This site is now 100% read-only, and retired.

Working with Debian GPG Keys

Posted by Steve on Thu 20 Jan 2005 at 14:00

All Debian developers have a Gnu Privacy Guard key which was verified as belonging to them when they joined the project. These keys are used to sign packages before they are uploaded to the main archive, for signing messages on mailing lists, etc.

If you wish to be able to verify signatures of signed messages or archives then you will need to have the key of the person who signed it. These keys could be obtained from the public keyservers, but it's much more efficient to download them en masse.

There are two ways to get the keys of all the Debian developers:

  • Install the package debian-keyring.
  • Rsync directly from keyring.debian.org

The former solution lags behind a little, so it's usually best to get the keys direct from the Debian keyserver if possible.

To do that you should decide where you would like to place them. I place mine inside a directory in my home area called ".debian-keyring".

Once you've done that you can run the following command:

rsync -qcltz --block-size=8192 --partial --progress --exclude=emeritus-* --exclude=removed-* \
keyring.debian.org::keyrings/keyrings/* ~/.debian-keyring

This will download, or update, the keyring files inside ~/.debian-keyring/ - assuming you have the rsync package installed.

Once you have downloaded the keyfiles themselves you'll need to tell your installed version of gpg to use them.

To do that you need to add the following lines to the end of ~/.gnupg/gpg.conf:

keyring ~/.debian-keyring/debian-keyring.pgp
keyring ~/.debian-keyring/debian-keyring.gpg

This will cause your copy of gpg to load and understand the keyring files you've downloaded - you can test that you have a bigger keyring by running:

gpg --list-keys

Or if you want to see a specific key, such as mine, by running:

gpg --list-key skx@debian.org

 

 


Re: Working with Debian GPG Keys
Posted by Anonymous (169.207.xx.xx) on Thu 27 Jan 2005 at 02:45
How about a detailed article from a developers perspective on handling key signing parties, to the level of command lines and stuff?

[ Parent ]

Re: Working with Debian GPG Keys
Posted by Steve (82.41.xx.xx) on Thu 27 Jan 2005 at 09:17
[ View Weblogs ]
Isn't that documented already?

I know that most of the manual is written for a technical user, and there's certainly a key-signing howto around.

Steve
-- Steve.org.uk

[ Parent ]

Re: Working with Debian GPG Keys
Posted by Anonymous (12.169.xx.xx) on Wed 28 Dec 2005 at 19:32
Where? got a link? It's not like debian documentation is organized, or easy to use... thanks!

[ Parent ]

Re: Working with Debian GPG Keys
Posted by kink (143.121.xx.xx) on Fri 26 Aug 2005 at 09:52
You might want to look into the signing-party Debian packge, which contains tools that facilitate different parts of the keysigning process.

[ Parent ]