PGP Keyserver Documentation
- Description
- Submitting a key to the Keyserver
- Searching the server for keys
- Removing a key from the Keyserver
- Generating a revocation certificate
- Additional information
Description.
The PGP public key servers are only intended to help the user in exchanging public keys. In NO EVENT they guarantee that a given key is valid; to assess the trust of a key is necessary to use the signatures incorporated to the key itself.
The public key servers are accessible through e-mail and using a WWW interface. The RedIRIS server is available at:
- http://www.rediris.es/keyserver/index.en.html, for the WWW interface.
- pgp-public-keys@rediris.es, via e-mail. In this case, help can be obtained by sending a message with a 'Subject:' of help.
There are PGP public key servers distributed accross the world. A list of some of them is available here.
Sending a public key to just one server is enough. After processing it, the server that has received the key will send it to the other servers during the synchronization process.
Submitting a key to the Keyserver
If you decide to submit a key to the RedIRIS Keyserver using the WWW interface, you just have to connect to the server pages and introduce your public key (in ASCII format) in the element designed for it.
If you decide to submit your key by e-mail, you have to send a message like the following one:
To: pgp-public-keys@rediris.es Sending your key to just ONE server is enough. After processing it, the server will send it to the rest of servers automatically. If the submitted key already exists in the server, the key will be updated, adding the new signatures or identifiers associated to it. Bear in mind that, once you submit your key, it will be distributed to the rest of servers in the world in a short time. Please, be SURE that the key is valid. Since the ONLY way for removing a key from the Keyserver is by means of a Key Revocation Certificate, we recommend you to GENERATE A REVOCATION CERTIFICATE and store it in a safe place before submitting your key. The generation of this certificate requires you to access your private key: if you lose it or forget your passphrase you will still be able to use the revocation certificate and remove your (no longer valid) public key. A Key Revocation Certificate is NECESSARY for removing a public PGP key from the server. Three different cases may occur: Remember that you must make a copy of the keyrings and restore them after the revocation. This way, your public key will not be destroyed. You must also bear in mind that this revocation certificate must be kept in a safe place, since anybody that has access to it may revoke your key forever. If you want further information:
From: chelo.malagon@rediris.es
Subject: add
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
-----END PGP PUBLIC KEY BLOCK-----
Searching the server for keys
Connect to the server pages and search the key, using the KeyID of the key, either total or partially.
Send a message to pgp-public-keys@rediris.es with the command 'get userid' in the 'Subject:' field.
Removing a key from the Keyserver
Connect to the server and input the certificate using the form designed for it. Afterwards, click the 'Send' button.
If you prefer to use e-mail, send a message containing the certificate to pgp-public-keys@rediris.esusing the command 'add' in its 'Subject:' field.
Generate a revocation certificate and follow the steps described in the above item.
In this case is COMPLETELY IMPOSSIBLE to remove your key from the server, since you cannot offer trustworthy proofs of your identity and of your rights over the key.
Generating a revocation certificate
The generation of a key revocation certificate depends on the PGP version you are using:
pgp -kd <your key>.
pgp -kxa <your key>.
pgpk --revoke <your key>.
pgpk -xa <your key>.
pgp6 -kd <your key>.
pgp6 -kxa <your key>.
gpg --gen-revoke <your key>.
Additional information
