quay:wiki

User Tools

Site Tools

Trace:
crypto:gnupg

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
crypto:gnupg [2018-12-11 02:01] – bullets gabrielcrypto:gnupg [2018-12-20 00:41] – basic key generation gabriel
Line 1: Line 1:
 ====== GnuPG Notes and Best Practices ====== ====== GnuPG Notes and Best Practices ======
  
- * https://riseup.net/en/security/message-security/openpgp/best-practices +Create a strong 4096-bit RSA key. In the future when a more modern elliptic curve key is standard for OpenPGP.  These instructions largely follow  
- * http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ + 
- * https://liquidat.wordpress.com/2013/05/07/howto-changing-the-expiry-date-of-gpg-keys/ +<code sh> 
- * https://alexcabal.com/creating-the-perfect-gpg-keypair+sguy@helium:~$ gpg --full-gen-key 
 +gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. 
 +This is free software: you are free to change and redistribute it. 
 +There is NO WARRANTY, to the extent permitted by law. 
 + 
 +gpg: directory '/home/sguy/.gnupg' created 
 +gpg: keybox '/home/sguy/.gnupg/pubring.kbx' created 
 +Please select what kind of key you want: 
 +   (1) RSA and RSA (default) 
 +   (2) DSA and Elgamal 
 +   (3) DSA (sign only) 
 +   (4) RSA (sign only) 
 +Your selection? 1 
 +RSA keys may be between 1024 and 4096 bits long. 
 +What keysize do you want? (3072) 4096 
 +Requested keysize is 4096 bits 
 +Please specify how long the key should be valid. 
 +         0 = key does not expire 
 +      <n>  = key expires in n days 
 +      <n>w = key expires in n weeks 
 +      <n>m = key expires in n months 
 +      <n>y = key expires in n years 
 +Key is valid for? (0) 2y 
 +Key expires at Fri Dec 18 23:35:04 2020 EST 
 +Is this correct? (y/N) y 
 + 
 +GnuPG needs to construct a user ID to identify your key. 
 + 
 +Real name: Some Guy 
 +Email address: sguy@quay.net 
 +Comment:  
 +You selected this USER-ID: 
 +    "Some Guy <sguy@quay.net>" 
 + 
 +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
 +We need to generate a lot of random bytes. It is a good idea to perform 
 +some other action (type on the keyboard, move the mouse, utilize the 
 +disks) during the prime generation; this gives the random number 
 +generator a better chance to gain enough entropy. 
 +We need to generate a lot of random bytes. It is a good idea to perform 
 +some other action (type on the keyboard, move the mouse, utilize the 
 +disks) during the prime generation; this gives the random number 
 +generator a better chance to gain enough entropy. 
 +gpg: /home/sguy/.gnupg/trustdb.gpg: trustdb created 
 +gpg: key FEDCBA0987654321 marked as ultimately trusted 
 +gpg: directory '/home/sguy/.gnupg/openpgp-revocs.d' created 
 +gpg: revocation certificate stored as '/home/sguy/.gnupg/openpgp-revocs.d/1234567890ABCDEF111000FEDCBA0987654321.rev' 
 +public and secret key created and signed. 
 + 
 +pub   rsa4096 2018-12-20 [SC] [expires: 2020-12-19] 
 +      1234567890ABCDEF111000FEDCBA0987654321 
 +uid                      Some Guy <sguy@quay.net> 
 +sub   rsa4096 2018-12-20 [E] [expires: 2020-12-19] 
 + 
 + 
 +sguy@helium:~/.gnupg$ cat gpg.conf  
 +keyid-format 0xlong 
 +cert-digest-algo SHA512 
 +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed 
 + 
 + 
 +sguy@helium:~$ gpg --edit-key sguy@quay.net 
 +gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. 
 +This is free software: you are free to change and redistribute it. 
 +There is NO WARRANTY, to the extent permitted by law. 
 + 
 +Secret key is available. 
 + 
 +gpg: checking the trustdb 
 +gpg: marginals needed: 3  completes needed: 1  trust model: pgp 
 +gpg: depth: 0  valid:    signed:    trust: 0-, 0q, 0n, 0m, 0f, 1u 
 +gpg: next trustdb check due at 2020-12-19 
 +sec  rsa4096/0xFEDCBA0987654321 
 +     created: 2018-12-20  expires: 2020-12-19  usage: SC   
 +     trust: ultimate      validity: ultimate 
 +ssb  rsa4096/0xFEDCBA0987654322 
 +     created: 2018-12-20  expires: 2020-12-19  usage: E    
 +[ultimate] (1). Some Guy <sguy@quay.net> 
 + 
 +gpg> addkey 
 +Please select what kind of key you want: 
 +   (3) DSA (sign only) 
 +   (4) RSA (sign only) 
 +   (5) Elgamal (encrypt only) 
 +   (6) RSA (encrypt only) 
 +Your selection? 4 
 +RSA keys may be between 1024 and 4096 bits long. 
 +What keysize do you want? (3072) 4096 
 +Requested keysize is 4096 bits 
 +Please specify how long the key should be valid. 
 +         0 = key does not expire 
 +      <n>  = key expires in n days 
 +      <n>w = key expires in n weeks 
 +      <n>m = key expires in n months 
 +      <n>y = key expires in n years 
 +Key is valid for? (0) 23m 
 +Key expires at Sun Nov  8 23:50:18 2020 EST 
 +Is this correct? (y/N) y 
 +Really create? (y/N) y 
 +We need to generate a lot of random bytes. It is a good idea to perform 
 +some other action (type on the keyboard, move the mouse, utilize the 
 +disks) during the prime generation; this gives the random number 
 +generator a better chance to gain enough entropy. 
 + 
 +sec  rsa4096/0xFEDCBA0987654321 
 +     created: 2018-12-20  expires: 2020-12-19  usage: SC   
 +     trust: ultimate      validity: ultimate 
 +ssb  rsa4096/0xFEDCBA0987654322 
 +     created: 2018-12-20  expires: 2020-12-19  usage: E    
 +ssb  rsa4096/0xFEDCBA0987654323 
 +     created: 2018-12-20  expires: 2020-11-09  usage: S    
 +[ultimate] (1). Some Guy <sguy@quay.net> 
 + 
 +gpg> save 
 + 
 +</code> 
 + 
 +===== Reference ===== 
 + 
 +  * https://riseup.net/en/security/message-security/openpgp/best-practices 
 +  * http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ 
 +  * https://liquidat.wordpress.com/2013/05/07/howto-changing-the-expiry-date-of-gpg-keys/ 
 +  * https://alexcabal.com/creating-the-perfect-gpg-keypair 
crypto/gnupg.txt · Last modified: 2018-12-20 00:48 by gabriel