cl.cam.ac.uk User ID generation by hand
If you have had problems with the
exmh
key generation script
(e.g. your unix ID id not your CRSID),
feel free to contact
pgp-keys
for help.
Those feeling brave may care to try the following hints.
Any additions / corrections / etc greatfully accepted.
Example user
In this example, I shall use explicit names.
These should be replaced by yoor own.
This user has a password "gcos" field of "Piete Brooks",
a canonical mailbox name of "Piete.Brooks"
(the canonical mailbox name is usually the gcos field with the space replaced
by a dot), a unix userid of "pb", a CRSID of "pb22" (most users have their CRSID as their unix userid) and a PGP key of 4960EA99.
This user would therefore have the following User IDs:
- Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
- Piete Brooks <pb@cl.cam.ac.uk>
- Piete Brooks <pb22@cam.ac.uk>
Deletion Step
The first step is to clear out any invalid User IDs.
If all of them are wrong, but you want to keep the Key ID you have,
you should delete some User IDs, add some new ones,
then do it all again with the other duff ones.
The basic command to use is
pgp -kr
which allows you to remove a User ID or a key.
Take care NOT to remove the key, but just the User ID(s).
The first question is "Do you want to remove the whole key (y/N)?".
Do NOT type y.
It will then enumerate the User IDs.
Type y to the incorrect ones.
% pgp -kr pb22
...
Key has more than one user ID.
Do you want to remove the whole key (y/N)?
Remove "Piete Brooks <pb22@cam.ac.uk>" (y/N)?
Remove "Piete Brooks <pb22@cl.cam.ac.uk>" (y/N)? y
User ID removed from key ring.
Key or user ID is also present in secret keyring.
Do you also want to remove it from the secret keyring (y/N)?
%
Alternatively, you can delete the Key ID by answering yes to
"Do you want to remove the whole key",
when you should be able to start again.
If you really want to get down to basics,
the files \$HOME/.pgp/pubring.pgp and \$HOME/.pgp/secring.pgp
hold the public keys which you have collected, and your secret key
respectively.
If mv'ed out of the way, you can start from scratch,
and then add the keys from the old pubring.pgp later
(taking care to remove or not copy any unwanted keys).
Now the extra User IDs can be added.
Note that each key has a "primary" User ID.
While adding a User ID, pgp asks whether it is to be the primary one.
The norm is that the email address which people will see in most of the email
that you send should be your primary User ID.
As such, it is (in this case)
"Piete Brooks <Piete.Brooks@cl.cam.ac.uk>".
The basic command to use is
pgp -ke
which allows you to add a User ID.
After each addition, you should sign the new User ID to show that the owner of
the key actually added the User ID, rather than someone else.
Note that it is particularly important to give the pgp command a substring of the User ID which is unique, so as to ensure that you add the signature to the correct one.
The basic command to use is
pgp -ks
which allows you to sign a User ID.
When finished, use
pgp -kvv
to check it is correct.
As an example, to add a CRSID@cam.ac.uk manually
(e.g. if your Unix id is not the same as your CRSID):
% pgp -ke Piete.Brooks
...
You need a pass phrase to unlock your RSA secret key.
Key for user ID "Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
Enter pass phrase:Pass phrase is good.
Current user ID: Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
Do you want to add a new user ID (y/N)? y
Enter the new user ID: Piete Brooks <pb22@cam.ac.uk>
Make this user ID the primary user ID for this key (y/N)?
Do you want to change your pass phrase (y/N)?
Secret key ring updated...
Public key ring updated.
% pgp -ks pb22@cam.ac.uk
...
the above public key actually belongs to the user specified by the
above user ID (y/N)? y
You need a pass phrase to unlock your RSA secret key.
Key for user ID "Piete Brooks <pb22@cam.ac.uk>"
Enter pass phrase: Pass phrase is good. Just a moment....
Key signature certificate added.
% pgp -kvv pb22@cam.ac.uk
...
Key ring: '/Nfs/bescot/usr25/pb/.pgp/pubring.pgp', looking for user ID "pb@cl.cam.ac.uk".
Type bits/keyID Date User ID
pub 1024/4960EA99 1994/12/12 Piete Brooks <pb22@cam.ac.uk>
sig 4960EA99 Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
1 matching key found.
%
Notification Step
All three standard email addresses should be present, and each one should be
signed by the key itself.
Thus pgp -kvv should show a line starting with
pub and at the RHS have the primary User ID
(Piete Brooks <Piete.Brooks@cl.cam.ac.uk>)
then a line starting with sig and the keyID (4960EA99),
then two pairs of lines with the first having lots of spaces and then a
secondary User ID followed by another line starting with sig
and the keyID (4960EA99).
Once you are quite happy that the information looks reasonable,
send the key to pgp-keys.
The basic commands to use are
pgp -kvv
which allows you to check the info and
pgp -kxaf
which allows you to send an ASCII armoured version of your key info to stdout.
% pgp -kvv 0x4960EA99
...
Key ring: '/Nfs/bescot/usr25/pb/.pgp/pubring.pgp', looking for user ID "0x4960EA99".
Type bits/keyID Date User ID
pub 1024/4960EA99 1994/12/12 Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
sig 4960EA99 Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
Piete Brooks <pb@cl.cam.ac.uk>
sig 4960EA99 Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
Piete Brooks <pb22@cam.ac.uk>
sig 4960EA99 Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
1 matching key found.
% pgp -kxaf 0x4960EA99 | v6mail -s ADD pgp-keys
...
Key extracted to file 'pgptemp.$00'.
%
Comments to pb or
webmaster
More info on
PGP
at
cl.cam.ac.uk
and
cl.cam.ac.uk info