On Sat, Feb 14, 1998 at 07:54:26PM -0600, Ender Wigin wrote: > > Ok, I found a maintainer who will sign my pgp signiture ... but both of us > are lost as to what exactly we have to do to "sign" a signature... Here is > what he thought was the right way to do it. > > "I'll come over with my public key. We will compare id's, and then, if > you want, you can sign my public key. You'll also give me a copy of > your public key, for me to bring home and sign. Then I email you the > signed copy of your public key (the email being signed and encrypted, of > course). Does this sound right? I'm a little leery of the need to add > my secret key to your machine in order for me to sign your key, which > appears to be what is needed from my reading of the docs. I could be > wrong, so if there is a better way, let me know." You should meet in persona in real life and exchange your id cards and fingerprints (extracted with pgp -kvc) so you can be sure that either of you is either of you. After that sign either key with pgp -ks and extract it with pgp -kxa and send it to either of you. If you haven't meet each other in real life and cannot assure that either of you is the person you must not sign either key Regards, Joey -- / Martin Schulze * joey@infodrom.north.de * 26129 Oldenburg / / linux: Unbekannter Terminaltyp / / Ich weiß nicht, auf was für einem Terminaltyp Sie arbeiten - / / alles, was ich habe, ist 'linux'. -- Solaris 2.5 /
Attachment:
pgpSqFdXFwrmn.pgp
Description: PGP signature