...
The commands in this article are gpg on some computers and gpg2 on others.
Step 1 Download one's keys
You need to know the ID of ones’ keys, for example, they can run code in the below on their computers:gpg2 --list-keys
...
- ask the person for his publickey or search for his key on the internet (use email on the key server)
- store the content of this publickey in a local file.
- import the key: gpg2 --import file
Step 2 Signature
gpg2 --sign-key BA45CDBB87E8B146A81F5BBE2206EF8F64C35889
...
You might use gpg2 --edit-key BA45CDBB87E8B146A81F5BBE2206EF8F64C35889 to deal with this problem specifically. I prefer to deal with it in a rough way which is deleting the other keys and then re-gpg2 --sign-key.
Step 3 Exporting the key
gpg2 -a --export BA45CDBB87E8B146A81F5BBE2206EF8F64C35889 | gpg2 -se -r BA45CDBB87E8B146A81F5BBE2206EF8F64C35889 > ~/tmp/ BA45CDBB87E8B146A81F5BBE2206EF8F64C35889.asc.pgp
Step 4 Send to the other party
Just send the email.
Step 5 (for the other side) Unzip, import, and upload again
gpg2 --decrypt BA45CDBB87E8B146A81F5BBE2206EF8F64C35889.asc.pgp
...
gpg2 --send-keys BA45CDBB87E8B146A81F5BBE2206EF8F64C35889 (This step is not feasible in China, please refer to the How to Release post for instructions on uploading).
Step 6 (for the other side) unzip, import, and upload again
If you are the release manager for Apache IoTDB, you need to upload your keys to the keys file (https://www.apache.org/dist/incubator/iotdb/KEYS):
...