From: Derek Atkins <warlord@MIT.EDU>
To: jfmesq@ibm.net (James F. Marshall)
Message Hash: b1fcf606ff7b7d7fb75ec53666b30cbb4122314ec026485cebcf8821be6439b9
Message ID: <199507312354.TAA02802@toxicwaste.media.mit.edu>
Reply To: <199507312339.XAA100594@smtp-gw01.ny.us.ibm.net>
UTC Datetime: 1995-07-31 23:54:53 UTC
Raw Date: Mon, 31 Jul 95 16:54:53 PDT
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 31 Jul 95 16:54:53 PDT
To: jfmesq@ibm.net (James F. Marshall)
Subject: Re: Public Key Confusion
In-Reply-To: <199507312339.XAA100594@smtp-gw01.ny.us.ibm.net>
Message-ID: <199507312354.TAA02802@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
When you want to sign a key, you should use "pgp -ks". You should
never clearsign a public key -- it buys you absolutely nothing other
than saying that "I saw this key at some point, and this message
(which is a public key block) came from me".
Have you signed your own key using "pgp -ks"? Have you extracted your
key (using "pgp -kxa") since you signed it? Or did you only extract
it before you signed it? This would be the cause of the confusion.
If you sign a key, the signature gets attached to the key certificate.
However you do not need that signature in order to _use_ the key. So,
people to whom you gave your key without a signature can still use
that key, it just doesn't have your signature on it.
As for the keyserver, it _ONLY_ accepts keys; if you clearsign your
key before you send it, then you are not sending a key, you are
sending a message that contains a key. This is not the same thing.
That is why the keyserver rejected it.
> Should I just stop distributing the .asc version and only let people
> have the longer version extracted from my public keyring? Is that the
> properly signed copy?
If you performed the pgp -ks, then you should re-perform the pgp -kxa
and distribute the newly extracted key.
I hope this answers all your questions. All of this, and more, should
be explained in the PGP Documentation which is included with PGP.
Good Luck.
-derek
Return to July 1995
Return to “jfmesq@ibm.net (James F. Marshall)”