If you receive a key in a file (for example, as an e-mail attachment), integrate it in your key ring with Section 7.5, “The Key Server Dialog”. The procedure is similar to the procedure for exporting keys already described.
and use it for encrypted communication with the sender. You can also import keys from a public server if the person you want to communicate with has stored his public key there. For more information, seeKeys can be signed like every other file to guarantee their authenticity and integrity. If you are absolutely sure an imported key belongs to the individual specified as the owner, express your trust in the authenticity of the key with your signature.
![]() | Establishing a Web of Trust |
---|---|
Encrypted communication is only secure to the extent that you can positively associate public keys in circulation with the specified user. By cross-checking and signing these keys, you contribute to the establishment of a Web of Trust. For these reasons, make really sure you only sign keys you have personally checked. |
Before you can use your key, you need to sign it yourself.
Procedure 7.1. Signing A Key
Select the key to sign in the key list in the
window.Select
+ .Select the private key to use for the signature. An alert reminds you to check the authenticity of this key before signing it. In the drop down list, select how you carefully you have checked that the key belongs to the person with whom you want to communicate.
Click
and enter your passphrase in the next step. With entering the passphrase, you sign the key with your own private key. The signed key now appears green in the trust column.Other users can now check the signature by means of your public key.
Normally, you are asked by the corresponding program whether you trust the key, or rather, whether you assume it is really used by its authorized owner. This happens each time a message needs to be decrypted or a signature has to be checked. To avoid this, edit the trust level of the newly imported key. To trust a key and set a certain trust level, do the following:
Right-click the key and select
.Adjust the trust level in the
drop-down list. This value indicates how much you trust the owner of this key to correctly verify the identity of the keys he signs.Close the property dialog. If you have set the trust level to
or , the key now appears blue in the trust column.The lower the trust level is, the less you trust the signer of the key to have checked the true identity of the keys signed. You may be entirely sure about the signer's identity, but this user may not check other people's identities properly before signing their keys. Notice that the trust level does not trigger any automatic actions by KGpg.