= Using the gpg command line tool = == Generating a key == {{{ 0 guest@animal:~$ gpg --gen-key gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory `/home/guest/.gnupg' created gpg: new configuration file `/home/guest/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/guest/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/guest/.gnupg/secring.gpg' created gpg: keyring `/home/guest/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 1y Key expires at Tue 25 Jun 2013 04:15:11 PM EDT Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Test User Email address: test@example.org Comment: You selected this USER-ID: "Test User " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..+++++ +++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+++++ ....+++++ gpg: /home/guest/.gnupg/trustdb.gpg: trustdb created gpg: key CCFAE189 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2013-06-25 pub 2048R/CCFAE189 2012-06-25 [expires: 2013-06-25] Key fingerprint = 7C3C D023 3427 8195 4CD6 F59E 8ADA A534 CCFA E189 uid Test User sub 2048R/E37D6467 2012-06-25 [expires: 2013-06-25] 0 guest@animal:~$ }}} == Publish the key == gpg --send-key CCFAE189 == Find a public key == {{{ 0 guest@animal:~$ gpg --search jamie@mayfirst.org gpg: searching for "jamie@mayfirst.org" from hkp server keys.gnupg.net (1) Jamie McClelland Jamie McClelland Jamie McClelland 4096 bit RSA key 5F2E4935, created: 2009-05-10 (2) Jamie McClelland Jamie McClelland Jamie McClelland 1024 bit DSA key 76CC057D, created: 2004-01-23 Keys 1-2 of 2 for "jamie@mayfirst.org". Enter number(s), N)ext, or Q)uit > 1 gpg: requesting key 5F2E4935 from hkp server keys.gnupg.net gpg: key 5F2E4935: public key "Jamie McClelland " imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2013-06-25 gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) 0 guest@animal:~$ }}} == Signing a key == caff is a command line tool to help verify and sign keys. You can access it by installing the `signing-party` debian package: {{{ apt-get install signing-party }}} caff depends on a working mail transport agent, which you can setup by following our [wiki:email_setup_postfix_debian postfix faq]. Then, lookup the keyid of the person whose key you would like to send, and type: {{{ caff }}}