Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

GPG setup

From Livedoc - The Documentation Repository
Jump to: navigation, search

Setting up a GPG key

You need one of these if you would like access to passcard. Here are steps to create one and get it signed:

$ gpg --full-gen-key
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096  # 2048 is fine but 4096 is more secure and future-proof
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y  # feel free to choose a different time -- you can always extend the expiration later
Key expires at Wed 12 Dec 2018 09:38:44 AM EST
Is this correct? (y/N) '''y'''

GnuPG needs to construct a user ID to identify your key.

Real name: '''Your actual name'''
Email address: '''some@email.com'''
Comment: '''(make sure to leave this blank)'''
You selected this USER-ID:
    "Your actual name <some@email.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? '''O'''

You'll now be prompted for a passphrase. Make sure it's strong -- this is what protects your key if your computer's disks are compromised.

Generating the key will take some time. After it's done, you'll need to get the key's fingerprint and push it to a keyserver

$ gpg --list-keys --with-fingerprint
pub   rsa4096 2016-12-12 [SC] [expires: 2018-12-12]
      12BD 07BA 7567 AE4F 324A  3BEA 373C 9ADB 3B38 F07D
uid           [ultimate] Your actual name <some@email.com>
sub   rsa4096 2016-12-12 [E] [expires: 2018-12-12]
$ gpg --keyserver pgp.mit.edu --send-keys 12BD07BA7567AE4F324A3BEA373C9ADB3B38F07D

Now, give your signer your key fingerprint and have them download your key and verify your identity. Once your key is verified, sysadmins can add you to passcard entries.