[ale] keyring public keyring secret keyring, the why what when and how

Charles Shapiro hooterpincher at gmail.com
Fri May 4 09:26:36 EDT 2018 

I, Aaron, and Judy wrote the Definitive Keystroke-by-Keystroke Guide to GPG
back in 2009 ( https://ale.org/static_pages/gpgstepbystep.html ).  It
explains some of the concepts of Public Key cryptography.  The very first
paragraph explains why gpg has two separate keys and why that's
important.

The other important part of GPG is that there's no central key validation
authority. You judge whether to trust that a key belongs to someone based
on endorsements from other folks who ( presumably ) hold valid keys. The
theory is that a heavily endorsed key is likely to be truly tied to the
person claiming it.  This is the GPG "Web of Trust", and in practice it
seems to work pretty well.  There are several well-known sites that record
these endorsements.  You can see my public key and its endorsements by
looking for "charles.shapiro at tomshiro.org" on the Ubuntu keyserver (
http://keyserver.ubuntu.com ).  You get endorsements of keys by personally
proving that (a) you're you and (b) you control your key.  You can do this
by personally asking someone to endorse your key, or by attending a "key
signing party", where everyone agrees to endorse everyone else's key after
they give the appropriate proofs.  This usually involves standing up,
presenting a driver's license or passport, and then being marked off a list
of prepared keys.

It might be time for ALE to do another key signing party. We've done them
in the past with success.

Hope this helps a little.


-- CHS

On Thu, May 3, 2018 at 3:07 PM, Narahari 'n' Savitha via Ale <ale at ale.org>
wrote:

> Friends:
>
> I have to do some work on keyrings and I need some help to get some
> concepts down.  Most sites tell you how to use but not why
>
> In an analogy with physical keyrings, I presume that  keyrings are nothing
> but a container to hold on to keys.
>
> Why the distinction between keyring and public keyring and secret keyring ?
>
> What is the idea of having a secret keyring ?
>
> ===
>
> If I have to provide my public key I need to export in armor format, is
> that right ?
>
> The public key has to be then imported by the person who wants to encrypt
> and then it becomes a part of their key ring (the keyring of their choice
> I presume)
>
> Without importing the key I cannot encrypt the data by just providing the
> pub file ?
>
> =====
>
> What is the idea behind signing and encrypting ?  Isnt encryping
> implicitly signing ?
>
> ====
>
>
> Any good article with pics is helpful.
>
> -Narahari
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180504/2a807915/attachment.html>

More information about the Ale mailing list