... | ... | @@ -5,17 +5,37 @@ |
|
|
|
|
|
## Workflow
|
|
|
|
|
|
1. Send a generated token (e.g. a random string) to the UID as identified by the PGP key ID in an e-mail. This is an example:
|
|
|
1. Send a generated token (e.g. a random string) to the UID as identified by the PGP key ID in an e-mail. You can use the following as template:
|
|
|
|
|
|
````mail
|
|
|
Hi <name>,
|
|
|
|
|
|
Please clear-sign [1] the below text in the backtick section using the
|
|
|
mentioned root key (not any of its subkeys) and send the resulting file to:
|
|
|
Please clear-sign [1] the attached `token.txt` file using the mentioned root key (not any of its subkeys) and send the resulting file to:
|
|
|
|
|
|
<main signing key UID>
|
|
|
|
|
|
To clearsign the file, use
|
|
|
|
|
|
```
|
|
|
gpg --armor --default-key <fingerprint>! --clearsign token.txt
|
|
|
```
|
|
|
|
|
|
If your root key does not provide the Signature capability (S), make sure to toggle it on temporarily:
|
|
|
|
|
|
```
|
|
|
gpg --edit-key <fingerprint>
|
|
|
|
|
|
change-usage
|
|
|
|
|
|
S
|
|
|
|
|
|
save
|
|
|
```
|
|
|
|
|
|
[1] https://www.gnupg.org/gph/en/manual/x135.html
|
|
|
````
|
|
|
|
|
|
token.txt
|
|
|
```
|
|
|
I am the holder of the PGP key with the ID <fingerprint>
|
|
|
and the mail address <UID>.
|
... | ... | @@ -23,10 +43,6 @@ |
|
|
Verification token:
|
|
|
<random_string>
|
|
|
```
|
|
|
|
|
|
|
|
|
[1] https://www.gnupg.org/gph/en/manual/x135.html
|
|
|
````
|
|
|
|
|
|
2. Wait for the holder of the UID to respond with an e-mail holding the [clearsigned](https://www.gnupg.org/gph/en/manual/x135.html) token (signed by the root key, not any of its subkeys!)
|
|
|
3. Verify the authenticity of the clearsigned token by matching the output of `gpg --verify <clearsigned token>` with that of `gpg --keyid-format long --list-keys <UID>` |
|
|
\ No newline at end of file |