3. Importing keys

Once our own key-pair is created, we can begin to put into our public keyring database of all keys we have from some trusted third partly in order to be able to use his/her keys for future encryption and authentication communication. To import Public Keys to your keyring, use the following command:

          [root@deep] /# gpg --import <file>

Example 19.1. Importing using gpg

          [root@deep] /# gpg --import redhat2.asc

          gpg: key DB42A60E: public key imported
          gpg: /root/.gnupg/trustdb.gpg: trustdb created
          gpg: Total number processed: 1
          gpg:               imported: 1

The above command will append all new keys to our keyring database and will update all already existing keys. It is important to note that GnuPG does not import keys that are not self-signed. In the above example we import the Public Key file redhat2.asc from the company Red Hat Linux, downloadable from the Red Hat Internet site, into our keyring.

3.1. Key signing

When you import keys into your public keyring database and are sure that trusted third party is really the person they claim, you can start signing his/her keys. Signing a key certifies that you know the owner of the keys. To sign a key for the company RedHat that we have added on our keyring above, use the following command:

          [root@deep] /# gpg --sign-key <UID>

Example 19.2. Signing key

[root@deep] /# gpg --sign-key RedHat

          pub  1024D/DB42A60E  created: 1999-09-23 expires: never      trust: -/q
          sub  2048g/961630A2  created: 1999-09-23 expires: never
          (1)  Red Hat, Inc <security@redhat.com>

          pub  1024D/DB42A60E  created: 1999-09-23 expires: never      trust: -/q
          Fingerprint: CA20 8686 2BD6 9DFC 65F6  ECC4 2191 80CD DB42 A60E

          Red Hat, Inc <security@redhat.com>

          Are you really sure that you want to sign this key
          with your key: "Gerhard Mourani <gmourani@videotron.ca>"

          Really sign? y

          You need a passphrase to unlock the secret key for
          user: "Gerhard Mourani <gmourani@videotron.ca>"
          1024-bit DSA key, ID E92D6C97, created 1999-12-30

          Enter passphrase:


You should only sign a key as being authentic when you are Absolutely sure that the key is really authentic! You should never sign a key based on any assumption.