Matthew East wrote: > Hello, > > I am a relative newcomer to the world of GPG and I seek some > help on a couple of problems I have. > > First, when searching for keys on keyservers (i've tried the > one supplied by default with gpg as well as pgp.mit.edu) using > the "gpg --search-keys" command, it just sits there for ages > without doing anything. I have the agent enabled via evolution > as well and that is also just sitting there without finding > the key. Can anyone help? It would be much appreciated. > Sometimes it seems to work, but sometimes not, and I have no > idea why. > > The other thing is that, given that I am a beginner, I have > self-signed my key a few times and then deleted the signature, > when I was discovering how everything worked. Now I've > discovered that my key appears like this (despite the fact > that it seems fine if I check it locally): > > http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x0E6B06FF > > Is there anything I can do about this?
PUNT! REALLY! [1] You don't sign your own key. I would suggest you do the following to handle the problem. gpg --gen-revoke 0E6B06FF gpg -a --export 0E6B06FF > matthew_east.asc Now upload the revoked key to the server. It will still hang around a while, but at least you can get rid of it. [2] Delete EVERYTHING. Start new, but don't play around with the key servers. Pick your keys to expire in one year, and a big enough keysize for the symmetric crypts. SEND your key to another user (yes, I will help out) and just privately sign this other person's key and do some learning. [3] Once you have a more firm idea of what you are doing, THEN you can upload your public key to a key server. [4] One thing that I have noticed is that the key servers are notorious for passing the buck to another key server. I would like to say that opening up ports 10 and 11371 on the router will help, but it won't because even if the router allows it in, which private NAT address is it supposed to send the packet to? All the keyserver on the outside knows is your WAN address, and it MUST send it to that address even if it KNOWS your internal IP NAT address. That is why I say that the keyserver model should work more like DNS. I don't care if the keyserver that I sent the request to hands it off to another key server to do the dirty work - the reply should come back to the one I sent the request to. It beats me if that helps you, but you CAN get my private key from MIT (along with the email address it is tied to by going to: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xE1FA6C62 You will notice I did NOT sign my own key. Since I created it and also have the secret half of the key as well, it has ultimate authority (unless I have a multiple personality disorder). Ciao Henry Hertz Hobbit __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
