[clo-devel] Re: Please upload your public GPG key to common-lisp.net

Kevin Rosenberg kevin at rosenberg.net
Fri Nov 7 15:11:45 UTC 2003


Nikodemus Siivola wrote:
> I hope that Kevin corrects me if I'm wrong, but...
> 
> It doesn't matter: the passphrase is required in any case: it
> guarantees the integrity of the key.

Correct. The private key needs to protected by a passphrase. The
private key is used to sign and decrypted messages. It is not needed
to encrypted messages -- encryption requires just the public key.

I'd recommend making a user account named keymaster. Import the public
keys into its public key ring that you want to sign.  After you sign
and export public keys, keep the public keys in the keyring. You can
then publish that public keyring as both an easy way for someone to
import all public keys trusted by clnet. That public file can also be
used to verify a signature is trusted by clnet:

gpgv --no-default-keyring --keyring clnet-public-keyring.gpg <file>

-- 
Kevin Rosenberg
kevin at rosenberg.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20031107/67c4693a/attachment.sig>


More information about the clo-devel mailing list