Sharing Public Keys

Key Management

by Edward Langenback

© 10/30/03

Key Management

Click on the PGP padlock icon, and select 'PGPKeys'. The key management program will start. This is where you can see what keys are on your keyrings and do things like signing other peoples keys, search keyservers for keys, create new keys, import and export keys. This may sound like a lot but on the other hand, you can go for months without ever needing to open this window.

If anyone is going to be able to send encrypted messages to Test User, they have to have a copy of the public key. One of the most common ways is to send the public key to a key server that people can search and download the public key from. The other is to export the public key to a text file and give it out to anyone who might need to send encrypted messages.

Uploading to Key Server:

Make sure that you are connected to the Internet for this. Click on the PGP padlock icon, and select 'PGPKeys'. When the window opens select your key and click the right mouse button. Select 'Send To' and then select '' You'll see a progress indicator and then a message letting you know that the key has been uploaded. (*Note* If you try this with the 'Test User' key you will find that it's already on the server because lots of people have done the 'Test User' thing). Uploading your public key to a keyserver can also be done in the new key generation wizard.

The other way to distribute public keys is to export them into a file and send them to other so that they can import them into their keyrings.

Export public key:

Once again open PGPKeys and select your key. Click the right mouse button and select 'Export'. A 'Export Key to file' box will open. Select the folder you want to save it in. You will notice that the filename is already set to a default of: 'test user.asc'. Make sure that the box "Include Private Keys" is NOT checked, and click <Save>. You can now close PGPKeys. The file 'test user.asc' is a text file that contains a copy of Test User's public key. You could send this file to someone and they would be able to us it to encrypt messages to Test User.

Another way to export your public key is to select it in PGPKeys, right click on it and select 'Copy'. You can then 'Paste' it into a text file or the body of an email and send it to someone that way.

Importing keys:

Open PGPKeys and select 'Keys' on the main menu, then select 'Import'. Move to the folder where the key you want to import is saved, select it and click <Open>. PGP will read the file and then present a box where you can select which of the keys that it found you want to import into your keyring. Select the key you want and click <Import>. PGP will add the selected keys to your keyring. Close PGPKeys. You can now use the newly imported key to send messages to the owner of the key.

If someone sends you an email with their public key pasted into it, you can select and copy the key to the windows clipboard and then click on the PGP lock icon, select 'Clipboard' and 'Decrypt & Verify'. PGP will notice that the clipboard contains a pgp key and present you with the import keys window as above. For example, you could use this method to import this demo key into your keyring:

Version: PGPfreeware 6.5.8 for non-commercial use <>
Comment: Jesus is Lord

As you import this key, click on the little '+' to the left of the key name. There will be another '+' to the left of the User ID entry, click on that and you will see the signatures on this key. It has a 'Self signature' that was applied when the keypair was created, and another signature that is labeled 'Unknown Signer Key ID is 0xB9E76C70 '.

Getting keys from the keyserver:

Open PGPKeys and select 'Server' on the main menu. Click 'Search' and the search window will open. The "Search for keys on" dropdown box is preset to the default value of 'ldap://' go ahead and leave it there. The next dropdown box to look at starts out with "User ID" selected as the default field to search. If you click the little down arrow to the right of the box you will see there are several that can be searched. By clicking "More Choices" it is possible to search several fields at once. In most cases however, either the "User ID" or the "Key ID" fields are the ones searched, with Key ID generally being the best one to use if you know it.

For example, if you were looking for my public key and you had seen my key ID in an email I had written, you could set the search to "Key ID", "is", "0xB9E7C70" and then click <Search>. PGP will communicate with the server and will return my public key. If you didn't know the Key ID, but you did know my name, then you would then set the search to "User ID", "Contains", "Edward Langenback" If the only information you had was my email address, then you could enter that in the search field instead of my name. Once the search fields are filled out, click <Search>. PGP will spend some time communicating with the keyserver and will finally return any public keys that match the search criteria you entered.

To make sure this is the correct one (there are some old ones of mine out there that I don't use anymore), right click on it and select 'Key Properties'. On the 'General' tab of the property sheet you'll see the following information:

ID: 0xB9E76C70
Type: DH/DSS
Size: 4096/1024
Created: 6/29/03
Expires: Never
Cypher: CAST
Fingerprint: 4195 2FD1 5944 F13B 85B4  118B B718 E95C B9E7 6C70
Note: In pgp 6.5.8 the Fingerprint part of the property sheet can be displayed as either a list of words or a string of hexadecimal numbers. The word list makes it easier to read the fingerprint over the phone. Put check mark in the box next to hexadecimal if it's not there and you will see the values shown above.

Click <Close> on the property sheet and then right click on the key again. Click <Import to Local Keyring> and my public key is now on your keyring. Close the search box and then close PGPKeys. It is now possible to send a message that only I can read, by using my public key to encrypt it.

Now that you have my public key imported into your keyring, open PGPKeys and have another look at the signatures on the demo key and you will see that my key is the one that was used to sign it.

PGP comes with a default keyring that contains public keys for a bunch of people at MIT and the creators of PGP. It is okay to delete the default keys. I did because I don't see ever needing them and they just take up space. Before you do however, those keys are a perfect opportunity to practice signing keys (descussed in the next article).

To delete a key, right click on it and select <Delete> from the menu that pops up. PGP will as for confirmation to help prevent accidentally deleting a key you want to keep. You can also delete individual signatures from a key, simply click on the '+' to the left of the key to show the signatures on it. select the one you wish to delete, right click and select delete. PGP will ask for confirmation and then the signature will be deleted.

Revoking a key

If for some reason you wish to make your key unusable, you must revoke it and then upload the revoked key to a keyserver.

To revoke a key, selecte it in PGPKeys, right click and select 'Revoke'. PGP will ask for confirmation to be sure.

"Are you sure you want to revoke this key?
Once distributed, others will be unable to encrypt data to this key."

Revoking a key is serious, and should only be done if there is reason to believe that it is no longer secure or you are otherwise certain that you will never want anything encrypted to it again.

NOTE: Revoking a key is forever! You cannot UNDO a key revocation!