Encryption Key Mini How-To
What is a keyring?
At OFSET, GnuPG is used to authenticate and sign documents. All members have a secret key and a public key: a keyring is a file that stores such keys. This page helps you build your keyring with OFSET member keys.
Basic How To
To build your keyring, you have to install Gnu PG, a free encryption implementation. After the installation, generate your secret/public keypair with:
gpg --gen-key
Don't forget your password!
To export your own public key, use:
gpg --export -a -o fileName.gpg key-name
To import other people's public keys into your keyring, use:
gpg --import file.gpg
Once imported, you can check with the key owner that it is his key by checking the key fingerprint, by issuing:
gpg --fingerprint user-id
When a key is certain to belong to a person, you can "sign" it with:
gpg --edit-key
To sign a document, use:
gpg --detach-sign -a document
This command will generate a file called "document.asc" that will contain a hash of the document and your private key; this file means "I signed THIS document" and nothing else.
To verify a signature, use:
gpg --verify document.asc document
If the signature and the document match, then gpg will say "gpg: Good signature from …", meaning "YOU signed THIS document". With a modified "document" file, the verification will fail.
More info can be found at the GPG web site http://www.gnupg.org/docs.html#howtos.
