[ale] PGP / GPG key uid verification from PGP Corp.

Michael H. Warfield mhw at WittsEnd.com
Tue Nov 29 14:53:24 EST 2011


Just a little FYI for those of you new to PGP / GPG...

Using gpg with --send-keys and --recv-keys you can send and receive keys
from the public keyservers.  You can find the settings for your default
keyserver in your configuration file here:

.gnupg/gpg.conf

You should find some lines like this:

-- 
keyserver hkp://subkeys.pgp.net
#keyserver mailto:pgp-public-keys at keys.nl.pgp.net
#keyserver ldap://keyserver.pgp.com
-- 

I use this as my default:

-- 
keyserver hkp://wwwkeys.us.pgp.net
-- 

Another common (older) one is this:

-- 
keyserver pgpkeys.mit.edu
-- 

Important to note that pgp.net and pgp.com are NOT the same thing at
all!  The pgp.net domain is the set of global keyservers around the
world that are interconnected.

PGP Corporation (pgp.com) is now part of Symantec and they operate a
slightly different set of keyservers.  You can get your keys
periodically "validated" through them.

If you upload and "publish" your public key on their keyservers, they
will annually send each uid on that key a validation message.  Clicking
on the URL contained in that message will confirm that the uid is
"active" (can receive E-Mail) and they will sign the uid with their
"validation key".  It's not the same thing as a trust signature (though
it's still a signature), it's just validating that the E-Mail address in
the key is valid and actively maintained.

Their keyservers are NOT connected with the public pgp.net keyservers
and uploading a key to their keyservers will not automatically populate
the pgp.net keyservers (which are interconnected with the MIT ones as
well).  That means you actually have to pull updates separately from
them or send keys to them like this (unless you change your config file
- I wouldn't):

gpg --keyserver ldap://keyserver.pgp.com

They also will not accept older V3 keys (my df1dd471 key dating from
1994 is an example V3 key and one of the reasons it's only used for
legacy signing purposes now) but I doubt anyone is going to have any
problem with that.  GnuPG and GnuPG2 both generate newer keys while
still supporting the use of the older keys.

You can publish your keys (or search for others' keys on their servers)
by going to here:

http://keyserver.pgp.com/vkd/GetWelcomeScreen.event

Using their free service is entirely optional.  I merely thought I would
mention it in case anyone else was interested.


Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111129/29ccde5a/attachment.bin 


More information about the Ale mailing list