$ pgpk -ll Cannot open configuration file /home/username/.pgp/pgp.cfg Type Bits KeyID Created Expires Algorithm Use sec+ 1024 0x92EB359E 1999-09-30 ---------- DSS Sign & Encrypt f20 Fingerprint20 = 5F52 1F19 AE73 7145 9C9F 4B81 348E 2692 92EB 359E sub 2048 0xE0F2F8C0 1999-09-30 ---------- Diffie-Hellman f20 Fingerprint20 = 21C3 8F5A 91BE 3318 F51A 3613 1CC2 8976 E0F2 F8C0 uid John Q. Smith <smith@company.com> SIG 0x92EB359E 1999-09-30 John Q. Smith <smith@company.com> 1 matching key foundThe long string of numbers and letters above (starting with 5F52 and ending with 359E) is the key's fingerprint. Of course, yours will be different. Although this looks large and intimidating, this is actually a 160-bit number - much smaller than your public key.
In order to submit your public key to a public key server, you first have to produce an ASCII-armored copy of it. You can do that with this command:
pgpk -xa smith -o key.ascIf you don't put "-o key.asc" at the end of the command, the key will be printed to the screen. Either way is fine, as long as you can see the whole thing. It may be larger than your screen, if you are using a 24-line text console.
The public key looks something like this:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 5.0i for non-commercial use mQGiBDfzZvkRBADzPDMZYAB80reXjNZjljZpT9f2VzqNZzjeOWpqYU4NSx0L8qwH ZW2MYQ1jAe1FItJRRbbH0sG95y74ilSJTEIZ5wQN2/YzxZVYENE7mZwI5wvVWsbo k67Bpa8ox1YkjgcO1r2e17UAGOE8GUO2SM5LqYrYhCBL2sHmFOZ7PM+hswCg//hq [...] hd0d3fdr84kAPwMFGDfzZvo0jiaSkus1nhECdwcAoN2duARq3Xf04IYcAT6ial1+ JnHZAJ9V9u1p8IlWYtOWdXCvEMQc2wm6Vg== =vqHA -----END PGP PUBLIC KEY BLOCK-----We've omitted some lines here, for the sake of brevity. This public key actually does exist, but it's being used only for the purposes of writing this document. We don't want you to send messages encrypted with it, since we'll be deleting it when we're done writing this document.
If you follow the instructions on the public key server web page to submit a public key, eventually you will come to a page with a place where you can paste this public key. (You might not be able to do this in Lynx. If you have trouble with the web interface, you can try an e-mail interface.)
If you want to extract someone's public key from the public key server, just follow the instructions on the web page. You can search for his name, or his e-mail address. Eventually, if he has a publically available public key, you will get to a page that has his public key on it, which will look like the example shown above.
Some people may have public keys, but they may not know about the public key servers. In that case, you might be able to find their public key on their home page, if they have one. Or they might be willing to send you their public key by e-mail.
In any case, all you need to do is get this public key in a file, such as ''key.asc''. Then you can import this new public key into your public keyring, with this command:
$ pgpk -a key.asc Cannot open configuration file /home/username/.pgp/pgp.cfg Adding keys: Key ring: 'key.asc' Type Bits KeyID Created Expires Algorithm Use pub 1024 0xA4FE0633 1999-07-30 ---------- DSS Sign & Encrypt sub 1536 0x97392F60 1999-07-30 ---------- Diffie-Hellman uid Greg Wooledge <wooledge@kellnet.com> 1 matching key found Add these keys to your keyring? [Y/n] y Keys added successfully.After this, the key is part of your public keyring, and you can use it to encrypt messages and verify digital signatures from the person who holds the corresponding secret key. You can see it in your public keyring:
$ pgpk -l Cannot open configuration file /home/username/.pgp/pgp.cfg Type Bits KeyID Created Expires Algorithm Use pub 1024 0xA4FE0633 1999-07-30 ---------- DSS Sign & Encrypt sub 1536 0x97392F60 1999-07-30 ---------- Diffie-Hellman uid Greg Wooledge <wooledge@kellnet.com> sec+ 1024 0x92EB359E 1999-09-30 ---------- DSS Sign & Encrypt sub 2048 0xE0F2F8C0 1999-09-30 ---------- Diffie-Hellman uid John Q. Smith <smith@company.com> 2 matching keys foundIt should be noted that the key imported in this example is actually a GPG key, so the 1536-bit "sub" key is really ElGamal, not Diffie-Hellman. But it still works, even though the output above is slightly incorrect. We were able to encrypt a message with PGP, using this GPG key, and then decrypt it with GPG, with no problems.
Now, after all of this, you understand virtually everything you will ever need to know about cryptography. At this point, you are ready to start using PGP with your mail program.