Those who use PGP, will wish to obtain a copy of my PGP public key. It may also be downloaded from a public key server.
It is always advisable to obtain a key from more than one source if you have not obtained it direct in person from the key owner.
An alternative and slightly more secure way to obtain a PGP public key than downloading from a public key server is to finger the e-mail address of the owner. This assumes that the key owner has finger enabled (it's a standard Unix feature) and has incorporated their PGP public key in their .plan file. If finger is not on your own system you can use a finger gateway.
Keys should always be signed to help validate the key and prevent forgery and subsitution. Always sign your own key. The signatures on my key can be viewed by using the command
pgp -kvv "Keith Parkins"
As you will see, my key has a few signatures on it.
Type Bits/KeyID Date User ID pub 1024/B09CC89D 1996/04/22 Keith Parkins <10 GU14 6QJ England> sig 3BA294A1 Bhima Auro <firstname.lastname@example.org> sig 32DD98D9 Vesselin V. Bontchev <email@example.com> sig FC0C02D5 Eugene H. Spafford <firstname.lastname@example.org> sig E82D54FD SlipIt <+44-1252-513279> sig E3E092F1 Fleet Micro <email@example.com> sig B09CC89D Keith Parkins <10 GU14 6QJ England>
The experimental AT&T PathServer service can be used to trace the filaments of the web of trust between keys.
The PGP public key fingerprint, obtained through a tamper-proof medium (fax, telephone conversation, publication in a book or journal et cetera), can be used to verify the validity of a key. A printed personally signed copy of my PGP public key fingerprint can be obtained direct from myself - a nominal fee of £1-00 (one pound sterling) is levied for this service.
My PGP public key fingerprint can be viewed by using the command
pgp -kvc "Keith Parkins"
Type Bits/KeyID Date User ID pub 1024/B09CC89D 1996/04/22 Keith Parkins <10 GU14 6QJ England> Key fingerprint = 2A 66 6A 8F 91 42 48 C8 48 98 38 AD 2F D3 45 08
The only truly secure way to obtain a PGP public key is direct in person from its claimed owner or via a trusted emissary.