[SGVLUG] Keysigning party buzz I -- pgp (gpg)
Johannes Graumann
graumann at caltech.edu
Mon Apr 3 19:52:08 PDT 2006
Hand goes up ...
Joh
On Monday 03 April 2006 18:17, Emerson, Tom wrote:
> [Note: I'll be posting this to the website as well]
> Well, our next general meeting is a couple of weeks
> away, and as promised I'm generating some "buzz"
> about what to do to participate. This message covers
> creating a PGP key using gpg. Part II will cover
> creating a "Ca-Cert" certificate
>
> ==================================================
> = Before I jump into this -- I'd like a "show of
> = hands" if you think you will particpate -- if
> = enough people respond, I'll be asking you to send
> = your "fingerprint" (either to me or to the list) in
> = advance and I'll print a "master list" of finger-
> = prints to make things easier for everyone (in either
> = case, however, you should bring a copy of the finger-
> = print printed on the machine containing your private
> = key)
> ==================================================
>
> I don't want to steal too much of Phil's fire for his presentation, so I
> won't go into too many details, but if you want to participate in the
> "key signing" party at this month's SGVLUG presentation, you will need
> to create a key before you arrive (well, I suppose you could create one
> during the meeting, but passing around the "fingerprint" might be a bit
> cumbersome -- we don't have any printers...)
>
> That said, the first thing to do is to make sure gpg is installed --
> most likely it already is installed as "it's a good thing" and many
> distro's include it by default. (some in fact might require it for
> their patch management system...) If not, it should be on your
> installation media and should be relatively simple to install. For
> those that don't trust the distro maintainer (or your distro doesn't
> include it), you can download either a pre-compiled version (recommended
> for the novice) or the source files and compile it yourself -- not too
> many dependancies, but enough that I would only recommend this as a last
> resort for the first-timer...
>
> Then, you need to generate a key. This is an interactive process, so
> perhaps the best way to describe it is by an example:
>
> tom at osnut:~> gpg --gen-key
> gpg (GnuPG) 1.2.2; Copyright (C) 2003 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
>
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> Please select what kind of key you want:
> (1) DSA and ElGamal (default)
> (2) DSA (sign only)
> (5) RSA (sign only)
> Your selection?
> DSA keypair will have 1024 bits.
> About to generate a new ELG-E keypair.
> minimum keysize is 768 bits
> default keysize is 1024 bits
> highest suggested keysize is 2048 bits
> What keysize do you want? (1024) 2048
> Requested keysize is 2048 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0) 30
> Key expires at Wed 03 May 2006 02:26:38 PM PDT
> Is this correct (y/n)? y
>
> You need a User-ID to identify your key; the software constructs the
> user id
> from Real Name, Comment and Email Address in this form:
> "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"
>
> Real name: Fred Flintstone
> Email address: fred at bedrockslate.com
> Comment: yabba-dabba
> You selected this USER-ID:
> "Fred Flintstone (yabba-dabba) <fred at bedrockslate.com>"
>
> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
> You need a Passphrase to protect your secret key.
>
> gpg: gpg-agent is not available in this session
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ..+++++.++++++++++.+++++.+++++++++++++++++++++++++++++++++++.++++++++++.
> +++++++++++++++.++++++++++++++++++++.+++++.+++++.++++++++++++++++++++>++
> +++..+++++..>+++++...+++++
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> +++++++++++++++....++++++++++.++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++.....+++++++++++++++.+++++++++++++++++++++++++.++++++++++++
> +++.++++++++++>++++++++++...>+++++........>.+++++.......................
> .............+++++^^^^^
> public and secret key created and signed.
> key marked as ultimately trusted.
>
> pub 1024D/AEB9CD5C 2006-04-03 Fred Flintstone (yabba-dabba)
> <fred at bedrockslate.com>
> Key fingerprint = CAE2 BDC9 4226 46A8 7FC0 E6A4 DB9D BD85 AEB9
> CD5C
> sub 2048g/8884BE1B 2006-04-03 [expires: 2006-05-03]
>
> tom at osnut:~>
>
> OK, you're done -- you should now have a directory called $HOME/.gnupg
> with a few files, most notably "pubring.gpg" and "secring.gpg". pubring
> contains your public key, secring is, of course, your secret key. I
> suspect Phil will go over the details of posting your public key to a
> server (and other ways of disseminating the information contained
> within), so I won't talk about it now (it isn't strictly neccessary to
> post it right away anyway)
>
> What you DO need to do, however, is generate and print your
> "fingerprint" -- this is displayed as the last few lines of the
> "--gen-key" output, but can easily be re-created by this command:
>
> tom at osnut:~> gpg --fingerprint fred
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> pub 1024D/AEB9CD5C 2006-04-03 Fred Flintstone (yabba-dabba)
> <fred at bedrockslate.com>
> Key fingerprint = CAE2 BDC9 4226 46A8 7FC0 E6A4 DB9D BD85 AEB9
> CD5C
> sub 2048g/8884BE1B 2006-04-03 [expires: 2006-05-03]
>
> Drop the last three lines into your favorite editor and print a few
> copies to hand out to others -- this is the ONLY thing you need to bring
> to the party as far as your "key" is concerned (you do, however, need to
> bring something that supports the claim that you are who you claim to be
> and that others will "trust", but that's another thread... )
>
> At the meeting, Phil will talk about the next few steps you need to take
> to post your public key and to sign the keys of the others you validated
> at the meeting.
--
+----------------------------------------------------------------------+
| Johannes Graumann, Dipl. Biol. |
| |
| Graduate Student Tel.: ++1 (626) 395 6602 |
| Deshaies Lab Fax.: ++1 (626) 395 5739 |
| Department of Biology |
| CALTECH, M/C 156-29 |
| 1200 E. California Blvd. |
| Pasadena, CA 91125 |
| USA |
+----------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 829 bytes
Desc: not available
Url : http://www.sgvlug.net/pipermail/sgvlug/attachments/20060403/5d1fd4ed/attachment.bin
More information about the SGVLUG
mailing list