They most definitely will.
What does the signature (FBF52716) mean? Is it some kind of hash of your public key and what is the best place to upload your public PGP key?
It's just the unique key ID. It allows people to search for my keys, and import them quickly.
Yours for that key is: 8FC8E099 (sometimes you may need to add 0x to the beginning of it)
In Linux you can get it by entering:
gpg -k to view all your keys.
If you wanted to import mine, you could either do it manually (like you did before), or just enter
gpg --recv-keys FBF52716You can upload them to:
http://pgp.mit.edu/https://keyserver.pgp.com/vkd/GetWelcomeScreen.eventThey will eventually propagate to all PGP servers.
You can also use my key id to search for my keys on the above sites, or search by my name, username, etc.
Thanks for your help! A couple of more questions: How do I ensure that my private key stays private? Should I create it on an offline computer or are there other ways? Also, what is the best way to back it up? Should I perhaps encrypt it and then upload it to Google or Dropbox?
PGP keys that belong to average Joe, such as me and you, aren't really that interesting for attackers to get hold of, still you should keep it secure as can be though, and make sure it is protected with a secure, never, ever used before password (as
all passwords should be).
That way, if someone gets hold of your keys, they'd have to know the pass phrase associated with it to do any thing with.
Using an offline computer is one way to go, but every time you want to sign/encrypt/decrypt a message, you'll have to put the file on a USB, boot up the offline computer, run PGP, put the encrypted/sign file back on the USB, and back onto you're online computer.
Worth doing for a Bitcoin wallet, but is overkill for something like this IMO, unless you are dealing with sensitive data or you are of importance.
If you want to back it up, which I suggest, you could create a QR barcode of it (best to do it offline, but can be done
online like here), you could then print that and store it somewhere safe. Quite easy to import then.
I use OpenSSL on Linux to encrypt all my files, so my knowledge of Windows tools is not that great, but TrueCrypt is an option, you could then email yourself the encrypted file.
If you key ever does get compromised, you can revoke it and attach your new key to it. To do this you need to create a key revocation certificate.
This is just basically a certificate you create, store some where safe and never have to touch again, until you need to revoke it, which you do by uploading it to a PGP key server. When it sees this special certificate, it basically broadcasts a message to all key servers saying "my key is compromised, do not use or trust it, here is my new one".
Have a read of this:
http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-key-revocation.htmlThis is a great very short guide to PGP in general that helped me a lot:
http://aplawrence.com/Basics/gpg.html
