quay:wiki

User Tools

Site Tools

Trace:
crypto:gnupg

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
crypto:gnupg [2018-12-11 02:00] – created gabrielcrypto:gnupg [2018-12-20 00:48] (current) – a good article on managing subkeys gabriel
Line 1: Line 1:
 ====== GnuPG Notes and Best Practices ====== ====== GnuPG Notes and Best Practices ======
  
-* https://riseup.net/en/security/message-security/openpgp/best-practices +Create a strong 4096-bit RSA key. In the future when a more modern elliptic curve key is standard for OpenPGP.  These instructions largely follow  
-* http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ + 
-* https://liquidat.wordpress.com/2013/05/07/howto-changing-the-expiry-date-of-gpg-keys/ +<code sh> 
-* https://alexcabal.com/creating-the-perfect-gpg-keypair+sguy@helium:~$ gpg --full-gen-key 
 +gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. 
 +This is free software: you are free to change and redistribute it. 
 +There is NO WARRANTY, to the extent permitted by law. 
 + 
 +gpg: directory '/home/sguy/.gnupg' created 
 +gpg: keybox '/home/sguy/.gnupg/pubring.kbx' created 
 +Please select what kind of key you want: 
 +   (1) RSA and RSA (default) 
 +   (2) DSA and Elgamal 
 +   (3) DSA (sign only) 
 +   (4) RSA (sign only) 
 +Your selection? 1 
 +RSA keys may be between 1024 and 4096 bits long. 
 +What keysize do you want? (3072) 4096 
 +Requested keysize is 4096 bits 
 +Please specify how long the key should be valid. 
 +         0 = key does not expire 
 +      <n>  = key expires in n days 
 +      <n>w = key expires in n weeks 
 +      <n>m = key expires in n months 
 +      <n>y = key expires in n years 
 +Key is valid for? (0) 2y 
 +Key expires at Fri Dec 18 23:35:04 2020 EST 
 +Is this correct? (y/N) y 
 + 
 +GnuPG needs to construct a user ID to identify your key. 
 + 
 +Real name: Some Guy 
 +Email address: sguy@quay.net 
 +Comment:  
 +You selected this USER-ID: 
 +    "Some Guy <sguy@quay.net>" 
 + 
 +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
 +We need to generate a lot of random bytes. It is a good idea to perform 
 +some other action (type on the keyboard, move the mouse, utilize the 
 +disks) during the prime generation; this gives the random number 
 +generator a better chance to gain enough entropy. 
 +We need to generate a lot of random bytes. It is a good idea to perform 
 +some other action (type on the keyboard, move the mouse, utilize the 
 +disks) during the prime generation; this gives the random number 
 +generator a better chance to gain enough entropy. 
 +gpg: /home/sguy/.gnupg/trustdb.gpg: trustdb created 
 +gpg: key FEDCBA0987654321 marked as ultimately trusted 
 +gpg: directory '/home/sguy/.gnupg/openpgp-revocs.d' created 
 +gpg: revocation certificate stored as '/home/sguy/.gnupg/openpgp-revocs.d/1234567890ABCDEF111000FEDCBA0987654321.rev' 
 +public and secret key created and signed. 
 + 
 +pub   rsa4096 2018-12-20 [SC] [expires: 2020-12-19] 
 +      1234567890ABCDEF111000FEDCBA0987654321 
 +uid                      Some Guy <sguy@quay.net> 
 +sub   rsa4096 2018-12-20 [E] [expires: 2020-12-19] 
 + 
 + 
 +sguy@helium:~/.gnupg$ cat gpg.conf  
 +keyid-format 0xlong 
 +cert-digest-algo SHA512 
 +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed 
 + 
 + 
 +sguy@helium:~$ gpg --edit-key sguy@quay.net 
 +gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. 
 +This is free software: you are free to change and redistribute it. 
 +There is NO WARRANTY, to the extent permitted by law. 
 + 
 +Secret key is available. 
 + 
 +gpg: checking the trustdb 
 +gpg: marginals needed: 3  completes needed: 1  trust model: pgp 
 +gpg: depth: 0  valid:    signed:    trust: 0-, 0q, 0n, 0m, 0f, 1u 
 +gpg: next trustdb check due at 2020-12-19 
 +sec  rsa4096/0xFEDCBA0987654321 
 +     created: 2018-12-20  expires: 2020-12-19  usage: SC   
 +     trust: ultimate      validity: ultimate 
 +ssb  rsa4096/0xFEDCBA0987654322 
 +     created: 2018-12-20  expires: 2020-12-19  usage: E    
 +[ultimate] (1). Some Guy <sguy@quay.net> 
 + 
 +gpg> addkey 
 +Please select what kind of key you want: 
 +   (3) DSA (sign only) 
 +   (4) RSA (sign only) 
 +   (5) Elgamal (encrypt only) 
 +   (6) RSA (encrypt only) 
 +Your selection? 4 
 +RSA keys may be between 1024 and 4096 bits long. 
 +What keysize do you want? (3072) 4096 
 +Requested keysize is 4096 bits 
 +Please specify how long the key should be valid. 
 +         0 = key does not expire 
 +      <n>  = key expires in n days 
 +      <n>w = key expires in n weeks 
 +      <n>m = key expires in n months 
 +      <n>y = key expires in n years 
 +Key is valid for? (0) 23m 
 +Key expires at Sun Nov  8 23:50:18 2020 EST 
 +Is this correct? (y/N) y 
 +Really create? (y/N) y 
 +We need to generate a lot of random bytes. It is a good idea to perform 
 +some other action (type on the keyboard, move the mouse, utilize the 
 +disks) during the prime generation; this gives the random number 
 +generator a better chance to gain enough entropy. 
 + 
 +sec  rsa4096/0xFEDCBA0987654321 
 +     created: 2018-12-20  expires: 2020-12-19  usage: SC   
 +     trust: ultimate      validity: ultimate 
 +ssb  rsa4096/0xFEDCBA0987654322 
 +     created: 2018-12-20  expires: 2020-12-19  usage: E    
 +ssb  rsa4096/0xFEDCBA0987654323 
 +     created: 2018-12-20  expires: 2020-11-09  usage: S    
 +[ultimate] (1). Some Guy <sguy@quay.net> 
 + 
 +gpg> save 
 + 
 +</code> 
 + 
 +===== Reference ===== 
 + 
 +  * https://riseup.net/en/security/message-security/openpgp/best-practices 
 +  * http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ 
 +  * https://liquidat.wordpress.com/2013/05/07/howto-changing-the-expiry-date-of-gpg-keys/ 
 +  * https://alexcabal.com/creating-the-perfect-gpg-keypair 
 +  * http://www.connexer.com/articles/openpgp-subkeys 
crypto/gnupg.1544511658.txt.gz · Last modified: 2018-12-11 02:00 by gabriel