[GTALUG] Key Signing follow up, what shall I do next?
Antonio Sun
tlugys.ats at spamgourmet.com
Wed Apr 18 21:28:15 EDT 2018
So I attend the Key Signing party, exchanged my signatures, and even get
emails telling me that my key is signed.
I'm now a bit lost on what shall I do next, and trying to google for the
answer didn't help much either.
The closest I found is:
GPG Tutorial
https://futureboy.us/pgp.html#UpdatingKeys
and I've checked the following sections:
Updating Keys
People are constantly updating their keys for various reasons:
- Keys get compromised or lost and they are revoked.
- Keys are signed by more people, building a Web of Trust
<https://futureboy.us/pgp.html#WebOfTrust>. . .
Who Signed My Key?
Now that you've updated keys from a keyserver, you might want to see who
has signed your key. After all, *anyone* can sign *any* key and re-upload
that key to a key server. You can see the signatures with the
--list-sigs command
to gpg . . .
However, I'm still at lost understanding them. I.e., I tried both the
suggested commands, but can't see any sign that my key is signed by more
people, and any of their emails.
All that I know is that
- I get an email telling me that my key is signed.
- I'm able to decrypt it, and see an attachment of mykey.asc:
--------------B954318AC305B6429BF6150D
Content-Type: text/plain; charset=UTF-8;
name="mykey.asc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="mykey.asc"
What steps I shall do next? (Instruction for the command line is more
welcome than using GUI)
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20180418/eb780094/attachment.html>
More information about the talk
mailing list