Working to Halt Online Abuse logo

 

Main Menu
Need Help?
Home
About WHOA
Cyberstalking Statistics
Get Involved
Jayne Hitchcock
PGP & WHOA
Resources
Site Map
 
 
PGP & WHOA
Tutorial for Windows Users
Installing PGP Freeware for Windows
Continuing Your Installation
Finishing the Installation
Generating Your PGP Key Pair
Configuring your PGP Software
PGP Signing an Email Message
Verifying PGP Signatures
Encrypting Messages with PGP
Using PGP Keyservers
Exchanging PGP Keys as Text
Signing PGP Keys
You're Using PGP!
 

PGP depends on what has been called the web of trust. Other people have gone into extensive detail as to what that means, and the recommended procedures for deciding whose key you will sign, so we won't do that here. You need to understand, though, that signing someone's key is like swearing in front of a court that you absolutely know that this person is who he says he is and that the key you've signed is definitely his.

It is, however, important that you always sign your own key. The version of PGP that we've installed for this tutorial does that automatically, but many versions do not. So we're going to walk you through signing a key so you'll know how to do it.

In the PGPKeys window, select the key you're going to sign and right-click on it. Select sign.

Keys

Please notice the Allow signature to be exported option. Usually, you'll have this on. There are times, however, when PGP won't consider any signature from a key you haven't personally signed to be valid, even if it is a valid signature, because it considers the key untrusted. If you run into this problem, you'll need to sign the key on your local keyring - but don't allow the signature to be exported unless you are absolutely certain of the identity of the key's owner.

Signing PGP Key

To send a key to the keyserver, simply right-click on it and select send.

Next: You're Using PGP!

 

Copyright © 1997-2008 WHOA. No reprints without permission.
Please notify us of any problems you experience with this site.