Version 1.5

The comp.security.pgp FAQ


11. General Tips

11.1 Are there undocumented features in PGP?

Several undocumented command-line switches exist. Peter Simons <simons@petium.rhein.de> has provided a comprehensive list:

11.2 Can I use PGP on a BBS?

Some BBS sysops may not permit you to place encrypted mail or files on their boards. Just because they have PGP in their file area, that doesn't necessarily mean they tolerate you uploading encrypted mail or files - so do check first.

Fido net mail is even more sensitive. You should only send encrypted net mail after checking that:

  1. Your sysop permits it.
  2. Your recipient's sysop permits it.
  3. The mail is routed through nodes whose sysops also permit it.
Get your public key signed by as many individuals as possible. It increases the chances of another person finding a path of trust from himself to you.

Don't sign someone's key just because someone else that you know has signed it. Confirm the identity of the individual yourself. Remember, you are putting your reputation on the line when you sign a key.

If you have a UNIX shell account, put a copy of your public key in a file called ".plan", so that other people can finger that account and get your public key in the process. See also question 4.8.

Also, send your public key to a keyserver. See question 8.1 for details.

Whatever method you choose to make your key available, make sure that it's clear for others how to get it. Usually, you just put instructions in your mail and news .signature file (something like "PGP public key available from keyservers" or "Finger me for public key"), or reference to it from your homepage.

It's also good practice to include key ID and fingerprint in your .signature. That way, people who want to have your key can be more certain they are actually getting yours, and not some other key with your name on it. And the fingerprint will be an even greater help in this.

But this is not proof that the key actually is yours. Remember, the message or post with this .signature can be a forgery.

If you have any other tips, please let me know.

[ Previous | Table of Contents | About this FAQ | Glossary ]


Copyright © 1996 by Arnoud Engelfriet.
Last updated: 22 Oct 1998.
Comments, additions and suggestions can be sent to <faq-admin@mail.pgp.net>.
This FAQ was generated by Orb v1.3 for OS/2.