GNU/Linux Desktop Survival Guide by Graham Williams |
|||||
OpenPGP and Keys |
Install the GNU Privacy Guard package in Debian as gnupg. This is the GNU implementation of the OpenPGP.
To automatically check signatures from a keyserver add the name of a
keyserver to /home/kayon/.gnupg/gpg.conf file. For example
you may like to add the following, although it might be best to stick
with the Debian defaults:
keyserver wwwkeys.au.pgp.net |
--keyserver wwwkeys.au.pgp.net
.
To create a gpg key:
$ gpg --gen-key gpg (GnuPG) 1.2.3; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <[email protected]>" Real name: Kayon Toga Email address: [email protected] Comment: You selected this USER-ID: "Kayon Toga <[email protected]>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Enter passphrase: *********** Repeat passphrase: ********** We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ....++++++++++.+++++++++++++++++++++++++++++++++++.+++++.++++++++++ ..+++++++++++++++++++++++++.+++++++++++++++++++++++++. ++++++++++++++++++++>+++++.+++++..>+++++.....+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..++++++++++++++++++++++++++++++.+++++++++++++++++++++++++.+++++ .++++++++++..+++++++++++++++++++++++++++++++++++++++++++++ public and secret key created and signed. key marked as ultimately trusted. pub 1024D/5A829E4A 2003-04-03 Kayon Toga <[email protected]> Key fingerprint = B0C5 F86D 98A4 40A4 B900 B1FA D0C6 2DA0 34F4 9ADB sub 1024g/D7DE757D 2003-04-03 |
To get the hex ID of your public key:
$ gpg --list-keys [email protected] pub 1024D/5A829E4A 2003-04-03 Kayon Toga <[email protected]> sub 1024g/D7DE757D 2003-04-03 |
The hex ID here is 5A829E4A. This is required to create key-cert objects.
To extract your public key block in ascii format to a file key.asc
$ gpg --export -a -o key.asc [email protected] |
This generates:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.3 (GNU/Linux) mQGiBD6Le6QRBACa0Di6Gcx4Q3Tpghl+hu/geCBRaZUZlMxbx0yxxOgsoOb/SMzP NNNG5IdMVKrV60X8jwzCi/tx3QdKps9hE+kNESW472LDEUdbDLjxDMajyfW16k2r sxkvW3iiyQeO8catYdUm4Qt5SoU/X1/U1PGurSzC9jeMcnB5UThQ6tGs+wCg6Qgq X5NCHtzpKPWU06I7trfSEpsD/1+w3g5+qjy+s3jj+gUf3kELY1NMyrvGnsb5D8ns y9mXA35QnRGh+66gGYS5JSPB4eZLz/p6E4cum8M8UiFFIYuzdN8mec4hoT8MD1Eg +WT1S3L6337k0S+p0ePaTVFQuZw7p0O9UX1xlqCsvFXqlsQSy9ZG+2AB4wg5zR25 vnEvBACBB+js3IbvXyWsDRcEsgYHm0whA+rB0cOgYW0VxdpdgLOwhm71TAbR8KDS icbM8raWwFlA/8m5z/0CMo6izm7pI3lDUmXsrE8qsJvHawMd+Vvt5XAwEB3yonWU o6lHvZKROZuyNM5I2pT2i331Ukwbg42cRG75HD2LZnrV6CuitLQuR3JhaGFtIFdp bGxpYW1zIDxHcmFoYW0uV2lsbGlhbXNAdG9nYXdhcmUuY29tPohZBBMRAgAZBQI+ i3ukBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCeP1CyW4KdSwVEAJ9XbkhnzcYojuII vsX3JkCK8De3qQCgqY8bbuCJyW5Ky1bPfd3mpEliObS5AQ0EPot7pRAEAIXoJqCf mWpUasWeeNICVVwM30urggwXHnOjAcKkBN8uJGK6WeHlFNJmFfd4D5bHny6sJw7X QiYZKlAwFULct55DwS/GUuko1wtPOXS1jmC3XbkzBXpWE05PgP+7BOXkZdimPm+g xZdeG/GjGGg3HVMHY13xCe0C73Ou0gKSfidrAAMFA/9VrkDyPgYNgWEKfpgqkJHD TX5cmy5Q1gKFEEKRnJGMhm8UauHIBX3SzlYylguHNFEfITPqOxNbYeMgaDwL6/7h HVegv5o93bUkqE88J3q5t0EZDRlE2yoL6vcaqyDdwhAGmwGoT2lUk9DrbIwJGmZD a6BPHIQ23Q2Av/+zl0qLI4hGBBgRAgAGBQI+i3ulAAoJEJ4/ULJbgp1LjhUAniKX qE3SGxCAVFUeIrKHk/pYqyTVAJ9WkJ31FxQWBmmw81dxsdAslDFxkg== =nrTb -----END PGP PUBLIC KEY BLOCK----- |
To put your public key on to one of the public key servers (so others
can access it) you can do:
$ gpg --send-key --keyserver pgp.earth.li 5A829E4A gpg: success sending to `pgp.earth.li' (status=200) |
You can check the key was received with:
$ gpg --recv-key --keyserver pgp.earth.li 5A829E4A gpg: key 5A829E4A: "Kayon Toga <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 |
The key is also now at other servers without any extra effort:
$ gpg --recv-key --keyserver wwwkeys.pgp.net 5A829E4A gpg: key 5A829E4A: "Kayon Toga <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 |
Copyright © 1995-2006 [email protected]