WEBVTT 0 00:00.860 --> 00:09.320 Let's talk about distributing the keys! Someone's public key is needed when you want to send that person 1 00:09.410 --> 00:10.670 an encrypted message 2 00:10.790 --> 00:14.190 or to check the digital signature of the key owner. 3 00:14.210 --> 00:20.230 Ideally you distribute your public key by personally giving it to your correspondents. 4 00:20.270 --> 00:27.350 In practice, however, keys are often distributed by email which is good practice 5 00:27.350 --> 00:29.630 when you have only a few correspondents. 6 00:29.930 --> 00:36.670 But if you have many correspondents it's easier to post your public key on a Web site. 7 00:36.680 --> 00:44.120 This is unacceptable however if people who need your public key do not know where to find it on the 8 00:44.120 --> 00:47.490 web. To solve this problem 9 00:47.490 --> 00:55.890 Public Key servers are used to collect and distribute public keys. A public key received by this server 10 00:56.190 --> 00:59.430 is added to the servers database 11 00:59.700 --> 01:07.470 and when a key request comes to the server the server consults its database and returns the requested 12 01:07.560 --> 01:09.850 Public Key if found. 13 01:09.880 --> 01:19.220 Let’s see how it works. Imagine you've just downloaded the Centos ISO and a digital signature files and 14 01:19.220 --> 01:22.210 you want to check the signature. To do that 15 01:22.250 --> 01:26.090 you need the public signing key of Centos 16 01:26.330 --> 01:36.240 and on the official website you've found out its id. Your next logical step is to import the key with 17 01:36.300 --> 01:47.350 that id from a key server; and by execute the gpg--key server the name of the key server 18 01:47.500 --> 02:02.480 pgp.mit.edu--recv from receive and the key id; found the key id 19 02:02.870 --> 02:07.100 on the Centos Web site; perfect. 20 02:07.260 --> 02:12.600 The public signing key of Centos was imported in the keyring 21 02:15.200 --> 02:17.320 It's in the keyring. 22 02:17.330 --> 02:24.540 Now if you want to publish your public key on a key server, where everyone can find it, you simply execute 23 02:24.540 --> 02:29.640 gpg--keyserver 24 02:29.750 --> 02:41.480 hkp:// and the domain of the key server pgp.mit.edu -- 25 02:41.510 --> 02:44.260 send-keys and the key id. 26 02:44.570 --> 02:47.540 Let's see in another terminal what's the key id 27 02:55.370 --> 03:00.080 this is my key id; copy and paste here. 28 03:07.000 --> 03:07.620 Okay sorry, 29 03:07.630 --> 03:08.740 there is a mistake, 30 03:08.740 --> 03:12.010 the name of the key server is pgp.mit.edu 31 03:12.040 --> 03:15.510 not gpg 32 03:15.820 --> 03:25.090 This is its name; my public key was published on the key server pgp.mit.edu is one of the 33 03:25.090 --> 03:29.260 most used public key servers in the world. 34 03:29.260 --> 03:38.190 There are also other public key servers and most of them belong to a pool of key servers that gets synchronized. 35 03:38.200 --> 03:45.850 That means that when you publish your key on a server, after a while, the key will be automatically copied 36 03:46.120 --> 03:52.830 on all other servers in the pool and the request to any of the servers will get the key. 37 03:55.650 --> 04:02.640 Note that there is also a graphical interface that can be used to submit a new public key or to search 38 04:02.640 --> 04:14.070 for an existing key using its id; pgp.mit.edu and I can paste here 39 04:14.110 --> 04:19.060 my public key id; the id of the key I've just submitted 40 04:23.510 --> 04:28.300 and the key is already on the server. 41 04:28.440 --> 04:30.200 Let's see the key. 42 04:30.200 --> 04:31.700 This is the public key. 43 04:31.880 --> 04:36.140 I want to check that's the same key that is stored locally 44 04:39.130 --> 04:40.200 let's list the key 45 04:43.800 --> 04:50.210 so gpg --export -- armor and the key id. 46 04:52.420 --> 04:52.860 Okay. 47 04:52.890 --> 04:53.940 This is the public key 48 04:57.030 --> 04:59.130 and we notice it's the same key. 49 05:08.050 --> 05:09.540 Here in the search box 50 05:09.580 --> 05:19.390 don't forget to prefix the key id with 0x, which comes from hexadecimal. That's all about the gpg key 51 05:19.390 --> 05:20.260 management 52 05:20.260 --> 05:21.120 for the moment. 53 05:21.250 --> 05:21.790 Thank you.