Once our own key-pair is created, we can begin to put into our public keyring database of all keys we have from some trusted third partly in order to be able to use his/her keys for future encryption and authentication communication. To import Public Keys to your keyring, use the following command:
[root@deep] /# gpg --import <file>
Example 19.1. Importing using gpg
[root@deep] /# gpg --import redhat2.asc
gpg: key DB42A60E: public key imported
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: Total number processed: 1
gpg: imported: 1
The above command will append all new keys to our keyring database and will update all already existing keys. It is important to note that GnuPG does not import keys that are not self-signed. In the above example
we import the Public Key file redhat2.asc
from the company Red Hat Linux, downloadable from the Red Hat Internet site, into our keyring.
When you import keys into your public keyring database and are sure that trusted third party is really the person they claim, you can start signing his/her keys. Signing a key certifies that you know the owner of the keys. To sign a key for the company RedHat that we have added on our keyring above, use the following command:
[root@deep] /# gpg --sign-key <UID>
Example 19.2. Signing key
[root@deep] /# gpg --sign-key RedHat
pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: -/q
sub 2048g/961630A2 created: 1999-09-23 expires: never
(1) Red Hat, Inc <security@redhat.com>
pub 1024D/DB42A60E created: 1999-09-23 expires: never trust: -/q
Fingerprint: CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E
Red Hat, Inc <security@redhat.com>
Are you really sure that you want to sign this key
with your key: "Gerhard Mourani <gmourani@videotron.ca>"
Really sign? y
You need a passphrase to unlock the secret key for
user: "Gerhard Mourani <gmourani@videotron.ca>"
1024-bit DSA key, ID E92D6C97, created 1999-12-30
Enter passphrase:
You should only sign a key as being authentic when you are Absolutely sure that the key is really authentic! You should never sign a key based on any assumption.