If the status of the user's account changes, the Faculty Administration will automatically inform him by e-mail. In particular, notifications of account creation (or renewal), imminent account cancellation or (un) account blocking are automatically sent. To increase the credibility of these reports, the Faculty Administration signs them with its PGP key. On this page, we will describe how users can install the Faculty Administration public key in their GnuPG and PGP key databases.
NoticeIf you use PGP without a basic knowledge of its mechanism, you will not increase the security or trustworthiness of your communication. On the contrary, you expose your key to a high risk of misuse, with all the consequences that this entails. It is safer not to use PGP at all than to use it incorrectly. You can expand your knowledge of PGP, for example, on the project website GnuPG . You can also find many more information and links on the web OpenPGP .
Public key of the Faculty AdministrationThe public key of the Faculty Administration is available at https://fadmin.fi.muni.cz/noauth/fadmin_key.pub . The key will be transferred over a secure connection, which limits the possibility of forgery if you already have a trusted SSL certificate from the Faculty Administration. The fingerprint of the public key is:
94A1 8BE2 DDB4 06CC 3D00 9DF9 E237 46F8 6D44 85C8You can also verify the fingerprint via a secure connection on the site https://fadmin.fi.muni.cz/noauth/fadmin_key.fpr You can also use insecure connections:
Key installation in GnuPGDownload the public key to a local directory file
fadmin_key.puband execute the following sequence of commands. Add the Faculty Administration key to your public key database.
Verify that the fingerprint key is the same as above . If this is not the case, the key is either forged or damaged during transmission. In this case, delete it immediately:
$ gpg --import fadmin_key.pub gpg: klíč 6D4485C8: veřejný klíč "Fakultní administrativa FI MU <
fadmindptAEd5f-@fiYPzdfx4xw.muniWDQe=8jbL.cz>" importován gpg: Celkový počet zpracovaných klíčů: 1 gpg: importováno: 1 $ gpg --edit-key fadmin Příkaz> fpr pub 1024D/6D4485C8 2003-06-24 Fakultní administrativa FI MU <
fadmin-POjVH0xl@fik3dkGuH0g.muniOIGmt54g4.cz> Primární fingerprint klíče: 94A1 8BE2 DDB4 06CC 3D00 9DF9 E237 46F8 6D44 85C8 Příkaz> quit
If the fingerprint is OK, the key is already installed and GnuPG will use it to verify signatures from the Faculty Administration. However, after each verification, it is likely to issue a warning that the key is not trusted. The trustworthiness of PGP keys is based on the so-called Net of Trust . You can either mark it as trusted or sign it with another trusted key. Here's how to mark a key as trusted for your needs, but not allow anyone else to trust a Faculty Administration key based on your trust. You must first mark the public key of your secret key as trusted.
$ gpg --delete-key fadmin Smazat tento klíč ze souboru klíčů? (a/N) a
Now sign the Faculty Administration key locally (for your needs - not for export) with your secret key.
$ gpg --edit-key vas_klic Tajný klíč je dostupný. Příkaz> trust Prosím rozhodněte, nakolik důvěřujete tomuto uživateli, že správně verifikuje klíče jiných uživatelů (prohlédnutím cestovních pasů, kontrolou fingerprintů z různých zdrojů...)? 1 = Nevím nebo neřeknu 2 = Nedůvěřuji 3 = Důvěřuji částečně 4 = Důvěřuji úplně 5 = Důvěřuji absolutně m = zpět do hlavního menu Vaše rozhodnutí? 5 Opravdu chcete nastavit pro tento klíč absolutní důvěru? (a/N) a Příkaz> quit
Based on this signature, the key of the Faculty Administration will be considered trustworthy.
$ gpg --edit-key fadmin Příkaz> lsign Opravdu podepsat všechny id uživatele? (a/N) a Podpis bude označen jako neexportovatelný. Skutečně podepsat? (a/N) a Musíte znát heslo, abyste odemknul(a) tajný klíč: Příkaz> quit Uložit změny? (a/N) a
Key installation in PGPThe procedure is very similar to using GnuPG. In addition, due to the wider possibilities, we recommend using GnuPG instead of PGP. Therefore, the description in this section will be summarized with some explanations that can be found in the previous section. Download the public key to a local directory file
fadmin_key.puband add it to your public key database.
Verify that the fingerprint listed is the same as above . If not, delete the key immediately.
$ pgp -ka fadmin_key.pub keyfile contains 1 new keys. Add these keys to keyring ? (Y/n) Y $ pgp -kvc fadmin Looking for user ID "fadmin". Type bits keyID Date User ID DSS 1024/1024 0x6D4485C8 2003/06/24 Fakultní administrativa FI MU <
fadminhnwt75wGI@informaticshVkAQ5jF6.muniYmL9yzxhK.cz> Key fingerprint = 94 A1 8B E2 DD B4 06 CC 3D 00 9D F9 E2 37 46 F8 6D 44 85 C8 Fakultní administrativa FI MU <
fadminHxN4MN4_0@fia7wCycf_y.muniYkTkbsTEw.cz> 1 matching key found.
If the fingerprint is OK, the key is already installed and PGP will use it. However, he will probably not consider it trustworthy and will point it out each time it is used. We know of the only general way you can trust a key in PGP: sign it with your own key. Warning: By signing the key, you publicly express your belief that the signed key really belongs to the Faculty Administration - PGP does not allow you to sign the key only locally, so you can occasionally export this signature to a public keyserver. Only take this step if you really know that you are signing the correct key.
$ pgp -kr fadmin Do you want to remove the whole key (y/N)? y
The key is now installed and PGP will trust it.
$ pgp -ks fadmin READ CAREFULLY: Based on your own direct first-hand knowledge, are you absolutely certain that you are prepared to solemnly certify that the above public key actually belongs to the user specified by the above user ID (y/N)? y You need a pass phrase to unlock your secret key. Enter pass phrase: Passphrase is good Attach a regular expression to this signature, or press enter for none: