Here's my OpenPGP public key. Please use this key for any correspondence with me.
Get OpenPGP software and information at GnuPG.org.
Key Details:
$ gpg --fingerprint 04A4F0DC | sed -e 's/@/ at /'
*technically, the sed command is: sed -e 's/@/ at /;s/</\</g;s/>/\>/g'
pub 1024D/04A4F0DC 2002-11-22 Brian V Bonini (Personal) <b-bonini at cox.net>
Key fingerprint = 9A80 8714 A9C8 F26A 2928 CF3C 2C35 0110 04A4 F0DC
uid Brian V Bonini (gfx-Design) <brian at gfx-design.com>
sub 1024g/6E556C14 2002-11-22
UNIX/Linux users you should have no problem with this.
Win users:
You can download GnuPG for win @ ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.2.3.zip
http://www.gnupg.org/(en)/download/index.html
OR you can get a free verion of PGP @ http://www.pgp.com/products/freeware.html
http://web.mit.edu/network/pgp.html
OR you can get a commercial version from: http://openpgp.org/findpgp.shtml
What do I do with this?
If your using GnuPG:
- Download the public key and import it into your keyring
$ gpg --import 04A4F0DC.asc
- Alternatively you can download it from the MIT keyserver
(or any server on the global keyserver network)
$ gpg --keyserver pgp.mit.edu --revc-keys 04A4F0DC
- Send me your public key info so we can exchange secure data
$ gpg --export -a UID > KEYID.asc
OR
$ gpg --export -a UID | mail -s 'KEYID from UID' recipient@domain.com
Some useful stuff:
$ gpg -ea -r Joe test.file
This will encrypt the file test.file using Joe's public key. This means that only
Joe will be able to decrypt the file; or in your case, you yourself will be the only
person ever able to decrypt it.
"-e" option tells GPG to encrypt
"-a" option tells GPG to use ASCII armor.
"-r" option indicates the recipient
A new file will be created containing the encrypted data called test.file.asc.
or test.file.gpg if the -a switch was not given.
$ gpg -d test.file.asc >test.file
The "-d" option tells GPG to decrypt the data contained in test.file.asc and put it in
test.file
$ gpg --export -a user@xxx.host >user.asc
This will export the public key belonging to user@xxx.host (aka you) and redirect it to
the file user.asc. This is the file that you would pass out to others to give them your
public key. You can also export directly to a keyserver by using:
$ gpg --send-keys --keyserver pgp.mit.edu UID
$ gpg --clearsign -a test.file
This will create a new file called test.file.asc
Use this to sign a plain text document and embed the signature in the document.
You can also sign messages in a non-clearsigned manner. This makes another .asc file,
but it looks encrypted. It isn't really encrypted. Anyone can use the "-d" option to
"decrypt" the file and read it's contents, or use "--verify" on the file to determine
if it has been tampered with. To sign a file in this manner, use "-s" instead of
"--clearsign".
$ gpg --verify test.file.asc
To verify the above.
$ gpg -ba somefile-0.01.tar.gz
Use this to create a detached signature for a binary file.
The detached signature will be stored in the file somefile-0.01.tar.gz.asc.
Now, if someone were to download your file, and the detached signature file
(both are required), they could execute:
$ gpg --verify somefile-0.01.tar.gz.asc
GPG will compare the signature in the .asc file to the actual file and report as to
whether the signature is good. If the signature file or the binary file has been
tampered with, GPG will return a bad signature. If you were to download, for example,
the openssh tarball, you can also download the GPG signature file for it and execute
this command against that signature file to know whether or not the openssh tarball
was valid.