old OpenPGP implementations may not be able to check such a signature. The primary key is stored at a more or less secure place and only used on a spare laptop which is not connected to any network. If you find a key certified by this one, you can be sure that I personally met this person and checked the name part of the user ID against an official looking passport or another suitable photo id. My signature does not say anything about the email address (I merely check that the address looks plausible). followed by a public key block. If you check the signatures of the current dist signing key (gpg --check-sigs 4F25E3B6): pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] uid Werner Koch (dist sig) sig!3 4F25E3B6 2011-01-12 Werner Koch (dist sig) sig! 1CE0C630 2011-01-12 Werner Koch (dist sig) <dd...@gnu.org> sig! 1E42B367 2011-01-12 Werner Koch <w...@gnupg.org> [...] you will notice that the key has in addition to the required self-signature (note the “sig!3” line with the same key ID as the “pub" line) a signature from the former dist signing key (1CE0C630), and one From my regular key 1E42B367. Now check the my regular key and you will notice that it is very well connected in the the Web of Trust. Shalom-Salam, Werner p.s. If you wonder about the subkey of the dist sig key: It is used for ssh and, due to the “A” usage, ignored by gpg: $ gpg2 --edit-key --batch 4F25E3B6 quit Secret key is available. pub 2048R/4F25E3B6 created: 2011-01-12 expires: 2019-12-31 usage: SC trust: ultimate validity: ultimate sub 2048R/AC87C71A created: 2011-01-12 expires: 2019-12-31 usage: A [ultimate] (1). Werner Koch (dist sig) -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpSXMeLdfP9c.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users