[ale] keyring public keyring secret keyring, the why what when and how

Discussion:

Narahari 'n' Savitha via Ale

2018-05-03 19:07:34 UTC

Friends:

I have to do some work on keyrings and I need some help to get some
concepts down. Most sites tell you how to use but not why

In an analogy with physical keyrings, I presume that keyrings are nothing
but a container to hold on to keys.

Why the distinction between keyring and public keyring and secret keyring ?

What is the idea of having a secret keyring ?

===

If I have to provide my public key I need to export in armor format, is
that right ?

The public key has to be then imported by the person who wants to encrypt
and then it becomes a part of their key ring (the keyring of their choice
I presume)

Without importing the key I cannot encrypt the data by just providing the
pub file ?

=====

What is the idea behind signing and encrypting ? Isnt encryping implicitly
signing ?

====

Any good article with pics is helpful.

-Narahari

Charles Shapiro via Ale

2018-05-04 13:26:36 UTC

Permalink

I, Aaron, and Judy wrote the Definitive Keystroke-by-Keystroke Guide to GPG
back in 2009 ( https://ale.org/static_pages/gpgstepbystep.html ). It
explains some of the concepts of Public Key cryptography. The very first
paragraph explains why gpg has two separate keys and why that's
important.

The other important part of GPG is that there's no central key validation
authority. You judge whether to trust that a key belongs to someone based
on endorsements from other folks who ( presumably ) hold valid keys. The
theory is that a heavily endorsed key is likely to be truly tied to the
person claiming it. This is the GPG "Web of Trust", and in practice it
seems to work pretty well. There are several well-known sites that record
these endorsements. You can see my public key and its endorsements by
looking for "***@tomshiro.org" on the Ubuntu keyserver (
http://keyserver.ubuntu.com ). You get endorsements of keys by personally
proving that (a) you're you and (b) you control your key. You can do this
by personally asking someone to endorse your key, or by attending a "key
signing party", where everyone agrees to endorse everyone else's key after
they give the appropriate proofs. This usually involves standing up,
presenting a driver's license or passport, and then being marked off a list
of prepared keys.

It might be time for ALE to do another key signing party. We've done them
in the past with success.

Hope this helps a little.

-- CHS

Post by Narahari 'n' Savitha via Ale
I have to do some work on keyrings and I need some help to get some
concepts down. Most sites tell you how to use but not why
In an analogy with physical keyrings, I presume that keyrings are nothing
but a container to hold on to keys.
Why the distinction between keyring and public keyring and secret keyring ?
What is the idea of having a secret keyring ?
===
If I have to provide my public key I need to export in armor format, is
that right ?
The public key has to be then imported by the person who wants to encrypt
and then it becomes a part of their key ring (the keyring of their choice
I presume)
Without importing the key I cannot encrypt the data by just providing the
pub file ?
=====
What is the idea behind signing and encrypting ? Isnt encryping
implicitly signing ?
====
Any good article with pics is helpful.
-Narahari
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Phil Turmel via Ale

2018-05-04 14:31:26 UTC

Permalink

June? May is booked with a long presentation.

Post by Charles Shapiro via Ale
It might be time for ALE to do another key signing party. We've done
them in the past with success.

_______________________________________________
Ale mailing list
***@ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo