[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg: export just my keys, not whole keyring?

On onsdag 12 oktober 2005, 13:36, Matt Price wrote:
> interesting, the depths of my ignorance continue to berevealed to
> me...  I'm not sure what a keyid is! 

Ah, OK! 

Hmmm, I'm going searching...
It seems you have an (old) key
http://pgp.mit.edu:11371/pks/lookup?search=matt.price%40utoronto.ca&op=index
and for that key, the KeyID is 80161724.

It is just something that (with reasonable probability, possibly) 
uniquely identifies that key. Since there are subkeys and stuff (these 
things are beyond me), that have their own ids, this can get fairly 
complex. Also, you'll see longer keyids now, but to make a long story 
short, it is a hex number consisting of the last 8 numbers of you 
fingerprint. So, if you find your fingerprint, you've got it.

DEADBEEF is the metasyntatical variable (i.e. example) keyID, since it 
is all hex and a funny word of the correct length.

> But I did try this: 
> gpg --export "Matt Price <matt.price@utoronto.ca>" > ring.gpg -- and
> I ended up with something much smaller.  So maybe that's good enough.

Cool! :-)

> But one thing is, I'm still not sure that the key I export is the one
> I'm actually using to sign my debian packages & files.  I know I've
> made a number of keys inthe past (part of my wanderings in the dark)

Right! :-)

> and now I don't know which one is automatically used when I invoke
> gpg.  jeez, how do I figure that out?

Errrr, /me looks around the room for backup... :-) 

Try 
gpg --list-keys "Matt Price <matt.price@utoronto.ca>"
They will have dates and stuff. And you'll see the associated keyid. 
Also, you can have a look at mine
gpg --recv-keys 6a6a0bbc
should import it, and
gpg --list-keys 6a6a0bbc 
should give you an idea of how it looks, 6a6a0bbc being the keyid.

>
>
> oh, and finally -- if I figure out which key I want to export, do I
> add it to the ubuntu-keyring just with
> cat mykey.gpg >> ubuntu-archive-keyring ?
> or will that screw with the binary file format somehow?

I don't know, but I would be careful...

I think I would do something like (untested)
gpg --no-default-keyring --keyring ubuntu-archive-keyring --import 
mykey.gpg
But then, I'm not quite sure you would want to import it in the ubuntu 
keyring... Perhaps you'd rather import the ubuntu-keyring into your 
pubring.gpg, if that's your default. I must admit that I'm a little 
rusty here, though.

Also, I found, way back, that importing the whole debian keyring into my 
pubring was a bad idea, this was back in the day when GPG would totally 
lock KMails interface, and with the large Debian keyring, it would do 
it for half an hour or something. It won't be that bad now, but I also 
learnt that unmerging the most interesting keys was a non-trivial task, 
so nowadays, when I come across a key, I do
gpg --no-default-keyring --keyring seen.pgp --recv-key DEADBEEF
gpg --recv-key DEADBEEF
to import it into both seen.gpg and the default keyring.


> sorry for the ignorance.

No problem. We've all been there. Still is, quite often, in fact! :-)


Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Programmer / Astrophysicist / Ski-orienteer / Orienteer / Mountaineer
kjetil@kjernsmo.net   
Homepage: http://www.kjetil.kjernsmo.net/     OpenPGP KeyID: 6A6A0BBC
Reply to: