Home About Meetings Directions Mailing Lists Jobs

Tom Rothamel GPG Instructions Handout

From LILUG

Downloading Installing GnuPG

GnuPG can be downloaded from http://www.gnupg.org/download.html. It's distributed from there as source, which must be compiled and installed in the standard way: 

$ tar xvzf gnupg-1.0.1.tar.gz
$ cd gnupg-1.0.1
$ ./configure
$ make
$ su
# make install
# exit

Symmetric Encryption

To encrypt the file secrets.txt, run the command: 

$ gpg -c secrets.txt

Gnupg will prompt you to enter the passphrase twice, then it will write an encrypted version as secrets.txt.gpg. The secrets.txt can then be deleted. To then decrypt the file, run: 

$ gpg secrets.txt.gpg

Gnupg will then decrypt the file.

Generating a Keypair

Before you can perform asymmetric encryption or participate in a keysigning, you must generate a keypair. Along with your keypair, you should also generate a revocation certificate.

The first command you should run is: 

$ gpg --gen-key

This will begin the process of generating a public-private key pair. The first major prompt you will get asks what kind of key you want. The default, "DSA and Elgamal" is the most compatible choice, and is the one we want.

GnuPG will then prompt for the keysize. 1024 bits, the default, is also a safe choice.

The next prompt asks about expiration. Usually, a key that does not expire is the right choice here.

The final bit of information that will go into the key is the userid. GnuPG will prompt in turn for a real name, email address, and comment. It will then ask you to confirm the user-id it created.

Once the information necessary to generate the key has been entered, you will be prompted for a passphrase. This is used to protect your secret key, and should be several words long, the longer the better. Be sure to remember your passphrase, as if it's lost your keypair will be useless.

Once gpg is done generating the keys, you should immediately generate a key revocation certificate. This is done by running the following command, where <userid> is your email address. 

$ gpg --gen-revoke <userid> > ~/.gnupg/revoke.gpg

You'll be prompted for your passphrase. Enter it, and the revocation certificate will be generated. This certficate can be used to confirm that you lost your key.

Once this is done, you should make a backup copy of the ~/.gnupg directory, and place that backup in a secure place. (Simply copy the files in that directory to removable media.)

Getting Ready for the Keysigning

To get ready for the keysigning, you should export a copy of your public key using the following commands: 

$ gpg --fingerprint <userid> > key.asc
$ gpg --export <userid> >> key.asc

And email that file to tom-keysigning@onegeek.org. This should be done as soon as possible.

You should bring to the keysigning:

  • Your key's fingerprint. (The output of 'gpg --fingerprint <userid>'.)
  • Enough ID to prove that you are who you claim to be. A driver's license or birth certificate + photo id should be enough.

Be sure to follow the lilug mailing list for late-breaking developments, and email me at tom-keysigning@onegeek.org if you have any questions.

Retrieved from "http://www.lilug.org/wiki/Tom_Rothamel_GPG_Instructions_Handout"
Page
Discussion
View source
History
38.107.179.207
Talk for this IP address
Log in / create account
What links here
Related changes
Special pages
Printable version