USING GPG TO DOWNLOAD NEW SIGNATURES

If you're using an e-mail client under Linux, chances are you may be considering using GnuPG (or GPG) to encrypt, decrypt, or verify e-mail messages. GPG is an open source version of Network Associates' PGP encryption tool using the OpenPGP standard. To that end, GPG works with PGP and vice versa.

If you plan to make serious use of GPG, you will need to import keys into your keyring. If you come across a message in your e-mail that contains some GPG information, you can use that information to download the sender's key. This will allow you to exchange encrypted data with him or her (provided he or she has your public key), and it will also allow you to verify that he or she and not an imposter in fact wrote any messages signed by his or her key.

The first step is to determine the key ID for the individual in question. If the individual has included his or her GPG key ID in the message (for the example below, we'll use FE6F9BC6), you can take that key ID to retrieve the key by using:

gpg --keyserver pgp.mit.edu --recv-keys FE6F9BC6

This will download the public key belonging to ID FE6F9BC6 from the keyserver pgp.mit.edu and import it into your keyring.

To make your public key available for others to download, you will need to send it to a keyserver. Assuming that your key ID is 87C6EF2C, you would use a similar command to send it to the same keyserver:

gpg --keyserver pgp.mit.edu --send-keys 87C6EF2C

Now others can download your key in the same manner.