GPG Key Signing Update - What you NEED to do. (fwd)
der.hans
plug-discuss@lists.PLUG.phoenix.az.us
Wed, 17 Oct 2001 00:54:47 -0700 (MST)
moin, moin,
don't forget to send Austin your fingerprint as well as sending your public
key to a key server. Directions in the middle of the message below are
pretty easy.
He needs the info no later than 15:00 tomorrow. If you miss that we can do
it by hand, but it requires people know how to scrawl :).
Also, don't forget to bring a copy of your fingerprint that you can read.
ciao,
der.hans
--
# http://home.pages.de/~lufthans/ http://www.DevelopOnline.com/
# It's up to the reader to make the book interesting.
# An author has only the opportunity to make it uninteresting. - der.hans
---------- Forwarded message ----------
Date: Tue, 16 Oct 2001 00:36:08 -0700
From: Austin Godber <godber@asu.edu>
Reply-To: Arizona State University Linux Users Group <ASULUG@asu.edu>
To: ASULUG@asu.edu
Subject: GPG Key Signing Update - What you NEED to do.
Hello,
I sent an email earlier, I don't hink it made it yet, but here is an
even BETTER one. You MUST read if you want you key signed on Wednesday.
=============================================================================
Here is what you need to do prior to showing up at the Key Signing Party:
1.Generate A Key Pair
2.Send Public Key To Designated Keyserver (or Coordinator)
Use this one -> http://wwwkeys.eu.pgp.net
3.Send Public Key Info To Coordinator
Here is precisely what you need to do:
NOTE: I will assume you either have access to gpg on a trusted machine (i.e.
you have console access, your mom is the sys admin, and she hasn't trojaned
the executable or installed a keyboard logger) or you will follow the
installation instructions given in the HOWTO on your local machine.
I could install the GPG binary on general but here are the problems with
that:
o I am evil and have done nasty things to the binary
o The risk of Keylogging is higher and can happen here:
- On your local machine
- Between your local machine and general (sniffers if you're
logged in cleartext - bad you)
- on general
o Memory won't be secure from dump on general.
So here are the detailed steps:
1. Generate A Key Pair (Step 5 of GPG Party HOWTO)
[joe@ag joe]$ gpg --gen-key
* see the end for actual output
I chose the default key type (1), asked for a 2048 bit key (confirming with
a yes that I want it that big), made the key lifetime 5y (5 years), and
gave it my name, email address and a comment then accepted what I had given
it using "o" for OK.
Now, you should type this to look at your key info, you're gonna need it:
[joe@ag joe]$ gpg --list-keys --fingerprint
/home/joe/.gnupg/pubring.gpg
----------------------------
pub 1024D/60258008 2001-10-16 Joe GPG User (test key) <gpg@uberhip.com>
Key fingerprint = AAEF DFFB A8FC F00E 151B 46EC 011D 70EA 6025 8008
sub 2048g/98318C4A 2001-10-16 [expires: 2006-10-15]
2. Send Public Key To Designated Keyserver (or Coordinator)
Use this one -> http://wwwkeys.eu.pgp.net
[joe@ag joe]$ gpg --keyserver wwwkeys.eu.pgp.net --send-key 60258008
NOTE: The number at the end is the key ID, you can find it in the output
of gpg --list-keys --fingerprint (see step 1 above)
3. Send Public Key Info To Coordinator
The output from gpg --list-keys --fingerprint is all I need.
Thats all you need to do. If you have problems send email to me or to the
list perhaps.
-Austin
### Long output ###
[joe@ag joe]$ gpg --gen-key
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) ElGamal (sign and encrypt)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 2048
Do you really need such a large keysize? yes
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Sat 14 Oct 2006 07:51:36 PM MST
Is this correct (y/n)? y
You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Joe GPG User
Email address: gpg@uberhip.com
Comment: test key
You selected this USER-ID:
"Joe GPG User (test key) <gpg@uberhip.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..++++++++++..++++++++++++++++++++++++++++++.+++++.+++++.+++++.+++++..++++++++++.+++++++++++++++.++++++++++.+++++..++++++++++.+++++..+++++++++++++++>++++++++++>+++++.....<.+++++..........+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++..++++++++++......++++++++++...++++++++++.++++++++++.+++++.+++++...++++++++++++++++++++++++++++++++++++++++.++++++++++..+++++.+++++..+++++.++++++++++.++++++++++.+++++>...++++++++++...>.+++++.<..+++++...........>.+++++..........................>.+++++
<+++++..<+++++>.....+++++........<+++++>.+++++......................................<+++++.........................>..+++++...^[[A^[[A.....................................................................+++++^^^
public and secret key created and signed.