You should also know about key signing and the the reason for it. It’s best that you have an understanding of data encryption and data signing using public key cryptography before you read this. (Edit - ) gpg automatically uses the newest valid subkey to sign/encrypt.Trust from external signatures is provided transitively. Subkeys need only be self-signed (which is automatic).That means they can be changed at will by the key owner without affecting the status of external key signatures. Most key parameters are stored in the self signature.Here are some takeaways I wish I had going into this: The goal of this post is to grease the skids for the next guy, by tying the key storage format to the RFC definition, and to the associated gpg commands and parameters. Many questions that I had were tangential to the particular procedure, and therefore not covered where I needed it to be.įor me, the key to understanding how to work with gpg was to understand the packet structure of the underlying OpenPGP Message Format ( RFC4880), which defines how gpg messages, signatures, and key material are stored. Pretty much all of the documentation is procedural - how to use the tool to accomplish some specific tasks. I had a fairly hard time understanding all of the ins and outs of managing keys using the gnupg tool ‘gpg’.
0 Comments
Leave a Reply. |