Difference between revisions of "GPG setup"
(Created page with "== Setting up a GPG key == You need one of these if you would like access to passcard. Here are steps to create one and get it signed: <pre> $ gpg --full-gen-key Please selec...")
Revision as of 09:44, 12 December 2016
Setting up a GPG key
You need one of these if you would like access to passcard. Here are steps to create one and get it signed:
$ gpg --full-gen-key Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? '''1''' RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) '''4096''' # 2048 is fine but 4096 is more secure and future-proof Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) '''2y''' # feel free to choose a different time -- you can always extend the expiration later Key expires at Wed 12 Dec 2018 09:38:44 AM EST Is this correct? (y/N) '''y''' GnuPG needs to construct a user ID to identify your key. Real name: '''Your actual name''' Email address: '''email@example.com''' Comment: '''(make sure to leave this blank)''' You selected this USER-ID: "Your actual name <firstname.lastname@example.org>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? '''O'''
You'll now be prompted for a passphrase. Make sure it's strong -- this is what protects your key if your computer's disks are compromised.
Generating the key will take some time. After it's done, you'll need to get the key's fingerprint and push it to a keyserver
$ gpg --list-keys --with-fingerprint pub rsa4096 2016-12-12 [SC] [expires: 2018-12-12] '''12BD 07BA 7567 AE4F 324A 3BEA 373C 9ADB 3B38 F07D''' uid [ultimate] Your actual name <email@example.com> sub rsa4096 2016-12-12 [E] [expires: 2018-12-12] $ gpg --keyserver pgp.mit.edu --send-keys '''12BD07BA7567AE4F324A3BEA373C9ADB3B38F07D'''
Now, give your signer your key fingerprint and have them download your key and verify your identity. Once your key is verified, sysadmins can add you to passcard entries.