[SATLUG] XCSSA Pre-GPG Keysigning Party "To-Do Steps" (if you want your key signed March 17th)

David Kowis dkowis at shlrm.org
Mon Mar 3 13:31:19 CST 2008

Quoting ed <horned0wl93 at gmail.com>:

> David Kowis wrote:
>> Quoting ed <horned0wl93 at gmail.com>:
>>> David Kowis wrote:
>>>> Quoting ed <horned0wl93 at gmail.com>:
>>>>> This a great response, and I've saved the web site for later perusal,
>>>>> but it doesn't address my primary questions:
>>>>> 1. Once I've generated a key-pair (and I have...), how do I find the
>>>>> fingerprint, aside from the screen shot I saved?
>>>> gpg --fingerprint [email or key-id]
>>> Hmm. Ok.  I used the command "gpg --fingerprint", but without any
>>> modifiers, and got a host of other keys besides my own.  Mine's at the
>>> tail-end.  How might I have wound up with these other keys? Are they
>>> important?
>> I believe you're missing the keyid or email address
>> gpg --fingerprint dkowis at shlrm.org would show you the fingerprint for
>> my key. Not specifying the keyid shows the fingerpritns for all the
>> public keys that you have. Those other public keys are needed to
>> verify the signatures made by other people. I reccomend reading up on
>> the concept of Public Key Infrastructure. It's how GPG works.
>>>>> 2. Do I need to do a separate key-pair/fingerprint for each email
>>>>> address I use?
>>>> Nope. You can add multiple email addresses to the key. I don't recall
>>>> how to do it, so i'd say look at the manpage (RTFM, it's what I do :P)
>>> Crazy noob questions:  I'm in the MAN pages, and found edit-key adduid.
>>> The command "gpg --edit-key adduid" only takes me back to a root command
>>> prompt.  What am I missing?  I've also tried adding a full uid behind
>>> the command, and still get sent back to the command prompt.  The main
>>> key and fingerprint are still there, but no additional uids show up...
>>> :(  Help?   (I have 3 terminals open to do/see all of this...)
>> I believe you need to specify the keyid for the key you want to edit.
>> gpg --edit-key dkowis at shlrm.org  --  then you can add emails to it.
> Strangely enough, I stumbled into the interactive command structure
> about as soon as I sent off this response.  So now, I have all my email
> addresses included in my key/fingerprint -- at least, they show up when
> I do a gpg fingerprint [email] in a terminal.  What next?

Well that all depends on what you want to do with it. I'd reccomend  
reading things on how to sign emails using your client of choice.  
Perhaps read up on how to sign files and encrypt files using GPG. Read  
up on how to upload your public key to a keyserver. Take measures to  
ensure the safety of your private key.

There's lots of different directions to go from here, most of which  
involve determining what you want to do with the keypair you've just  

As for the keysigning party, you can now just follow the destructions  
listed on the xcssa page.

David Kowis
|       www.ronpaul2008.com      |    www.sourcemage.org         |
|      Ron Paul for President!   |   SourceMage GNU/Linux        |

More information about the SATLUG mailing list