...
2. Publish Your Public Key
To enable people and Sonatype to find your public key, you should must publish it to a well-known keyserver. Due to the deprecation of all the majority of SKS keyservers in 2019 we now have the options of the :
...
...
- keyserver.ubuntu.com (hockeypuck)
- pgp.mit.edu (SKS)
| Info |
|---|
In the efforts to reduce the publication of private information the Hagrid server will not reveal or allow searching with the email address a key is tied to without explicit approval. Because keyservers no longer store and distribute third-party signatures (those adding via signing someone's key) the "Web of trust" is harder to track. Therefore it is not necessary to reveal your email address when publishing your key unless you really want to. |
| Tip |
|---|
For the below commands, yourKeyID is the last 8 digits of your public key fingerprint. Fingerprints may be used instead of key IDs. To find your fingerprint use the command |
| Code Block |
|---|
|
| gpg --keyserver keyserver.ubuntu.com --send-key [yourKeyID]
|
| Div |
|---|
| style | border: 1px solid black; padding: 0.4em; |
|---|
|
Hagrid server (OpenPGPkeys.openpgp.org (Hagrid)
| Code Block |
|---|
| title | Not revealing your email address |
|---|
| gpg --keyserver keys.openpgp.org --send-key [yourKeyID | Fingerprint]
|
| Code Block |
|---|
| title | Publishing your email address with your key |
|---|
| gpg --export your_address@example.net | curl -T - https://keys.openpgp.org |
|
| Code Block |
|---|
| title | keyserver.ubuntu.com (HockeyPuck) |
|---|
|
gpg --keyserver keyserver. |
...
ubuntu.com --send-key [yourKeyID | Fingerprint] |
| Code Block |
|---|
|
gpg --keyserver pgp.mit.edu --send-key [yourKeyID | Fingerprint] |
This will upload your public key to a well-known keyserver, which will then trigger other connected keyservers to get a copy.
...