Databases Reference
In-Depth Information
After generating the key pair, you can see that the keys are now in your
key ring using:
gpg --list-keys
The output will look like:
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/B2936CD2 2004-12-03 Ron Bennatan (Demo)
<rbennata@hotmail.com>
sub 1024g/6890139C 2004-12-03 [expires: 2009-12-02]
In the previous example output, the public key listed has a key ID of
and contains the name and e-mail address of the key's owner.
If your public key ring contains several keys, you can specify which key
you want to view by simply adding the key specifier of the key you want to
view. The key specifier could be the owner's name, the key's ID, or the user's
e-mail address:
B2936CD2
gpg --list-keys B2936CD2
After creating a key pair, you should generate a revocation certificate for
that pair and save it in a secure location, such as a safe, key storage system,
or other corporate location that is designated for this purpose. You can also
choose to save a printed hard copy of the certificate in case the file or digital
media becomes damaged (but make sure to secure this hard copy well). To
create a revocation certificate for the key pair we just created (using the key
ID example), issue the following command:
gpg --output revokedkey.asc --gen-revoke B2936CD2
A revocation certificate posted to a key server or sent to your contacts to
update their key ring will inform them that your key should not be used
anymore and will prevent them from encrypting new files using that public
key. If your key has been compromised, you can still use the secret key to
decrypt files that were previously encrypted, and others can still verify your
signatures that were created before the revocation, but new encryptions will
not be created, limiting the liability associated with the compromise.
Search WWH ::
Custom Search