- Key signing spreads the "web of trust" for public keys
- You sign a key when you believe that the key is authentic and belongs to the person claiming to be the owner
- Bob knows my key belongs to me, so he is going to sign my key by using the
--edit-key option:
[bob@yohost bob]$ gpg --edit-key mandi
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 1024D/7776E936 created: 2002-10-04 expires: never trust: -/q
sub 1024g/E0524E3E created: 2002-10-04 expires: never
(1). Mandi Walls
Command> sign
pub 1024D/7776E936 created: 2002-10-04 expires: never trust: -/q
Fingerprint: 62B9 6999 9988 B437 6E78 BD66 CD1D CAAA 7776 E936
Mandi Walls
Are you really sure that you want to sign this key
with your key: "Bob Smith (User Bob) "
Really sign? yes
You need a passphrase to unlock the secret key for
user: "Bob Smith (User Bob) "
1024-bit DSA key, ID 9004BC23, created 2003-01-29
Command> save
- Bob can see what signatures have been applied to a key using the
--list-sigs option. From the output from that command, bob can see tht he has successfully added his signature to my key:
pub 1024D/7776E936 2002-10-04 Mandi Walls
sig 7776E936 2002-10-04 Mandi Walls
sig A9187B27 2003-01-29 [User id not found]
sig 9004BC23 2003-01-30 Bob Smith (User Bob)
sub 1024g/E0524E3E 2002-10-04
sig 7776E936 2002-10-04 Mandi Walls
- Now that Bob has signed my key, he could upload it to the keyserver (if it was on one) and anyone else who uses my key will know that bob trusts me. They can make a personal judgement for themselves how much to trust me and how much they trust bob to carefully sign keys
- gpg has a mechanism to assign trust values to certain keys. To see how much he trusts the keys he has, bob runs
gpg --list-keys --with-colons:
[bob@yohost bob]$ gpg --list-keys --with-colons
/home/bob/.gnupg/pubring.gpg
----------------------------
pub:q:1024:17:219180CDDB42A60E:1999-09-23::64:-:Red Hat, Inc ::scESC:
sub:q:2048:16:C9CC699F961630A2:1999-09-23::64::::e:
pub:f:1024:17:CD1DCAAA7776E936:2002-10-04::174:-:Mandi Walls ::scESC:
sub:f:1024:16:F25ED76DE0524E3E:2002-10-04::174::::e:
pub:u:1024:17:DB58668A9004BC23:2003-01-29::184:-:Bob Smith (User Bob) ::scESC:
sub:u:1024:16:3A07B74EB5577FFB:2003-01-29::184::::e:
pub:q:1024:17:0EBC6D84E6CB97DA:2002-02-26:2004-02-26:190:-:Tom Vier ::scESC:
uid:q::::::::Tom Vier :
sub:q:2048:16:AFB04D017A93AEDA:2002-02-26:2004-02-26:190::::e:
- The second field of output is the level of trust bob has for the particular key
- The trust for Red Hat's key is "q", or unknown
- The trust for my key, is "f", or fully trusted. Bob signed my key with his signature, so he trusts my key
- The trust for bob's own key is "u", or ultimately trusted. This can only be the case when bob has the secret key for the key pair
- Trust of a key is calculated by gpg using an algorithm based on the number of signatures on the key
- For a key to be considered valid, the key must either have been signed by bob, been signed by one key fully trusted by bob, or have been signed by 3 keys marginally trusted by bob. Also, the path from bob's key to that key has to be 5 steps or less
- Bob noticed from the copious output of the
--list-sigs command that Red Hat's key has been signed by several dozen other keys. He checks it out at pgp.mit.edu and sees the names of all the people who have signed Red Hat's key
- Bob thinks maybe he could increase the trust on Red Hat's key in his own keyring using the
--edit-key option, even though his key doesn't link back to Red Hat's key:
[bob@yohost bob]$ gpg --edit-key redhat
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: -/q
sub 2048g/961630A2 created: 1999-09-23 expires: never
(1). Red Hat, Inc
Command> trust
pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: -/q
sub 2048g/961630A2 created: 1999-09-23 expires: never
(1). Red Hat, Inc
Please decide how far you trust this user to correctly
verify other users' keys (by looking at passports,
checking fingerprints from different sources...)?
1 = Don't know
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
s = please show me more information
m = back to the main menu
Your decision? 3
pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: m/q
sub 2048g/961630A2 created: 1999-09-23 expires: never
(1). Red Hat, Inc
Command> save
- Bob plays it conservative and trusts Red Hat's key marginally. After all, he doesn't know any of the people who have signed Red Hat's key, even if there are a lot of them. Though, he did notice that Red Hat's key was signed by Peter Jones, whose key was signed by Hunter Matthews, whose key was signed by Theodore Ts'o, Kerberos team lead at MIT and kernel hacker. Damn that's cool. Bob is such a lamer, no one has signed his key