-i option will cause PGP to include more information
about the file in the encrypted message. With the
PGP restores the original filename when you decrypt the message, but
if this option is also used, and both sender and recipient are using
the same platform, then the original file permissions and timestamp will
also be restored.
-l option PGP gives lots more information
about what it is doing. During key generation, for example, you get to
see the actual numbers used in your public and secret key.
-km option will display the "web of trust" (see
question 4.7) in a nested list. This way you can see which
key introduces which.
encrypttoself=on in your configuration
file, all messages that you encrypt will always be encrypted with
your own public key as well. This way you will be able to decrypt
and read every message you send. This can be useful if you have PGP
set up to encrypt every outgoing message, and your "outbox" will
keep the encrypted versions. Note: if someone else ever manages to
obtain your secret key, he will be able to read every
encrypted message you ever sent out, if this option was enabled.
pgp filename +makerandom=n. There is a bug in the
international versions of PGP, which results in this random data
being a lot less random than normal.
Fido net mail is even more sensitive. You should only send encrypted net mail after checking that:
Don't sign someone's key just because someone else that you know has signed it. Confirm the identity of the individual yourself. Remember, you are putting your reputation on the line when you sign a key.
If you have a UNIX shell account, put a copy of your public key in a file called ".plan", so that other people can finger that account and get your public key in the process. See also question 4.8.
Also, send your public key to a keyserver. See question 8.1 for details.
Whatever method you choose to make your key available, make sure that it's clear for others how to get it. Usually, you just put instructions in your mail and news .signature file (something like "PGP public key available from keyservers" or "Finger me for public key"), or reference to it from your homepage.
It's also good practice to include key ID and fingerprint in your .signature. That way, people who want to have your key can be more certain they are actually getting yours, and not some other key with your name on it. And the fingerprint will be an even greater help in this.
But this is not proof that the key actually is yours. Remember, the message or post with this .signature can be a forgery.
If you have any other tips, please let me know.
[ Previous | Table of Contents | About this FAQ | Glossary ]