To communicate with others you must exchange public keys.To list the keys on your public keyring use the command-line option --list-keys.
Exporting a public key
To send your public key to a correspondent you must first export it.The command-line option --exportis used to do this.It takes an additional argument identifying the public key to export.As with the --gen-revoke option, either the key ID or any part ofthe user ID may be used to identify the key to export.
alice% gpg --output alice.gpg --export alice@cyb.org
The key is exported in a binary format, but this can be inconvenientwhen the key is to be sent though email or published on a web page.GnuPG therefore supports a command-line option --armor[1]that that causes output to be generated in an ASCII-armored format similar touuencoded documents.In general, any output from GnuPG, e.g., keys, encrypted documents, andsignatures, can be ASCII-armored by adding the --armor option.
alice% gpg --armor --export alice@cyb.org-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v0.9.7 (GNU/Linux)Comment: For info see http://www.gnupg.org[...]-----END PGP PUBLIC KEY BLOCK-----
Importing a public key
A public key may be added to your public keyring with the--import option.
alice% gpg --import blake.gpggpg: key 9E98BC16: public key importedgpg: Total number processed: 1gpg: imported: 1alice% gpg --list-keys/users/alice/.gnupg/pubring.gpg---------------------------------------pub 1024D/BB7576AC 1999-06-04 Alice (Judge) <alice@cyb.org>sub 1024g/78E9A8FA 1999-06-04pub 1024D/9E98BC16 1999-06-04 Blake (Executioner) <blake@cyb.org>sub 1024g/5C8CBD41 1999-06-04
Once a key is imported it should be validated.GnuPG uses a powerful and flexible trust model that does not requireyou to personally validate each key you import.Some keys may need to be personally validated, however.A key is validated by verifying the key's fingerprint and then signingthe key to certify it as a valid key.A key's fingerprint can be quickly viewed with the--fingerprintcommand-line option, but in order to certify the key you must edit it.
alice% gpg --edit-key blake@cyb.orgpub 1024D/9E98BC16 created: 1999-06-04 expires: never trust: -/qsub 1024g/5C8CBD41 created: 1999-06-04 expires: never (1) Blake (Executioner) <blake@cyb.org>Command> fprpub 1024D/9E98BC16 1999-06-04 Blake (Executioner) <blake@cyb.org> Fingerprint: 268F 448F CCD7 AF34 183E 52D8 9BDE 1A08 9E98 BC16
A key's fingerprint is verified with the key's owner.This may be done in person or over the phone or through any other meansas long as you can guarantee that you are communicating with the key'strue owner.If the fingerprint you get is the same as the fingerprint the key'sowner gets, then you can be sure that you have a correct copy of the key.
After checking the fingerprint, you may sign the key to validate it.Since key verification is a weak point in public-key cryptography,you should be extremely careful and always checka key's fingerprint with the owner before signing the key.
Command> sign pub 1024D/9E98BC16 created: 1999-06-04 expires: never trust: -/q Fingerprint: 268F 448F CCD7 AF34 183E 52D8 9BDE 1A08 9E98 BC16 Blake (Executioner) <blake@cyb.org>Are you really sure that you want to sign this keywith your key: "Alice (Judge) <alice@cyb.org>"Really sign?
Once signed you can check the key to list the signatures on it andsee the signature that you have added.Every user ID on the key will have one or more self-signatures as wellas a signature for each user that has validated the key.
Command> checkuid Blake (Executioner) <blake@cyb.org>sig! 9E98BC16 1999-06-04 [self-signature]sig! BB7576AC 1999-06-04 Alice (Judge) <alice@cyb.org>
