McAfee MEJCAE-AM-DA Product Guide - Page 37
Remove a signature from a key, Adding a designated revoker to your key
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 37 highlights
Managing Keys Editing your key Note: A key must be valid in order for you to edit it's level of trust. For more information on signing someone's key, see Validity and trust on page 46. To edit trust options for your key: 1 Enter the following on the command line: ebs --key-edit --trust Your trust level options are: • Enter none, if you do not know if you trust the owner of this key to act as a trusted introducer, or if you do not trust the owner of this key. • Enter marginal, if you usually trust the owner of this key to act as a trusted introducer. • Enter complete, if you always trust the owner of this key to act as a trusted introducer. • Enter implicit, if the key is your own key. To view a key's trust level, use the --key-detail option. For more information, see Getting more information about keys on page 29. Remove a signature from a key Use the --remove-sig modifier with the --key-edit option to remove signatures from a local copy of your key. Bear in mind, however, that if others have signed a copy of your key that is residing on a public key server, the signatures will reappear on your key when you synchronize your key with the one on the key server. To remove selected signatures from a user ID on a key: 1 Enter the following on the command line: ebs --key-edit --remove-sig For example, the following would delete The Joker's signature from Adam West's key: ebs --key-edit "Adam West" --remove-sig "The Joker" Adding a designated revoker to your key It is possible that you might forget your passphrase someday or lose your private key. If this happens, then you would be unable to use your key again, and you would have no way of revoking it to show others not to encrypt to it. To safeguard against this possibility, you can appoint a third-party key revoker. The third-party you designate is then able to revoke your key just as if you had revoked it yourself. For more information on revoking keys, see Revoking a key on page 36. Note: For a key to appear revoked to another user, both the revoked key and the Designated Revoker key must be on his/her keyring. Thus, the designated revoker feature is most effective in a corporate setting, where all users' keyrings contain the company's Designated Revoker key. If the revoker's key is not present on a person's keyring, then the revoked key does not appear revoked to that user and he/she may continue to encrypt to it. Note: This feature is available for Diffie-Hellman/DSS and RSA keys. Designated revokers are not supported by RSA Legacy keys. To add a designated revoker to your key: 1 Ensure that the designated revoker's key is on your keyring. 2 Enter the following on the command line: ebs --key-edit --add-revoker