Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE

251

252

253

254

255

256

257

258

259

260

Appendix B. Getting Started with Gnu Privacy Guard 259

B.5. Importing a Public Key

The other end of key exchange — importing other people’s public keys to your keyring —

is just as simple as exporting keys. When you import someone’s public key, you can decrypt

their mail and check their digital signature against their public key on your keyring.

One of the easiest ways to import a key is to download the key or save it from a website. To

learn how to import Red Hat’s key, refer to Section 25.3.1.

After downloading a key, use the command gpg --import key.asc to add it to your

keyring.

Another way to save a key is to use a browser’s Save As feature. If you are using a browser

such as Navigator, and you locate a key at a keyserver, you can save the page as a text ﬁle

(go to File => Save As). In the drop-down box next to Format for saved document, choose

Text. Then, you can import the key — but remember the name of the ﬁle you saved. For

example, if you saved a key as a text ﬁle called newkey.txt, to import the ﬁle, at a shell

prompt, type the following command:

gpg --import newkey.txt

The output will look similar to the following:

gpg: key F78FFE84: public key imported

gpg: Total number processed: 1

gpg: imported: 1

To check that the process was successful, use the gpg --list-keys command; you should

see your newly imported key listed on your keyring.

B.6. What Are Digital Signatures?

Digital signatures can be compared to your written signature. Unlike traditional correspon-

dence, in which it might be possible to tamper with your written signature, digital signatures

can not be forged. That is because the signature is created with your unique secret key, and

can be veriﬁed by your recipient using your public key.

A digital signature timestamps a document; essentially, that means that the time you signed

the document is part of that signature. So if anyone tries to modify the document, the ver-

iﬁcation of the signature will fail. Some email applications, such as Exmh or KDE’s KMail,

include the ability to sign documents with GnuPG within the application’s interface.

Two useful types of digital signatures are clearsigned documents and detached signatures. Both

types of signatures incorporate the same security of authenticity, without requiring your

recipient to decrypt your entire message.

In a clearsigned message, your signature appears as a text block within the context of your

letter; a detached signature is sent as a separate ﬁle with your correspondence.

B.7. Additional Resources

There is more to encryption technology than can be covered in one slim introduction to

GnuPG. Here are some resources where you can learn more.