Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
---|---|---|
Prev | Chapter 19. Software -Securities/Management & Limitation | Next |
Once our own key-pair is created, we can begin to put into our public keyring database of all keys we have from some trusted third partly in order to be able to use his/her keys for future encryption and authentication communication. To import Public Keys to your keyring, use the following command:
[root@deep] /# gpg --import <file> |
Example 19-1. Importing using gpg
[root@deep] /# gpg --import redhat2.asc |
gpg: key DB42A60E: public key imported gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: Total number processed: 1 gpg: imported: 1 |
When you import keys into your public keyring database and are sure that trusted third party is really the person they claim, you can start signing his/her keys. Signing a key certifies that you know the owner of the keys. To sign a key for the company RedHat that we have added on our keyring above, use the following command:
[root@deep] /# gpg --sign-key <UID> |
Example 19-2. Signing key
[root@deep] /# gpg --sign-key RedHat
pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: -/q sub 2048g/961630A2 created: 1999-09-23 expires: never (1) Red Hat, Inc <[email protected]> pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: -/q Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E Red Hat, Inc <[email protected]> Are you really sure that you want to sign this key with your key: "Gerhard Mourani <[email protected]>" Really sign? y You need a passphrase to unlock the secret key for user: "Gerhard Mourani <[email protected]>" 1024-bit DSA key, ID E92D6C97, created 1999-12-30 Enter passphrase: |
: You should only sign a key as being authentic when you are Absolutely sure that the key is really authentic! You should never sign a key based on any assumption.