![]() You should also protect your revocation certificate. And you must remember your passphrase, otherwise you can’t unlock your private key. Your private key should be kept in a safe place, like an encrypted flash drive. Protect Your Private Key and Revocation Certificate The exported key is written to privkey.asc file. Issue the following command to export your private key. The exported public key is written to pubkey.asc file. The default is to create the binary OpenPGP format. armor option means that the output is ASCII armored. Use the following command to export your public key. Others need your public key to send encrypted message to you and only your private key can decrypt it. 1 demo demo 412 Feb 18 08:53.ssh/authorizedkeys./ssh – the authorizedkeys file lives in a hidden directory in your home directory. Now you can find that there are two files created under ~/.gnupg/private-keys-v1.d/ directory. And it also indicates the subkey which is 2048 bits using RSA algorithm and the unique identifier of the subkey. It also lists our user ID information: your name and your email address. The key fingerprint is a hash of your public key. The public key ID 4F0BDACC matchs the last 8 bits of key fingerprint. They tell us the public key is 2048 bits using RSA algorithm. That means you tell the rest of the world that the old public key shall not be used any more.I suggest that you open this revocation certificate with your text editor to see what’s inside there. The third line tells us that GPG created a revocation certificate and its directory.Your should never share you private key with anyone.If you private key is compromised, you can use revocateion certificate to revoke your key. When someone wants to download you public key, they can refer to you public key via your email address or this hex value. This first line tells us that GPG created a unique identifier for public key. It took about 4 minutes on my system to generate my key pair. It will take a while for GPG to generate your keys. Once you enter and confirm your passphrase. Because if you forget this passphrase, you won’t be able to unlock you private key. Enter a good and long passphrase and remember it. Now it asks you to enter a passphrase to protect your private key. The email address is a unique identifier for a person. It’s one way of indicating who is owner of this key. This is important because this information will be included in our key. So press y then Enter to confirm it’s correct.Īnd now we need to provide some user identification information for the key. You can always update the expiration time later on. So hit Enter to select the default.Īfter that it asks you how long the key should be valid, 2 years is fine. The longer 4096 RSA key will not provide more security than 2048 RSA key. The default is to create a RSA public/private key pair and also a RSA signing key. Use gpg -full-gen-key command to generate your key pair. Create Your Public/Private Key Pair and Revocation Certificate If you look closely, you can see that the insecure hash algorithm SHA1 is still supported in version 2.2.8 SHA1 is obsolete and you don’t want to use it to generate signature. It also tells us what algorithms are supported. The default option file is ~/.gnupg/gpg.conf and ~/.gnupg/nf. We also know that the configuration directory is ~/.gnupg, which will hold our public/private key files. Run the following command.Īs you can see, I’m using GPG 2.2.8, which is the latest version. Check Your GPG Versionįirst Let’s check out the version of GPG on your system and some interesting tidbits. I’m using the modern version GPG 2.2 on Arch Linux. This software is pre-installed on most Linux distributions. GPG can be used for encryption and for signing. ![]() This certificate is used to revoke your public/private keypair when your private key is compromised or you forget the passphrase for your private key. At the end of this post, you should be able to generate your own public/private keypair and a revocation certificate. Instead, I show you quick and dirty examples to get you started, and explain the basic theory along the way. I will not tell you a bunch of theory to overwhelm you. This tutorial series will teach you how to use GPG in Linux terminal. ![]() Enter your full name and your email address, the comment is optional. Either go to File → New in the global menu or hit Ctrl + N. Open the Passwords and Keys (Seahorse) application. Here is a GUI way to generate a new PGP key. How to Generate a New PGP/GPG Key from Scratch Anthony Papillion. This video walks you through creating a new PGP key using the open source GnuPG software.
0 Comments
Leave a Reply. |