lotus

previous page: 5.4. Are PGP signatures legally binding?
  
page up: PGP FAQ
  
next page: 6.2. How do I sign a key? (PGP)

6.1. What is key signing? (PGP)




Description

This article is from the PGP FAQ, by Jeff Licquia jalicqui@prairienet.org with numerous contributions by others.

6.1. What is key signing? (PGP)

OK, you just got a copy of John Smith's public encryption key. How do
you know that the key really belongs to John Smith and not to some
impostor? The answer to this is key signatures. They are similar to
message signatures in that they can't be forged. Let's say that you
don't know that you have John Smith's real key. But let's say that you
DO have a trusted key from Joe Blow. Let's say that you trust Joe Blow
and that he has added his signature to John Smith's key. By inference,
you can now trust that you have a valid copy of John Smith's key. That
is what key signing is all about. This chain of trust can be carried
to several levels, such as A trusts B who trusts C who trusts D,
therefore A can trust D. You have control in the PGP configuration
file over exactly how many levels this chain of trust is allowed to
proceed. Be careful about keys that are several levels removed from
your immediate trust.

 

Continue to:













TOP
previous page: 5.4. Are PGP signatures legally binding?
  
page up: PGP FAQ
  
next page: 6.2. How do I sign a key? (PGP)