When I'm sure they match, I can move on to signing the key. Primary key fingerprint: 1B41 8F2C 23DE DD9C 807E A74F 841B 3DAE 25AE 721B gpg>Īt this point I should stop and check that the fingerprint I have in front of me matches the one that Harry gave me when he told me which key is his. The first thing I want to do is verify that I have the right key: $ gpg2 -ask-cert-level -edit-key gpg> fpr pub 4096R/25AE721B Harry R. Using the -ask-cert-level flag lets me specify the level of certainty I have in signing this key. Keys 1-1 of 1 for Enter number(s), N)ext, or Q)uit > 1 gpg: requesting key 25AE721B from hkp server In this case, I want to sign Harry's key: $ gpg2 -search gpg: searching for from hkp server Once you're confident you know who you're talking to, you can download their public key. Finding and signing a keyīefore you sign someone's key, you should verify their identity as best you can. Since this is just a demonstration, I won't really be publishing this key. We can use that key ID to publish the newly generated public key to a public key server: $ gpg2 -send-key 12C595E9 The final output you will see contains your key ID: pub 2048R/12C595E9 Just move your mouse a lot it will finish eventually.
You should pick something longer than a password.Īfter that, you may need to use your computer for a while for GPG to collect enough random data to generate they key. Real name: Testy McTest Email address: Comment: You selected this USER-ID:Ĭhange (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? oĪfter entering your identifiable information, you will be prompted for a passphrase. GnuPG needs to construct a user ID to identify your key. If the key expires, this problem will go away on its own in time, and you can always extend the expiry date if you still have the private key. If you lose your private key for any reason, the the public key could live forever, inviting people to send you encrypted messages you can never decrypt. In this case, it's useful not to follow the default. Key is valid for? (0) 2y Key expires at Wed Dec 7 23:38:11 2016 EST Please specify how long the key should be valid. Again, if you don't have a strong preference the default is probably fine. The key size is a balance between a large, secure key, and small, easily transmitted signatures and encrypted documents.
You probably want to stick with the default here: just hit return RSA keys may be between 10 bits long. There is NO WARRANTY, to the extent permitted by law. This is free software: you are free to change and redistribute it. Generating a key $ gpg2 -gen-key gpg (GnuPG) 2.0.26 Copyright (C) 2013 Free Software Foundation, Inc. To follow these examples, you will need to have gpg2 installed.
0 kommentar(er)
