OpenPGP Key Properties

The descriptions in this section apply to all OpenPGP keys.

To view properties of a PGP key:

  • Select the PGP key from the main window,
  • Double click on it or choose Properties from the toolbar,
  • Select the Details tab.

5.1. Properties

Fingerprint

The fingerprint is a unique string of characters that exactly identifies a key.

KeyID

The KeyID is similar to the Fingerprint. However the KeyID only contains the last 8 characters of the fingerprint. Most of the time it is possible to identify a key with only the KeyID, but occasionally two keys may have the same ID.

Type

Specifies the encryption algorithm used to generate a key. DSA keys can only sign. ElGamal keys are used to encrypt.

Created

Indicates the date the key was created.

Expires

Indicates the date the key can no longer be used.

Strength

Indicates the length in bits of a key. In general the longer the key, the more security it provides.

A long key is not enough to make up for the use of a weak passphrase.

5.2. Trust

Trust is an indication of how sure you are of a person's ability to correctly extend the web of trust. When you are faced with a key you have not signed, the validity of that person's key will be determined based on the signatures they have collected and how well or not you trust the people who have made those signatures. By default, an unknown key will require 3 signatures with marginal trust value or 1 fully trusted signature.

  • Unknown: You are not familiar with the person's ability to sign keys correctly.
  • Never: This person cannot correctly sign keys.
  • Marginal: This person checks for photo ID before signing a key, but does not necessarily scrutinise the IDs.
  • Full: This person scrutinises each and every person's photo ID before signing them (e.g. they only sign keys that truely belong to the person asking for the signature).
  • Ultimate: This level of trust should only be assigned to your own keys.

5.3. Enabling and Disabling Keys

When a key is enabled, it can be used to perform encryption operations. When a key is disabled, it cannot be used to encrypt to or verify signatures made by it.

5.4. Expiration Date

A key can no longer be used to perform key operations after it has expired. Changing a key's expiration date to a point in the future re-enables it. A good general practice would be to have a master key that never expires and multiple subkeys that do and are signed by the master key.

5.5. User IDs

User IDs allow multiple identities and email addresses to be used with the same key.

They usually take the form of:

Name (comment) <email address>

5.5.1. Adding a User ID

Adding a user ID is useful when you want to have an identity for your job and one for your friends.

To add a user ID to a key:

  • Select the key from the main window,
  • Double click on it or choose Properties from the toolbar,
  • Select the Names and Signatures tab,
  • Click on Add Name.

After following the instructions above, you will be presented with a dialogue to fill in. The fields are detailed below.

Full Name

Enter your full name in the form

<first> <last>
A middle name or initial is optional.

You must enter at least 5 characters in this field.

Email Address

Your email address is how most people will locate your key on a key server or other key provider. Make sure it is correct before continuing.

It should be of the form

<username>@<domainname>

Key Comment

The comment field can be used to place any additional information into the displayed name of your new ID. This information can be searched for on key servers.

5.6. Photo IDs

A Photo ID allows a key owner to embed one or more pictures of themselves in a key. These identities can be signed just like a normal user ID. A photo ID must be in JPEG format and is recommended to be no larger than 240x288 pixels.

If the chosen image is not of the required file type or size Passwords and Keys can resize and convert it on the fly from any image format supported by the GDK library.

5.7. Changing the Passphrase

To change the passphrase assigned to a key:

  • Select the key from the main window,
  • Double click on it or choose Properties from the toolbar,
  • Click on Change Passphrase.

Enter the new passphrase and click OK.

5.8. Deleting a Key

To delete a key from your keyring:

  • Select the key from the main window,
  • Right click on it and choose Delete Key or choose Edit ▸ Delete Key.

You can delete your keys, trusted keys and collected keys.