-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone,
After being too busy, I'm back with questions and questions.... I'm using openoffice.org writer. I don't know how many of you are familiar with it. My first question is: (1) I notice that openoffice writer allows you to digitally sign the document created. But I already noticed that I can sign and encrypt any document I have created with GPGEE's context menu. Are the two really the same thing? (2) In the "help" file of openoffice.org, it says: "When you receive a signed document, and the software reports that the signature is valid, this does not mean that you can be absolutely sure that the document is the same [as] that [which] the sender has sent. Signing documents with software certificates is not a perfectly secure method. Numerous ways are possible to circumvent the security features. Example: Think about someone [who] wants to camouflage his identity to be a sender from your bank. He can easily get a certificate using a false name, then send you any signed e-mail pretending he is working for your bank. You will get that e-mail, and the e-mail or the document within has the "valid signed" icon. Do not trust the icon. Inspect and verify the certificates. On Windows operating systems, the Windows features of validating a signature are used. On Solaris and Linux systems, files that are supplied by Thunderbird, Mozilla or Firefox are used. You must ensure that the files that are in use within your system are really the original files that were supplied by the original developers. For malevolent intruders, there are numerous ways to replace original files with other files that they supply." I have very little idea even til now as to what exactly certificate does. I suppose I get a certificate with CaCert to validate my identity and then get them to sign my keys? But what's the "Windows system of validating a signature"? (I use Vista and IE) On the "Certificates" windows in the "internet options" in my IE 7 browser, I saw that there are a lot of certificates of big companies listed in "trusted root certificate authorities" and "intermediate certification authorities", but none in "other people" and "personal". I suppose if I can get a x.509 through CaCert, then I would put that x.509 in "personal"? Is that right? I got more questions. (3) To tell you guys the truth, I don't even know where my private keys and my key ring are stored in my computer. Do you guys know the possible file names and path? (4) And -- I know this question must have been asked 100 times already here, but I want to ask instead of spending the next 3 hours doing research -- how exactly to save my private keys onto like a USB drive or a CD? (5) How to add an additional UID to my kurt c key on the keyserver? I want to add my real name to it. Thanks for helping out an idiot here. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjdk5kACgkQE7PX/Y51jV+GfACglo3jzH2onwjUUf3nQgg5LvgW yqYAn2cC3vz9sW+cWxAqX8BiJ+ekuRT1 =Dj7I -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
