Bug#132920: www.debian.org: updated text for keysigning HOWTO
Package: www.debian.org
Version: N/A; reported 2002-02-08
Severity: wishlist
Tags: patch
Based on my experience signing and having my key signed recently I would
like to suggest some extra text for the keysigning howto at
http://www.debian.org/events/keysigning (and can I also ask that it linked
from somewhere more prominent like the developers corner?)
I'm pretty sure the information I added is accurate. Some of the WML may
need editting though.
--
Jaldhar H. Vyas <jaldhar@debian.org>
It's a girl! See the pictures - http://www.braincells.com/shailaja/
--- keysigning.wml.old Thu Feb 7 23:52:52 2002
+++ keysigning.wml Fri Feb 8 00:27:18 2002
@@ -23,6 +23,7 @@
<li>The key owner verifies that the fingerprint of the key about to be
signed is indeed their own.
+
</ol>
Most importantly, if the key owner is not actively participating in
@@ -55,19 +56,57 @@
gpg --keyserver keyring.debian.org --recv-keys 0xDEADBEAF
</pre>
+<p>If the person whose key you want to sign is not in the Debian keyring,
+replace keyring.debian.org with a public keyserver like pgpkeys.pgp.net (which
+despitethe name also stores GnuPG keys.)
+
+<p>Note we can use the last eight hex digits of the key in this and other GnuPG
+operations. The 0x in front is also optional.
+
<li> To sign the key, enter the edit menu with
<pre>
gpg --edit-key 0xDEADBEAF
</pre>
-<li> In GnuPG select all uids to sign with <code>uid n</code>.
+<li> In GnuPG select all uids to sign with <code>uid n</code> where n is the
+number of the uid shown in the menu. You can also press enter to sign all
+the uids.
<li> To sign a key, enter <code>sign</code>. You will then be shown
the fingerprint of they key which you have to compare with the
one you've got from the person you met.
<li> Quit GnuPG with <code>quit</code>
+
+<li> To verify you have signed the key correctly, you can do:
+
+<pre>
+ gpg --list-sigs 0xDEADBEAF
+</pre>
+
+You should see your own name and fingerprint (in short form) in the output.
+
+<li> Once you are satisfied everything went ok you can send the signed key
+to its' recipient by doing:
+
+<pre>
+ gpg --export -a 0xDEADBEAF > someguys.key
+</pre>
+
+<p>The <code>-a</code> option exports the key in ASCII format so it can be
+emailed without possibility of corruption.
+
+<li> If someone signs your key in this manner, you can add it to the Debian
+keyring by doing:
+
+<pre>
+ gpg --import mysigned.key
+ gpg --keyserver keyring.debian.org --send-keys <your key id>
+</pre>
+
+<p>It may take a while for the keying maintainers to update your key so be
+patient. You should also upload your updated key to the public keyservers.
</ul>
Reply to: