Go to TogaWare.com Home Page.
GNU/Linux Desktop Survival Guide
by Graham Williams
Google

OpenPGP and Keys


Install the GNU Privacy Guard package in Debian as gnupg. This is the GNU implementation of the OpenPGP.

To automatically check signatures from a keyserver add the name of a keyserver to /home/kayon/.gnupg/gpg.conf file. For example you may like to add the following, although it might be best to stick with the Debian defaults:

  keyserver wwwkeys.au.pgp.net

This replaces the command line option --keyserver wwwkeys.au.pgp.net.

To create a gpg key:

  $ gpg --gen-key
  gpg (GnuPG) 1.2.3; Copyright (C) 2003 Free Software Foundation, Inc. 
  This program comes with ABSOLUTELY NO WARRANTY. 
  This is free software, and you are welcome to redistribute it
  under certain conditions. See the file COPYING for details. 

  Please select what kind of key you want:
     (1) DSA and ElGamal (default)
     (2) DSA (sign only)
     (5) RSA (sign only)
  Your selection? 1

  DSA keypair will have 1024 bits. 

  About to generate a new ELG-E keypair. 
                minimum keysize is  768 bits
                default keysize is 1024 bits
      highest suggested keysize is 2048 bits
  What keysize do you want? (1024) 

  Requested keysize is 1024 bits

  Please specify how long the key should be valid. 
           0 = key does not expire
        <n>  = key expires in n days
        <n>w = key expires in n weeks
        <n>m = key expires in n months
        <n>y = key expires in n years
  Key is valid for? (0) 

  Key does not expire at all

  Is this correct (y/n)? y

  You need a User-ID to identify your key; the software constructs the user id
  from Real Name, Comment and Email Address in this form:
      "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

  Real name: Kayon Toga

  Email address: Kayon.Toga@togaware.com

  Comment: 

  You selected this USER-ID:
      "Kayon Toga <Kayon.Toga@togaware.com>"

  Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

  You need a Passphrase to protect your secret key. 

  Enter passphrase: ***********
  Repeat passphrase: **********
  We need to generate a lot of random bytes. It is a good idea to perform
  some other action (type on the keyboard, move the mouse, utilize the
  disks) during the prime generation; this gives the random number
  generator a better chance to gain enough entropy. 
  ....++++++++++.+++++++++++++++++++++++++++++++++++.+++++.++++++++++
  ..+++++++++++++++++++++++++.+++++++++++++++++++++++++. 
  ++++++++++++++++++++>+++++.+++++..>+++++.....+++++
  We need to generate a lot of random bytes. It is a good idea to perform
  some other action (type on the keyboard, move the mouse, utilize the
  disks) during the prime generation; this gives the random number
  generator a better chance to gain enough entropy. 
  ..++++++++++++++++++++++++++++++.+++++++++++++++++++++++++.+++++
  .++++++++++..+++++++++++++++++++++++++++++++++++++++++++++
  public and secret key created and signed. 
  key marked as ultimately trusted. 
  
  pub  1024D/5A829E4A 2003-04-03 Kayon Toga <Kayon.Toga@togaware.com>
       Key fingerprint = B0C5 F86D 98A4 40A4 B900  B1FA D0C6 2DA0 34F4 9ADB
  sub  1024g/D7DE757D 2003-04-03

To get the hex ID of your public key:



  $ gpg --list-keys Kayon.Toga@togaware.com
  pub  1024D/5A829E4A 2003-04-03 Kayon Toga <Kayon.Toga@togaware.com>
  sub  1024g/D7DE757D 2003-04-03

The hex ID here is 5A829E4A. This is required to create key-cert objects.

To extract your public key block in ascii format to a file key.asc



  $ gpg --export -a -o key.asc Kayon.Toga@togaware.com

This generates:



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3 (GNU/Linux)

mQGiBD6Le6QRBACa0Di6Gcx4Q3Tpghl+hu/geCBRaZUZlMxbx0yxxOgsoOb/SMzP
NNNG5IdMVKrV60X8jwzCi/tx3QdKps9hE+kNESW472LDEUdbDLjxDMajyfW16k2r
sxkvW3iiyQeO8catYdUm4Qt5SoU/X1/U1PGurSzC9jeMcnB5UThQ6tGs+wCg6Qgq
X5NCHtzpKPWU06I7trfSEpsD/1+w3g5+qjy+s3jj+gUf3kELY1NMyrvGnsb5D8ns
y9mXA35QnRGh+66gGYS5JSPB4eZLz/p6E4cum8M8UiFFIYuzdN8mec4hoT8MD1Eg
+WT1S3L6337k0S+p0ePaTVFQuZw7p0O9UX1xlqCsvFXqlsQSy9ZG+2AB4wg5zR25
vnEvBACBB+js3IbvXyWsDRcEsgYHm0whA+rB0cOgYW0VxdpdgLOwhm71TAbR8KDS
icbM8raWwFlA/8m5z/0CMo6izm7pI3lDUmXsrE8qsJvHawMd+Vvt5XAwEB3yonWU
o6lHvZKROZuyNM5I2pT2i331Ukwbg42cRG75HD2LZnrV6CuitLQuR3JhaGFtIFdp
bGxpYW1zIDxHcmFoYW0uV2lsbGlhbXNAdG9nYXdhcmUuY29tPohZBBMRAgAZBQI+
i3ukBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCeP1CyW4KdSwVEAJ9XbkhnzcYojuII
vsX3JkCK8De3qQCgqY8bbuCJyW5Ky1bPfd3mpEliObS5AQ0EPot7pRAEAIXoJqCf
mWpUasWeeNICVVwM30urggwXHnOjAcKkBN8uJGK6WeHlFNJmFfd4D5bHny6sJw7X
QiYZKlAwFULct55DwS/GUuko1wtPOXS1jmC3XbkzBXpWE05PgP+7BOXkZdimPm+g
xZdeG/GjGGg3HVMHY13xCe0C73Ou0gKSfidrAAMFA/9VrkDyPgYNgWEKfpgqkJHD
TX5cmy5Q1gKFEEKRnJGMhm8UauHIBX3SzlYylguHNFEfITPqOxNbYeMgaDwL6/7h
HVegv5o93bUkqE88J3q5t0EZDRlE2yoL6vcaqyDdwhAGmwGoT2lUk9DrbIwJGmZD
a6BPHIQ23Q2Av/+zl0qLI4hGBBgRAgAGBQI+i3ulAAoJEJ4/ULJbgp1LjhUAniKX
qE3SGxCAVFUeIrKHk/pYqyTVAJ9WkJ31FxQWBmmw81dxsdAslDFxkg==
=nrTb
-----END PGP PUBLIC KEY BLOCK-----

To put your public key on to one of the public key servers (so others can access it) you can do:

$ gpg --send-key --keyserver pgp.earth.li 5A829E4A
gpg: success sending to `pgp.earth.li' (status=200)

You can check the key was received with:

$ gpg --recv-key --keyserver pgp.earth.li 5A829E4A
gpg: key 5A829E4A: "Kayon Toga <Kayon.Toga@togaware.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

The key is also now at other servers without any extra effort:

$ gpg --recv-key --keyserver wwwkeys.pgp.net 5A829E4A
gpg: key 5A829E4A: "Kayon Toga <Kayon.Toga@togaware.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Copyright © 1995-2006 Graham.Williams@togaware.com
Contribue and access the PDF Version