wiki:openpgp/software/gpg

Version 2 (modified by Jamie McClelland, 7 years ago) (diff)

--

Using the gpg command line tool

Generating a key

0 guest@animal:~$ gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/guest/.gnupg' created
gpg: new configuration file `/home/guest/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/guest/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/guest/.gnupg/secring.gpg' created
gpg: keyring `/home/guest/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Tue 25 Jun 2013 04:15:11 PM EDT
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Test User
Email address: test@example.org
Comment:
You selected this USER-ID:
    "Test User <test@example.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++
+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
....+++++
gpg: /home/guest/.gnupg/trustdb.gpg: trustdb created
gpg: key CCFAE189 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2013-06-25
pub   2048R/CCFAE189 2012-06-25 [expires: 2013-06-25]
      Key fingerprint = 7C3C D023 3427 8195 4CD6  F59E 8ADA A534 CCFA E189
uid                  Test User <test@example.org>
sub   2048R/E37D6467 2012-06-25 [expires: 2013-06-25]

0 guest@animal:~$

Publish the key

gpg --send-key CCFAE189

Find a public key

0 guest@animal:~$ gpg --search jamie@mayfirst.org
gpg: searching for "jamie@mayfirst.org" from hkp server keys.gnupg.net
(1) Jamie McClelland <jm@mayfirst.org>
  Jamie McClelland <jamie@mayfirst.org>
  Jamie McClelland <jamie@progressivetech.org>
    4096 bit RSA key 5F2E4935, created: 2009-05-10
(2) Jamie McClelland <jm@mayfirst.org>
  Jamie McClelland <jamie@mayfirst.org>
  Jamie McClelland <jamie@mediajumpstart.org>
    1024 bit DSA key 76CC057D, created: 2004-01-23
Keys 1-2 of 2 for "jamie@mayfirst.org".  Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key 5F2E4935 from hkp server keys.gnupg.net
gpg: key 5F2E4935: public key "Jamie McClelland <jamie@mayfirst.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2013-06-25
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
0 guest@animal:~$

Signing a key

caff is a command line tool to help verify and sign keys.

You can access it by installing the signing-party debian package:

apt-get install signing-party

caff depends on a working mail transport agent, which you can setup by following our postfix faq.

Then, lookup the keyid of the person whose key you would like to send, and type:

caff <KEYID>
}}]