Chapter 12. Encryption with KGpg / 12.3. Importing Keys | ||||
|---|---|---|---|---|
 | 12.2. Exporting the Public Key | 12.4. The Key Server Dialog |  | |
Chapter 12. Encryption with KGpg / 12.3. Importing Keys | ||||
|---|---|---|---|---|
| 12.2. Exporting the Public Key | 12.4. The Key Server Dialog | | |
If you receive a key in a file (for example, as an e-mail attachment), integrate it in your key ring with and use it for encrypted communication with the sender. The procedure is similar to the procedure for exporting keys already described.
Keys can be signed like every other file to guarantee their authenticity and integrity. If you are absolutely sure an imported key belongs to the individual specified as the owner, express your trust in the authenticity of the key with your signature.
![[Important]](admon/important.png) | Establishing a Web of Trust |
|---|---|
Encrypted communication is only secure to the extent that you can positively associate public keys in circulation with the specified user. By cross-checking and signing these keys, you contribute to the establishment of a web of trust. | |
Select the key to sign in the key list. Select +. In the following dialog, designate the private key to use for the signature. An alert reminds you to check the authenticity of this key before signing it. If you have performed this check, click and enter the password for the selected private key in the next step. Other users can now check the signature by means of your public key.
Normally, you are asked by the corresponding program whether you trust the key (whether you assume it is really used by its authorized owner). This happens each time a message needs to be decrypted or a signature must be checked. To avoid this, edit the trust level of the newly imported key.
Right-click the newly imported key to access a small context menu for key management. Select from it. KGpg opens a text console in which to set the trust level with a few commands.
At the prompt of the text console (Command >), enter
trust. On a scale between 1
(unsure) and
5 (complete trust) make an
estimate of how much you trust that the signers of the imported key have
checked the true identity of the key owner. Enter the selected value at
the prompt (Your decision?). If you are really sure
about the signers' trustworthiness, enter 5. Answer the
following question by entering y. Finally, enter
quit to exit the console and return to the list of
keys. The key now has the trust level
Ultimate.
The trust level of the keys in your key ring is indicated by a colored bar next to the key name. The lower the trust level is, the less you trust the signer of the key to have checked the true identity of the keys signed. You may be entirely sure about the signer's identity, but he may still be lazy in regard to checking other people's identities before signing their keys. Therefore, you could still trust him and his own key, but assign lower trust levels to the keys of others that have been signed by him. The trust level's purpose is solely one of a reminder. It does not trigger any automatic actions by KGpg.
