Since 10 November our faculty has a new website! The old website will still be available at oldwww.fi.muni.cz for now. Something is broken? Please report it to webmaster@fi.muni.cz or use our webform.

translated by Google

If the user account status changes, the faculty administration automatically informs the user about it by e-mail. In particular, a notification is automatically sent to create (or renew) an account approaching account cancellation or (from) account blocking. To increase the credibility of these reports, the Faculty Administration signs its PGP key. This page describes how users can install the public administration key to their key databases in GnuPG and PGP.

Notice

If you use PGP without basic knowledge of its mechanism, you will not increase the security or reliability of your communication. On the contrary, your key is exposed to a high risk of misuse, with all the consequences. It is safer to use PGP at all than to use it badly. You can extend your knowledge of PGP, for example, on the project pages GnuPG . You can find much more information and links on the server http://www.pgpi.org/ .

Public Key of the Faculty Administration

The public key of the Faculty Administration is available at https://fadmin.fi.muni.cz/noauth/fadmin_key.pub . The key transfer will take place over a secure connection, which limits the possibility of being compromised if you already have a Trusted Administration SSL certificate trusted. The public key fingerprint is: 94A1 8BE2 DDB4 06CC 3D00 9DF9 E237 46F8 6D44 85C8 You can check the Fingerprint despite the secure link on the page https://fadmin.fi.muni.cz/noauth/fadmin_key.fpr You can also use an unsecured connection:
https://fadmin.fi.muni.cz/noauth/fadmin_key.pub
https://fadmin.fi.muni.cz/noauth/fadmin_key.fpr

Install the key in GnuPG

Download the public key to the local directory into a file fadmin_key.pub and execute the following order of commands. Add the key to your administrative key to your public key database.
$ gpg --import fadmin_key.pub 
gpg: klíč 6D4485C8: veřejný klíč "Fakultní administrativa FI MU <
fadmin@fi.muni.cz>" importován
gpg: Celkový počet zpracovaných klíčů: 1
gpg:               importováno: 1

$ gpg --edit-key fadmin

Příkaz> fpr
pub   1024D/6D4485C8 2003-06-24 Fakultní administrativa FI MU <
fadmin@fi.muni.cz>
 Primární fingerprint klíče: 94A1 8BE2 DDB4 06CC 3D00  9DF9 E237 46F8 6D44 85C8

Příkaz> quit
Verify that the fingerprint key is the same as above . If this is not the case, the key is either spoiled or damaged during transfer. In such a case, immediately delete it:
$ gpg --delete-key fadmin

Smazat tento klíč ze souboru klíčů? (a/N) a
If the fingerprint is OK, the key is already installed and GnuPG will use it to authenticate signatures from the Faculty Administration. After each validation, however, it may be warning that the key is not trusted. PGP keys credibility is based on the so-called net. Trust (Net of Trust). As trusted, you can either mark it or sign it with another trusted key. Here's how to mark the key for your need as trustworthy, but you will not allow anyone else to think of the Faculty administration as trustworthy on your trust. First, you must mark the public key of your secret key as trusted.
$ gpg --edit-key vas_klic

Tajný klíč je dostupný.

Příkaz> trust

Prosím rozhodněte, nakolik důvěřete tomuto uživateli, že správně
verifikuje klíče jiných uživatelů (prohlédnutím cestovních pasů,
kontrolou fingerprintů z různých zdrojů...)?


 1 = Nevím nebo neřeknu
 2 = Nedůvěřuji
 3 = Důvěřuji částečně
 4 = Důvěřuji úplně
 5 = Důvěřuji absolutně
 m = zpět do hlavního menu

Vaše rozhodnutí? 5
Opravdu chcete nastavit pro tento klíč absolutní důvěru? (a/N) a

Příkaz> quit
Now locally (for your needs - non-exportable) sign the key of the Faculty Administration with your secret key.
$ gpg --edit-key fadmin

Příkaz> lsign
Opravdu podepsat všechny id uživatele? (a/N) a
Podpis bude označen jako neexportovatelný.
Skutečně podepsat? (a/N) a
Musíte znát heslo, abyste odemknul(a) tajný klíč:

Příkaz> quit
Uložit změny? (a/N) a
Based on this signature, the key to the Faculty Administration will be considered trusted.

Install the key in PGP

The procedure is very similar to using GnuPG. Due to the wider possibilities, we recommend using GnuPG instead of PGP. The description in this section will therefore be dealt with by some of the explanations that can be found in the previous section. Download the public key to the local directory into a file fadmin_key.pub and add it to your public key database.
$ pgp -ka fadmin_key.pub
keyfile contains 1 new keys. Add these keys to keyring ? (Y/n) Y

$ pgp -kvc fadmin

Looking for user ID "fadmin".
Type bits      keyID      Date       User ID
DSS  1024/1024 0x6D4485C8 2003/06/24 Fakultní­ administrativa FI MU <
fadmin@informatics.muni.cz>
          Key fingerprint =  94 A1 8B E2 DD B4 06 CC  3D 00 9D F9 E2 37 46 F8  6D 44 85 C8
Fakultní administrativa FI MU <
fadmin@fi.muni.cz>
1 matching key found.
Verify that the fingerprint listed is the same as above . If not, immediately delete the key.
$ pgp -kr fadmin
Do you want to remove the whole key (y/N)? y
If the fingerprint is OK, the key is already installed and PGP will use it. However, it will probably not be considered trustworthy and will alert him whenever he uses it. We know the only general way you can mark a key in PGP as trusted: sign it with your own key. Warning: By signing the key, you are publicly convinced that the signed key really belongs to the Territorial Administration - PGP does not allow you to sign the key only locally, so you can occasionally export the signature to the public keyserver. Only access this step if you really know that you are signing the right key.
$ pgp -ks fadmin

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above public key actually belongs to the user specified by the
above user ID (y/N)? y

You need a pass phrase to unlock your secret key.
Enter pass phrase: 

Passphrase is good

Attach a regular expression to this signature, or
press enter for none:       
Now the key is installed and PGP will be trusted.