[ale] Commentary about PGP / GPG key generation...

Michael H. Warfield mhw at WittsEnd.com
Tue Nov 29 14:25:48 EST 2011 

Hello all!

I see a number of people have generated brand new GPG keys for the up
and coming ALE Keysigning party.  Great!

Couple of comments (pun intended).

* When creating your keys, you do not need to add a comment.

* If you do add a comment, it becomes a permanent and visible part of
that uid, so you might want to make it meaningful in a permanent sort of
way.

* If you delete a uid, you lose all the signatures on that uid.

* Once a uid has appeared on the public keyservers, it's virtually
impossible to get rid of it due to the nature of the keyserver "flooding
algorithm" and uids as well as signatures are cumulative.  Literally, if
you have ever sent your key to a keyserver with a uid that you later
delete, that deletion has no effect on the keyserver and the uid will be
later re-added to your local keyring if you ever receive signature
updates back from the keyservers (gpg --refresh or gpg --recv-keys) or
reimport the public key from someone who signed your key containing that
uid.  Even if you managed to get a uid deleted from a keyserver, the
other keyservers would rapidly flood that uid back.  Your only real
option is to revoke that uid and leave it in place (my old Compuserv uid
on my df1dd471 key is such an example).

* If you're happy with the comment you have in your uid for your key,
that's cool.  If you think you MIGHT want to change it, I would suggest
doing it well before the keysigning party.  Once it's on the keyservers
(outside of our ring on BigLumber) it's there.

If you decided you wish to change it, you have to edit the key like
this:

gpg --edit-key {your keyid}

It will display a list of keys and uids.

Add a uid with "adduid" and fill in your name, E-Mail, and comment (if
any) just like you did when you generated the key to begin with.  When
you accept that change, it will ask you for the password to your private
key.

Now the list will show the new uid.

To get rid of the old one, you have to select it by number like this:

uid 1

The list will show uid "1" with a splat (*) beside it.  The deluid
command then deletes all the marked uids (you have to have at least one
left standing).

Finally, BEFORE trying to upload the modified key to BigLumber, contact
me FIRST and I will delete the key and you can then re-upload it.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111129/9ffa26d5/attachment.bin

More information about the Ale mailing list