-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
noell888 wrote:
> I want my email to have PGP signed, however i am new to this stuff and
> i need your help.
Always happy to help. Welcome to the OpenPGP family. 
> I installed gnupg 1.9.19.2 on kubuntu 6.10
This was your first mistake.
GnuPG 1.9 is the experimental branch. It's not for regular users, and
it's especially not for people who are just beginning. GnuPG 1.4.5 is
the latest release of the stable branch. Ubuntu should ship with either
that or 1.4.4.
> Then I went to my email client evolution, then Accounts > Security and
> I put the GPG Key E1B98766.
No idea, I don't use Evolution. (Long story, but I'm very skeptical of
the competency of the Evolution guys to write crypto code. On the other
hand, the reason why I'm skeptical dates from several years ago, so
maybe they've come to their senses since.)
I'd recommend you list the GnuPG key as "0xE1B98766";, though. The
preceding "0x" is shorthand for "this is the hexadecimal key ID". It's
a further hint to Evolution and GnuPG that it should look for a key with
ID E1B98766, not a user ID with a name of E1B98766.
> Is it safe to give out or let other people know my PGP key?
Yep. Feel free to take out a full-page ad in the _New York Times_ and
tell the entire world your public key. The public key is meant to be
shared. It doesn't even matter if you share it with your enemies or
people who want to read your mail. That's the magic of asymmetric
cryptography.
Your private key should be protected with a strong passphrase--something
long and difficult to guess. If you put a strong passphrase on your
private key, then feel free to put that in the _New York Times_, too.
But if your passphrase is weak, then you should definitely keep your
private key a secret.
> Also, what's the use of keyserver?
Keyservers are like web servers for OpenPGP keys.
With a web server, you connect to a remote machine and you get back a
web document. With a key server, you connect to a remote machine and
you can send or retrieve public keys.
For instance, add the following two lines to your ~/.gnupg/gpg.conf file:
keyserver x-hkp://random.sks.keyserver.penguin.de
keyserver-options import-clean-sigs import-clean-uids
export-clean-sigs export-clean-uids
(The second line is all meant to be one long line. Put it all on a
single line, and skip the backslash. When you see UNIX commands printed
out, a backslash at the end of the line means "this command continues
on the next line". The backslash isn't part of the actual command.)
Once you have those two lines, try:
gpg --recv-key 0xfeaf8109
... and presto, you'll import my public key to your keyring. It's kind
of convenient, isn't it?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCgAGBQJFNFAjAAoJELcA9IL+r4EJ0ykIAI7QDnoTBSf9ODPI5jfN1eHq
o6BDiI9KXXGKH3l7qkKEl5U4A/4tu3x62d7r1vrmZH4yfpruq+nuHXKa+9eNST8E
NC5ANkWLC3YSsgXKzegeQHgBmxyiNZ97tlQMzKhn37EmSW1aij5yX0pdLSx51dXq
OS0LNdBxp0iDTyHsyxVWev9MVt8bZne+P6Uq�3;hdOYnTmlmFOP1qRajGTgBiSGuOs
kfHsI+Z0TcfS8edgD6dwxyYF5uFgwEckP7E9G6vCe0QK1WNbLpPvRaWlA/x0mi61
8Mp8Q1LIbYt2mkxTK/iNuZEejbKZnh8iQuuTJCyXn1WrsjB4kfiXCxygY/qAOEc=
=kF2Z
-----END PGP SIGNATURE-----
.