GPG Key Usage
- What is a GPG key?
- How do I import my GPG key?
- How do I use my GPG key?
- Which options may I use in my email?
- I'm getting errors, what is wrong?
- What is a GPG key?
Explaining the use of the GNU Privacy Guard, or GPG, is a little outside our scope, but the short version is that GPG may be used to sign and validate the integrity of files.
Our site allows a limited number of operations to be performed via signed emails sent to addresses of the form:
- "domain-name"@updates.mail-scanning.com
For example if you have the domain "steve.com" you could send a signed email to the address steve.com@updates.mail-scanning.com to configure updates in a secure fashion.
Providing we know your key this signed request may be used to make changes to your account in a secure fashion.
- How do I import my GPG key?
If you're logged into the site you may visit the following link to insert, or view, the GPG key associated with your account:
- How do I use my GPG key?
The GPG key, once imported, may be used to validate that updates have really been sent by you.
Currently you may add, or remove, addresses to your list of allowed users for any of your domain via email.
For example if you wish to define the user "steve@example.com" as a valid recipient for your domain, and remove the user "bob@example.com" create a file with the following contents:
add-user: steve del-user: bobNow GPG-sign that file, and mail it to example.com@updates.mail-scanning.com as follows:
cat updates.txt | gpg --clearsign | mail example.com@updates.mail-scanning.com
- Which options may I use in my email?
Currently you may use any of the following commands:
- add-user: name
- Adds the named user to your list of allowed domainusers.
- del-all-users:
- Removes all currently defined users from your list of allowed domainusers.
- del-user: name
- Removes the named user from your list of allowed domainusers.
- list-users:
- Display your list of allowed domainusers.
- stats:
- Display the SPAM, and HAM totals for the domain.
- I am getting errors, what is wrong?
You should receive an email in response to each submission you make.
The notification email should let you know which commands were recognised and processed successfully. Any errors should also be clearly visible.
If you receive a reply claiming the message was badly signed please consult the GPG troubleshooting page.