Richard Chang's Public Keys


The Keys

Since Network Associates terminated support for PGP, I've moved to Gnu Privacy Guard (GnuPG) and mainly use my DSS key for signing email messages.

The public keys are in these files:


Using GnuPG for Verification

Important messages that I send out via email (e.g., grade reports) are signed with my private key. You can verify the validity of the message using GnuPG. At UMBC, GnuPG is installed on the GL Linux servers (linux.gl.umbc.edu) and on the CSEE Linux servers (linuxserver1.cs.umbc.edu).

To initialize your GnuPG setup, first download the DSS public key using the link above. If you do not trust the web server, the key is also available on the GL file system at:

/afs/umbc.edu/users/c/h/chang/pub/keys/dsskey.txt and on the CS file system at: ~chang/www/dsskey.txt With the file dsskey.txt in your local directory, issue the command: gpg --import dsskey.txt If you have not used GnuPG previously, this creates a directory .gnupg in your home directory and adds my public key to your public key ring in ~/.gnupg/pubring.gpg.

Next, save the body of the email message you would like to verify in a file called, say, foo.txt and issue the command:

gpg --verify foo.txt You should get a message like: gpg: Signature made Wed 13 Mar 2002 09:50:33 AM EST using DSA key ID DED57E67 gpg: Good signature from "Richard Chang <chang@cs.umbc.edu>" gpg: aka "Richard Chang <chang@umbc.edu>"

If the email message has been tampered, the output would look like:

gpg: Signature made Wed 13 Mar 2002 09:50:33 AM EST using DSA key ID DED57E67 gpg: BAD signature from "Richard Chang <chang@cs.umbc.edu>" You might also get a message that the key you used has not been certified by anyone. If you use GnuPG more, you can indicate your own level of trust of this particular public key. (For example, you could generate your own private/public key pair and sign my public key to indicate that you trust its validity.) But for now, you are basing your trust on the security provided by the Unix file systems on campus.

For more information on GnuPG, visit the official GnuPG website or type

man gpg
Last Modified: 25 Nov 2003 23:34:26 EST by Richard Chang