GNU/Linux documentation.

GnuPG and the D&C GLUG website: FAQ

• Getting Started with GnuPG : FAQ
  www.dcglug.org.uk/linux_doc/startgnupg.html
  (An introductory guide to GnuPG based on the GNU Privacy Handbook.)
  • What is GnuPG/PGP?
  • Why two keys?
  • How do I generate a key for the first time?
  • What protects my private key?
  • What kind of passphrase is needed?
  • What protects my public key?
  • How should I publish my public key?
  • What is key signing?
  • What is the Web of Trust (WoT)?
  • How do I manage and build my WoT?
  • How should I manage my keypair?
  • When, why and how would I revoke the key?
• D&C GLUG Keysigning FAQ
  www.dcglug.org.uk/linux_doc/gnupgsign.html
  • What is key signing?
  • What should I do before signing a key?
  • What commands do I use to sign a key?
  • Can I transfer signatures to a new key?

This page:

• What is GnuPG used for on the DCGLUG website?
• How does the website locate my key?
• Why use my email address instead of the key ID itself?
• Which email address should I use?
• What if the email address is not part of my key (yet)
• How do I check what is used in my current key?
• How can I add a UID to my key?
• When should I export my public key?
• What if I update my key?
• I have revoked my key, what should I do?
• Is there a D&C GLUG keyring?
• Where can I get more information on GnuPG/keys/encryption?

What is GnuPG used for on the DCGLUG website?

List members are increasingly using the DCGLUG mailing list with GnuPG/PGP digital signatures and key signing events have been incorporated into recent meetings. The DCGLUG website currently uses GnuPG encryption for emails containing your Members Area password and emails sent directly to you from the Members Area.

How does the website locate my key?

The website scripts use public keyservers to match your email address rather than your name. Your subscribed email address is / will be part of your identity on the DCGLUG list and it is helpful if the key and the email match up. email addresses are also unique and so there are less matching keys to process.

• If you have a GnuPG/PGP key before you join DCGLUG,
  you can select the GnuPG/PGP checkbox on the "Join DCGLUG" page.
• If you create a GnuPG/PGP key after joining DCGLUG,
  you can add your key to the database from the Members Register.

Why not use the key ID itself?

Most keys already contain a suitable UID and it makes it easier for other members to maintain their keyrings when keys can be easily matched to recognised email addresses. Also, the email address is required for membership and keys can be retrieved from a keyserver using an email address as easily as using a keyid. If this causes problems for you, let me know and I can change it.

Which email address should I use?

• If you have not yet joined the D&C LUG, you should enter the email address that you want to use to send and receive mailing list messages into the joining form.
• If you have already subscribed to the mailing list using majordomo but you now want a username and password for the members area, you should enter the email address currently subscribed to the list into the joining form or you will receive a second request to join the list.

Once you have a mailing list subscription and a members area username/password, you can change your email address from the members area. If you choose to have a subscribed email address that is different to your contact address in the members area, you should be careful how you manage your GnuPG key for the website. It is important that other members have some way of identifying you as the same person in the members area as on the list. You can use a photograph in the members register but you should also sign your list messages with the same keyid as you use from the members area. You will only be able to select a key for the members area that already has your contact email address as a UID, even if that key does not contain a UID containing your subscribed email address, otherwise the key may be deleted from the D&C LUG keyring at the next update.

What if the email address is not part of my key (yet)

If the copy of your public key retrieved from the public keyserver does not contain the email address entered in the form, usually as a part of a User Id (UID), the website will be unable to use GnuPG encryption for you.

How do I check?

The email addresses listed in your key can be displayed using:
(replace #KEYID# with your 8 character key id, e.g. 28BCB3E3.

$ gpg --list-key #KEYID#


How can I add a UID to my key?

If you would like to use GnuPG encryption from the website, you can add a suitable UID to your key using the gpg command:

$ gpg --edit-key #KEYID#
Command> adduid

GnuPG will prompt you for a real name to use (e.g. you could use an abbreviated name or perhaps use an official title etc.), a comment (which should be distinct from other comments on the same key) and an email address - enter the email address that you currently use to post to the DCGLUG mailing list. Save the changes to your key with Command> save.

Please remember to always export your key

Make sure you update the copy of your public key on the keyservers every time you make changes to the key, using the command:

$ gpg --keyserver subkeys.pgp.net --send-keys #KEYID#

Once your key is uploaded, you can

• use the "Join DCGLUG" page, select the Use GnuPG checkbox and your username and password will be sent to you as an encrypted email.
• or if you are already a member, use the Members Register to update your key from a public keyserver.

If you use a different keyserver, please remember that it may take a little time before the keyservers synchronise and the update becomes available to the DCGLUG scripts.

Updating keys

The Members Register also allows you to view the current UID's on your key as stored in the DCGLUG keyring and update it to reflect new signatures, new UID's or to reflect a revocation certificate.

To receive updated copies of all current D&C LUG members, including your own, download the keyring.

Revoked keys

If you have revoked your key, make sure that you send both your revoked key and any new replacement key to a public keyserver. Then you can update your key and the DCGLUG keyring will search for a new key to replace the revoked key.

Is there a D&C LUG keyring?

Yes. Members can add or update their public key to the DCGLUG keyring using the Members Register. KeyID's in use by DCGLUG members are regularly refreshed to keep up with new signatures and new UID's or revoked keys. You can download the D&C LUG keyring as a text file. Save the file to your local filesystem, perhaps call it keyring.txt, and then import into GnuPG using the command:
gpg --import keyring.txt
The D&C LUG keyring has been converted into a graphic to help you see some of the relationships between keys in the ring. (User ID not found appears because the ring used to create the graphic is limited to D&C LUG members only, to keep the image size manageable.)

More Information

• GnuPG home page
• GnuPG FAQ
• GnuPG Mini-HowTo
• The GNU Privacy Handbook
• keyserver.kjsl.com
• List of public key servers
• How are keysigning events arranged?