| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 38897 | 2003-10-21 08:39:00 | PGP/GPG keys | agent (30) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 185436 | 2003-10-21 08:39:00 | Is it safe to publish the Key ID & Fingerprint, and the Subkey ID & Fingerprint on the internet in order for people to verify the public key you sent to them? As I've already done this, but just in case, I'd rather withdraw the information if it's not safe. And can anyone explain to me just how revokation certificates work, because I just can't wrap my mind around them. |
agent (30) | ||
| 185437 | 2003-10-21 09:04:00 | I'll explain the revocation certificates. When you generate your key, you have the option of sending it to a public key server. People can then search for your key and download it from the server. However, say you lost your old key, how can you get rid of the old key from the server? Revocation certificates :) That is how it was explained to me, anyway. Btw, you should be alright putting that info on the web. |
segfault (655) | ||
| 185438 | 2003-10-21 09:14:00 | Then I would assume a revocation certificate only works when you've actually sent your public key to a key server. Continuing, though, even on a key server, are you not still subject to a possible man-in-the-middle attack, unless people with your public key verified the Fingerprint against a trusted source? Are there actually conceivable benefits to publishing your public key on a key server? Anyway, thanks for that explanation segfault. |
agent (30) | ||
| 185439 | 2003-10-21 10:52:00 | In order for anyone to send you an encrypted message they HAVE to have your public key in order to encrypt it. What the key does is encrypt the message so that only you can read it, once sent or encrypted even the person that encrypted it with your key can't read it as they need your pass phrase to decrypt it. The public key encrypts the message according to the algorithm created by your passphrase. If you don't want every Tom, Dick and Harry sending you encrypted mail then don't post the key on a public server, simply send your key to your friends and family that you do want to be able to send you encrypted mail. Or you can put a termination date on the key so that it will cease to function after a certain date, or amount of time. |
Odin (227) | ||
| 1 | |||||