Verify and Sign a Public Key on the PGP Global Directory

Article:TECH148869  |  Created: 2006-02-17  |  Updated: 2012-01-24  |  Article URL http://www.symantec.com/docs/TECH148869
Article Type
Technical Solution


Issue



This article describes how to sign another user's public key on the PGP Global Directory

 


Solution




By signing another users public key, you are stating you have verified that the key does in fact belong to the owner. Verification is done by comparing the unique fingerprint on the key to the actual fingerprint on the users original key. You may use an exportable signature when you sign another users key so that the signature will travel with the key. The benefit of this is that if someone decides to trust you and you have signed another persons key, then they can consider the key valid without verifying it for themselves. You can only add your signature to a key in the PGP Global Directory if your key already exists in the PGP Global Directory. After you download the key to your system, you can then use PGP Desktop 9.x to sign the public key and upload it back to the PGP Global Directory.

 

Note: When you submit the signed key to the PGP Global Directory, there is no verification required by the owner of the key. In order for the key you sign to become valid, the key you are signing with must be implicitly trusted. The trust level can be adjusted by viewing the properties of the key and selecting implicit under the trust settings.


 

How to Add Your Signature to Someone Elses Public Key and then Upload it to the PGP Global Directory

  1. In PGP Desktop 9.x, click the PGP Keys control box and right click on the user whose key you wish to sign.
  2. Click Sign and the PGP Sign Key screen should appear.
  3. Verify that the Fingerprint matches the Fingerprint from the original owner.
  4. Since you want your signature on the key when it is uploaded back to the PGP Global Directory, be sure to click the box labeled Allow signature to be exported.
  5. Click OK
  6. The PGP Enter Passphrase for Selected Key dialogue comes up. Under Signing key, use the drop down arrow on the right to select the correct signing key (the key you wish to sign with) from your keyring. Then enter the passphrase for that key and click OK.
  7. Notice how with your signature, the key now becomes valid to you (indicated by the green dot/check under the Validity column in 9.0.x or Verified colum in 9.5.x).
  8. Now you can upload the key back to the PGP Global Directory by right clicking on the key, scrolling down to Send To and clicking the PGP Global Directory(ldap://keyserver.pgp.com:389).
  9. A window will appear showing that the request is being submitted.


Legacy ID



88


Article URL http://www.symantec.com/docs/TECH148869


Terms of use for this information are found in Legal Notices