Attaching a key to your key ring |
You can store your friends' public keys on your "key ring" so they do not have to send you their public key every time they write to you.
First Option:To import a public key (ie. attach it to your key ring), you can save the key as a text block, much like you did with your own key.
To do this:
Highlight the public key portion of the email you received, from
-----BEGIN PGP PUBLIC KEY BLOCK-----
to
-----END PGP PUBLIC KEY BLOCK-----
and use Copy & Paste to insert it into your text editor. We recommend using a file and folder name that is easily found later; e.g. adeles-key.asc in folder My Documents.
2nd Option:The key is sent to you as a file attachment to the email. No matter which mail program you use, you can always save attachments onto your hard drive. Do this now (again using names you will easily recognize and find later on, e.g. My Documents).
It does not matter whether you save the key as text or directly as an email attachment, as both methods import the key into your GnuPG-"Key Ring".
This is how it works:
Start the GNU Privacy Assistant (GPA) from Windows (this is necessary only if you shut it down after the previous practice session).
Click on Import, then select and load the key file.
name, therefore how do you know that the public key sent to you is really Adele's key?
==> Chapter 9 ("Key Verification") in the "Gpg4win for Advanced Users" manual deals with this important question. You may want to read that section now before continuing with this manual.
Chapter 9 of the manual "Gpg4win for Advanced Users" shows you how to validate a key as well as how to sign a message (i.e. attach a signature) using your private key.
Chapter 10 of the advanced manual also discusses ways to attach a signature to email messages. This is the equivalent of attaching an electronic seal to your message, allowing the recipient to verify whether the email has been altered during transmission and that the email definitely came from you).
The signature verification process is simple. For this, you need the sender's public key on your Gpg4win-"key ring" (see Chapter 8 of "Gpg4win for Advanced Users" for more information).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
and ends email-message with
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iEYEARECAAYFAjxeqy0ACgkQcwePex+3Ivs79wCfW8u ytRsEXgzCrfPnjGrDDtb7QZIAn17B8l8gFQ3WIUUDCMfA5cQajHcm =O6lY -----END PGP SIGNATURE-----
Highlight the text starting from BEGIN PGP SIGNED MESSAGE to END PGP SIGNATURE and copy it (using Ctrl-C) to your clipboard.
Now continue to decrypt the email as shown in Chapter 7 of this manual.
Right-click on the WinPT icon on your Windows taskbar and select
Clipboard -> Decrypt/Verify.
You should see the following window:
==> Before continuing, you may want to read Chapter 10 of the manual "Gpg4win for Advanced Users" which contains additional information on how to deal with invalid signatures.
Attaching a key to your key ring |