crypto:gnupg
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
crypto:gnupg [2018-12-11 02:01] – moar spaces! gabriel | crypto:gnupg [2018-12-20 00:48] (current) – a good article on managing subkeys gabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== GnuPG Notes and Best Practices ====== | ====== GnuPG Notes and Best Practices ====== | ||
+ | |||
+ | Create a strong 4096-bit RSA key. In the future when a more modern elliptic curve key is standard for OpenPGP. | ||
+ | |||
+ | <code sh> | ||
+ | sguy@helium: | ||
+ | gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. | ||
+ | This is free software: you are free to change and redistribute it. | ||
+ | There is NO WARRANTY, to the extent permitted by law. | ||
+ | |||
+ | gpg: directory '/ | ||
+ | gpg: keybox '/ | ||
+ | Please select what kind of key you want: | ||
+ | (1) RSA and RSA (default) | ||
+ | (2) DSA and Elgamal | ||
+ | (3) DSA (sign only) | ||
+ | (4) RSA (sign only) | ||
+ | Your selection? 1 | ||
+ | RSA keys may be between 1024 and 4096 bits long. | ||
+ | What keysize do you want? (3072) 4096 | ||
+ | Requested keysize is 4096 bits | ||
+ | Please specify how long the key should be valid. | ||
+ | 0 = key does not expire | ||
+ | < | ||
+ | <n>w = key expires in n weeks | ||
+ | <n>m = key expires in n months | ||
+ | <n>y = key expires in n years | ||
+ | Key is valid for? (0) 2y | ||
+ | Key expires at Fri Dec 18 23:35:04 2020 EST | ||
+ | Is this correct? (y/N) y | ||
+ | |||
+ | GnuPG needs to construct a user ID to identify your key. | ||
+ | |||
+ | Real name: Some Guy | ||
+ | Email address: sguy@quay.net | ||
+ | Comment: | ||
+ | You selected this USER-ID: | ||
+ | "Some Guy < | ||
+ | |||
+ | Change (N)ame, (C)omment, (E)mail or (O)kay/ | ||
+ | We need to generate a lot of random bytes. It is a good idea to perform | ||
+ | some other action (type on the keyboard, move the mouse, utilize the | ||
+ | disks) during the prime generation; this gives the random number | ||
+ | generator a better chance to gain enough entropy. | ||
+ | We need to generate a lot of random bytes. It is a good idea to perform | ||
+ | some other action (type on the keyboard, move the mouse, utilize the | ||
+ | disks) during the prime generation; this gives the random number | ||
+ | generator a better chance to gain enough entropy. | ||
+ | gpg: / | ||
+ | gpg: key FEDCBA0987654321 marked as ultimately trusted | ||
+ | gpg: directory '/ | ||
+ | gpg: revocation certificate stored as '/ | ||
+ | public and secret key created and signed. | ||
+ | |||
+ | pub | ||
+ | 1234567890ABCDEF111000FEDCBA0987654321 | ||
+ | uid Some Guy < | ||
+ | sub | ||
+ | |||
+ | |||
+ | sguy@helium: | ||
+ | keyid-format 0xlong | ||
+ | cert-digest-algo SHA512 | ||
+ | default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed | ||
+ | |||
+ | |||
+ | sguy@helium: | ||
+ | gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. | ||
+ | This is free software: you are free to change and redistribute it. | ||
+ | There is NO WARRANTY, to the extent permitted by law. | ||
+ | |||
+ | Secret key is available. | ||
+ | |||
+ | gpg: checking the trustdb | ||
+ | gpg: marginals needed: 3 completes needed: 1 trust model: pgp | ||
+ | gpg: depth: 0 valid: | ||
+ | gpg: next trustdb check due at 2020-12-19 | ||
+ | sec rsa4096/ | ||
+ | | ||
+ | | ||
+ | ssb rsa4096/ | ||
+ | | ||
+ | [ultimate] (1). Some Guy < | ||
+ | |||
+ | gpg> addkey | ||
+ | Please select what kind of key you want: | ||
+ | (3) DSA (sign only) | ||
+ | (4) RSA (sign only) | ||
+ | (5) Elgamal (encrypt only) | ||
+ | (6) RSA (encrypt only) | ||
+ | Your selection? 4 | ||
+ | RSA keys may be between 1024 and 4096 bits long. | ||
+ | What keysize do you want? (3072) 4096 | ||
+ | Requested keysize is 4096 bits | ||
+ | Please specify how long the key should be valid. | ||
+ | 0 = key does not expire | ||
+ | < | ||
+ | <n>w = key expires in n weeks | ||
+ | <n>m = key expires in n months | ||
+ | <n>y = key expires in n years | ||
+ | Key is valid for? (0) 23m | ||
+ | Key expires at Sun Nov 8 23:50:18 2020 EST | ||
+ | Is this correct? (y/N) y | ||
+ | Really create? (y/N) y | ||
+ | We need to generate a lot of random bytes. It is a good idea to perform | ||
+ | some other action (type on the keyboard, move the mouse, utilize the | ||
+ | disks) during the prime generation; this gives the random number | ||
+ | generator a better chance to gain enough entropy. | ||
+ | |||
+ | sec rsa4096/ | ||
+ | | ||
+ | | ||
+ | ssb rsa4096/ | ||
+ | | ||
+ | ssb rsa4096/ | ||
+ | | ||
+ | [ultimate] (1). Some Guy < | ||
+ | |||
+ | gpg> save | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== Reference ===== | ||
* https:// | * https:// | ||
Line 5: | Line 127: | ||
* https:// | * https:// | ||
* https:// | * https:// | ||
+ | * http:// | ||
crypto/gnupg.1544511714.txt.gz · Last modified: 2018-12-11 02:01 by gabriel