GnuPrivacyGuardHowto
Differences between revisions 2 and 21 (spanning 19 versions)
|
Size: 5611
Comment: Still WIP, but coming close
|
Size: 64
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| This page describes how to use gpg to create a keypair, sign other keys and data and use a keyserver == Installing the neccessary packages == There are several useful gpg packages: * gnupg * gpg-agent, pinentry-gtk2 * gpa gnupg is the core package, it is installed by default on Ubuntu systems. gpg-agent and pinentry-gtk2 are packages that facilitate no having to enter the password for your key every time you want to use it. gpa is a graphical interface to gpg. pinentry-gtk2 is not available in hoary, a backported breezy package can be found on http://seveas.ubuntulinux.nl/ == Configuration == Run gpg once: {{{ gpg < /dev/null}}} This command will fail, but that's ok. It created an inital configuration in ~/.gnupg/ Open this file in your favorite editor. BBrowse through it and change what you like. A few useful things to change are: * keyserver-options auto-key-retrieve * use-agent The former makes gpg automatically retrieve gpg keys when verifying signatures. The latter makes you use gpg-agent, which is very useful if you use gpg a lot but don't like typing your password all the time. Now create the file ~/.gnupg/gpg-agent.conf with the following content: {{{pinentry-program /usr/bin/pinentry-gtk-2 default-cache-ttl 86400 max-cache-ttl 86400}}} This will make gpg-agent use pinentry-gtk2 and it will remember your password for 24 hours. == Generating a key == Both gpg and gpa can generate you a new key === gpg === Run the command {{{ gpg --gen-key}}} It will ask what kind of key you want. The default choice (1) is preferred, since the others cannot be used for encryption. A keysize (question 2) of 2048 (which is the default) is also a good choice. Most people make their keys valid until infinity (question 3). If you do this don't forget to revoke the key when you no longer use it (see later). It will then ask you for your name and E-mail address. Make sure that the name on the key matches the name in your passport! You can add extra e-mailaddresses to the key later. it will now ask you for a password twice. Remember this password carefully, there is no way to recover it when it's lost. A complete session looks like this: {{{dennis@mirage ~ $ gpg --gen-key Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Dennis Kaarsemaker Email address: dennis@kaarsemaker.net Comment: Tutorial key You selected this USER-ID: "Dennis Kaarsemaker (Tutorial key) <dennis@kaarsemaker.net>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++..++++++++++++++++++++.++++++++++.+++++.+++++.+++++.+++++++++++++++.++++++++++..+++++>+++++..............>+++++.............+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.+++++++++++++++.++++++++++..+++++.+++++++++++++++..+++++.+++++.+++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++..++++++++++++++++++++++++++++++>+++++.......................................................................>+++++....<.+++++.>.+++++.<+++++.............................>.+++++......<+++++..>+++++..+++++^^^^^^^^^ gpg: key D8FC66D2 marked as ultimately trusted public and secret key created and signed. pub 1024D/D8FC66D2 2005-09-08 Key fingerprint = 95BD 8377 2644 DD4F 28B5 2C37 0F6E 4CA6 D8FC 66D2 uid Dennis Kaarsemaker (Tutorial key) <dennis@kaarsemaker.net> sub 2048g/389AA63E 2005-09-08}}} === gpa === Start gpa, and in its menu choose {{{Keys}}} -> {{{New Key}}}. This opens a new window where you can fill in the required information. See the previous section for recommendations. === gpg.conf === Now that you created a key, open gpg.conf again and set the key ID of this new key as default-key. Another nice trick to do is adding this line to your .bashrc: {{{ export GPGKEY=B52A7216}}} (Use your key id instead of B52A7216 of course) Now restart the gpg-agent and source your .bashrc again: {{{ killall -q gpg-agent eval $(gpg-agent --daemon) source ~/.bashrc}}} == Uploading the key == After creating the key, you can upload it to the keyserver so that other people can download your key. You do this with the following command: {{{ gpg --send-keys $GPGKEY}}} == Getting your key signed == * == Signing data == * |
#REFRESH 0 http://help.ubuntu.com/community/GnuPrivacyGuardHowto |
GnuPrivacyGuardHowto (last edited 2008-08-06 16:24:38 by localhost)