Focus: GnuPG - Further User IDs (UIDs)
1. What is a User ID and why do I need more than one?
2. How can assign multiple SMTP addresses to a single key?
3. How do I change the primary User ID?
2. How can assign multiple SMTP addresses to a single key?
3. How do I change the primary User ID?
What is a User ID and why do I need more than one?
Not all communication partners, with whom PGP or GnuPG encrypted emails are exchanged, will use server-based encryption methods with central key management. More than often, the email will be decrypted or encrypted by the user directly within the mail client, using plug-ins or existing software.
Some clients do not accept emails that are to be encrypted with a "company key", as this key contains another SMTP address than the recipient's address. Or a request might be sent to a key server, where no company key is found as it does not contain the SMTP address of the selected recipient.
A User ID with an SMTP address is assigned to each key correctly generated and also exported when the public key is exported. Further User IDs can be added to the key, each one with the individual SMTP address of the recipient who is to receive encrypted mails. This ensures identification through direct concordance between SMTP addresses on the key server and the recipient addresses.
As adding User IDs does not alter the key itself, other communication partners do not have to re-import the extended key. The existing key can still be used for encryption.
Some clients do not accept emails that are to be encrypted with a "company key", as this key contains another SMTP address than the recipient's address. Or a request might be sent to a key server, where no company key is found as it does not contain the SMTP address of the selected recipient.
A User ID with an SMTP address is assigned to each key correctly generated and also exported when the public key is exported. Further User IDs can be added to the key, each one with the individual SMTP address of the recipient who is to receive encrypted mails. This ensures identification through direct concordance between SMTP addresses on the key server and the recipient addresses.
As adding User IDs does not alter the key itself, other communication partners do not have to re-import the extended key. The existing key can still be used for encryption.
 |
 |
|
|
How can assign multiple SMTP addresses to a single key?
To add a User ID, use the command "gpg --edit-key <Key-ID>" with the sub-command "adduid-.
In the example below, the first User ID is "GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com>":
C:GNUGnuPGyourdomain>gpg --homedir . --list-keys
In the example below, the first User ID is "GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com>":
C:GNUGnuPGyourdomain>gpg --homedir . --list-keys
|
.pubring.gpg ------------- pub 1024D/EA8B9EF4 2005-09-12 GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> sub 1024g/99DCDA44 2005-09-12 |
|
Now add an additional User ID for a user named Alice:
C:\GNU\GnuPG\yourdomain>gpg --homedir . --edit-key EA8B9EF4
C:\GNU\GnuPG\yourdomain>gpg --homedir . --edit-key EA8B9EF4
|
gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. gpg: checking the trustdb gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1 pub 1024D/EA8B9EF4 created: 2005-09-12 expires: never trust: u/u sub 1024g/99DCDA44 created: 2005-09-12 expires: never (1). GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> |
|
Command> adduid
Real name:Alice
Email address:alice@yourdomain.com
Comment: This is user named Alice
Real name:Alice
Email address:alice@yourdomain.com
Comment: This is user named Alice
|
You selected this USER-ID: "Alice (user named Alice) <alice@yourdomain.com>" |
|
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
|
You need a passphrase to unlock the secret key for user: "GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com>" 1024-bit DSA key, ID EA8B9EF4, created 2005-09-12 |
|
<Enter password >
|
pub 1024D/EA8B9EF4 created: 2005-09-12 expires: never trust: u/u sub 1024g/99DCDA44 created: 2005-09-12 expires: never (1) GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> (2). Alice (user named Alice) <alice@yourdomain.com> |
|
Command> q
Save changes? y
Save changes? y
After having included a further User ID for the user named Bob, the following is returned:
C:\GNU\GnuPG\yourdomain>gpg --homedir . --list-keys
C:\GNU\GnuPG\yourdomain>gpg --homedir . --list-keys
|
.pubring.gpg ------------- pub 1024D/EA8B9EF4 2005-09-12 Bobby (Dies ist Benutzer Bob) <bob@yourdomain.com> uid GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> uid Alice (user named Alice) <alice@yourdomain.com> sub 1024g/99DCDA44 2005-09-12 |
|
|
|
|
|
How do I change the primary User ID?
The primary User ID is identified by a dot between the UID number and the user's name.
It can be set on the command line with the sub-command "primary":
C:\GNU\GnuPG\yourdomain>gpg --homedir . --edit-key EA8B9EF4
It can be set on the command line with the sub-command "primary":
C:\GNU\GnuPG\yourdomain>gpg --homedir . --edit-key EA8B9EF4
|
gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. gpg: checking the trustdb gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1 pub 1024D/EA8B9EF4 created: 2005-09-12 expires: never trust: u/u sub 1024g/99DCDA44 created: 2005-09-12 expires: never (1) GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> (2) Alice (user named Alice) <alice@yourdomain.com> (3). Bobby (user named Bob) <bob@yourdomain.com> |
|
Command> uid 1
|
pub 1024D/EA8B9EF4 created: 2005-09-12 expires: never trust: u/u sub 1024g/99DCDA44 created: 2005-09-12 expires: never (1)* GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> (2) Alice (user named Alice) <alice@yourdomain.com> (3). Bobby (user named Bob) <bob@yourdomain.com> |
|
Command> primary
|
You need a passphrase to unlock the secret key for user: "Bobby (user named Bob) <bob@yourdomain.com>" 1024-bit DSA key, ID EA8B9EF4, created 2005-09-12 |
|
<Enter password>
|
pub 1024D/EA8B9EF4 created: 2005-09-12 expires: never trust: u/u sub 1024g/99DCDA44 created: 2005-09-12 expires: never (1)* GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> (2) Alice (user named Alice) <alice@yourdomain.com> (3) Bobby (user named Bob) <bob@yourdomain.com> |
|
Command> q
Save changes? y
Save changes? y
Check again:
C:\GNU\GnuPG\yourdomain>gpg --homedir . --edit-key EA8B9EF4
C:\GNU\GnuPG\yourdomain>gpg --homedir . --edit-key EA8B9EF4
|
gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. gpg: checking the trustdb gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1 pub 1024D/EA8B9EF4 created: 2005-09-12 expires: never trust: u/u sub 1024g/99DCDA44 created: 2005-09-12 expires: never (1). GnuPG Yourdomain (company key of the company named Yourdomain) <gnupg@yourdomain.com> (2) Alice (user named Alice) <alice@yourdomain.com> (3) Bobby (user named Bob) <bob@yourdomain.com> |
|
|
|
|
|
For further information on encryption, please refer to our whitepapers on iQ.Suite Crypt.
