How To Import my public key into your keyring
  1. Download my public gpg key here and save it as gpg-rmages.asc.
  2. Import my public key into your public key ring with the following command: 
    	gpg  --import  gpg-rmages.asc
  3. Verify that everything went OK by performing the following command: 
    	gpg  --fingerprint  rmages@april.org
    Make sure you see something like this: 
    	% gpg  --fingerprint  rmages@april.org
pub  1024D/2CC455D9 2002-12-31 Rene Mages (GNU guy) 
Key fingerprint = C9D5 18C7 8973 8190 F94B  48B2 DFCC 0699 2CC4 55D9
sub  1024g/5A17505A 2002-12-31
    Make sure that the fingerprint on your screen matches the fingerprint here. If not, something is very wrong.

That's it. My public key is now in your keyring.

How To Sign My Key

I take the web of trust very seriously, and you should too. Please don't sign my key unless you know me and I tell you my fingerprint either in person (preferred) or over the phone (less preferred).

Here's how to sign my key:

  1. My public key needs to be in your keyring. You can check if it is with: 
       gpg --list-keys rmages
    gpg will either list my key or tell you that my public key isn't in your keyring. If it isn't in your keyring, follow these instructions.


  2. Look at my fingerprint with the following command: 
       gpg  --fingerprint rmages
    You'll see something like this (my fingerprint is in green): 
       
pub  1024D/2CC455D9 2002-12-31 Rene Mages (GNU guy) 
Key fingerprint = C9D5 18C7 8973 8190 F94B  48B2 DFCC 0699 2CC4 55D9
sub  1024g/5A17505A 2002-12-31
  3. Meet me in person (preferred) or call me on the phone (less preferred) and ask me to recite my fingerprint. If the fingerprint I give you matches the fingerprint in green (above), you can sign my key. If the fingerprints don't match, DON'T sign my key!


  4. Sign my key with: 
       gpg  --sign-key rmages
    You'll be asked to assign a level of trust. If you know me and verified my fingerprint in person or over the phone, assign (3) I have done very careful checking. If you verified my fingerprint in person or over the phone but you don't actually know me very well, assign a trust level of (2) or even (1) depending on how well you know me.


  5. Enter your secret passphrase when gpg asks for it.


  6. Export my key to a file: 
       gpg --export --armor rmages > rmages.asc
  7. Email the file rmages.asc to me (I like MIME, but it's not necessary).