Richard Chang's Public Keys
The Keys
Since Network Associates terminated support for PGP, I've moved to
Gnu Privacy Guard (GnuPG) and
mainly use my DSS key for signing email messages.
The public keys are in these files:
- 1024-bit DSS public key generated using PGP 5.0 on May 16, 1997:
dsskey.txt.
- 2048-bit RSA public key generated using PGP 5.0 on June 17, 1997:
rsakey.txt.
- The revocation certificate for my old 768-bit PGP/RSA public key.
This key genereated on July 6, 1995 and revoked on June 17, 1997:
revokedkey.txt.
Using GnuPG for Verification
Important messages that I send out via email (e.g., grade reports) are
signed with my private key. You can verify the validity of the message
using GnuPG. At UMBC, GnuPG is installed on the GL Linux servers
(linux.gl.umbc.edu) and on the CSEE Linux servers
(linuxserver1.cs.umbc.edu).
To initialize your GnuPG setup, first download the DSS public key using
the link above. If you do not trust the web server, the key is also
available on the GL file system at:
<![CDATA[
/afs/umbc.edu/users/c/h/chang/pub/keys/dsskey.txt
]]>
and on the CS file system at:
<![CDATA[
~chang/www/dsskey.txt
]]>
With the file dsskey.txt in your local directory, issue the
command:
<![CDATA[
gpg --import dsskey.txt
]]>
If you have not used GnuPG previously, this creates a directory
.gnupg in your home directory and adds my public key to
your public key ring in ~/.gnupg/pubring.gpg.
Next, save the body of the email message you would like to verify
in a file called, say, foo.txt and issue the command:
<![CDATA[
gpg --verify foo.txt
]]>
You should get a message like:
<![CDATA[
gpg: Signature made Wed 13 Mar 2002 09:50:33 AM EST using DSA key ID DED57E67
gpg: Good signature from "Richard Chang <chang@cs.umbc.edu>"
gpg: aka "Richard Chang <chang@umbc.edu>"
]]>
If the email message has been tampered, the output would look like:
<![CDATA[
gpg: Signature made Wed 13 Mar 2002 09:50:33 AM EST using DSA key ID DED57E67
gpg: BAD signature from "Richard Chang <chang@cs.umbc.edu>"
]]>
You might also get a message that the key you used has not been
certified by anyone. If you use GnuPG more, you can indicate your own
level of trust of this particular public key. (For example, you could
generate your own private/public key pair and sign my public key to
indicate that you trust its validity.) But for now, you are basing your
trust on the security provided by the Unix file systems on campus.
For more information on GnuPG, visit the official
GnuPG website or type
<![CDATA[
man gpg
]]>
Last Modified:
25 Nov 2003 23:34:26 EST
by
Richard Chang