-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <2ga7aqFfroaU1@uni-berlin.de>,
individual_news@nibsworld.com says...
> -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1First, when I
> execute:gpg --search-keys --keyserver pgpkeys.mit.edu > address>
I suspect that instead of using your email address, you should use
your name and/or key ID.
> > I get the following output:gpg: searching for ""
> from HKP server pgpkeys.mit.edugpg: can't search keyserver: eofgpg:
> keyserver search failed: eofI've tried a couple other servers with
> the same message. What does thiserror usually mean? I am behind a
> proxy server but everything issupposed to be open and I'm using a
> proxy client that simlulates beingdirectly connected to the net so
> I'm thinking that the proxy isn't theproblem.Second problem. What
> is the proper procedure for moving keys between twocomputers? For
> example, at home I created a private key with passphraseA. At work,
> if all I have is passphrase A and the email I used, can Iimport
> that key from a server or something?
You can export your keys (public and secret) from their respective
keyring files to two files. Take the two files to the office machine
and import the the two keys from the two files to the respective
keyrings.
The passphrase only allows you to to use your secret key to decript
or sign with.
> > Oh, and just a curiosity question...the pass phrase I come up
> withreally isn't the private key is it? Is it combine with a random
> number(i.e. during that generation process that happens when
> generating akey)? I assume so or else if two people happened to use
> the same passphrase you'd be able to decrypt each other's messages.
> So my assumptionis that when you type in your phrase it is used in
> conjuntion with somerandom number to create your private key. Is
> that correct?Zach-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.4
> (MingW32)Comment: Using GnuPG with Thunderbird -
> http://enigmail.mozdev.orgiD8DBQFAn+...AJ9XuPYBCyC1/m
> dc9y8BrBHFN9tauQCePVsQRpLG/hD8iM+nzTUdvjCvud0==Ghzi-----END PGP
> SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt09

iQA/AwUBQKAJu8jRYykNVyotEQIcHQCgmR9tCv6xM2KDV60vk4xXvw eCBtMAoInS
9x4kbb4juCRlNzChvax6LMhX
=J4H7
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zach Wells writes:

[Note: I am unable to verify your signature:

gpg: Signature made Mon May 10 15:39:41 2004 CDT using DSA key ID E6741C8A
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: public key not found

It seems that the keyservers do not have your key.]

>First, when I execute:

>gpg --search-keys --keyserver pgpkeys.mit.edu

>I get the following output:
>gpg: searching for "" from HKP server pgpkeys.mit.edu
>gpg: can't search keyserver: eof
>gpg: keyserver search failed: eof

Maybe the keyservers don't have your key.

A search works fine for me using my email address.

>Second problem. What is the proper procedure for moving keys between two
>computers?

I normally use rsynch over ssh (via dsl) to synchronize my keyrings
between home and work computer. I do this for both "pubring.gpg" and
"secring.gpg".



But you could use

gpg --armor --export-secret-keys keyname > secret.asc
gpg --armor --export keyname > public.asc

to save to ascii files. Then copy those between your computers (maybe
use a floppy or a usb memory stick), then use "--import" to import
them on the other system.

> For example, at home I created a private key with passphrase
>A. At work, if all I have is passphrase A and the email I used, can I
>import that key from a server or something?

No. The passphrase by itself doesn't do anything. You need the
secret key.

>Oh, and just a curiosity question...the pass phrase I come up with
>really isn't the private key is it?

No.

The private key is stored in your keyring, encrypted (conventional
encryption). The passphase is what you need to decrypt the private
key in order to access it.

> So my assumption
>is that when you type in your phrase it is used in conjuntion with some
>random number to create your private key. Is that correct?

Not quite. The pass phase is used to decrypt your private key.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)

iD8DBQFAoAoKvmGe70vHPUMRAsnxAJwJIxavewVH3lUtxkpela Jv8WIvSgCfTvXt
row+IpwVyqFqFAwkVAKGMQ0=
=66RI
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Neil W Rickert wrote:



Thanks for all that info. I've got much better understanding now (along
with a new key) so things should be good.

Zach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFApC0m1Jw/17R3M68RAumyAKCQayTPAl1amPzfF7yjAZynVGCbkACePOvu
GRJx6HmOwLroCfCSgdzOlpo=
=zz5E
-----END PGP SIGNATURE-----