Check the GnuPG web page for documentation on the GnuPG package:
http://www.gnupg.org/In particular, look at the documentation, and the "Mini HOWTO" for lots of good information:
We'll use pkg_add to install GNUPG. A local copy is on our noc box:
# pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/8.0-RELEASE/packages/All/gnupg-1.4.10.tbz
CREATING A PUBLIC/PRIVATE KEY PAIR
Now that GnuPG is installed you can use the gpg
command
to use the Gnu version of PGP. In these steps you should do this as your user on your system (i.e. afnog), not as the root user!:
$ gpg --gen-key
Here is what the key generation session looks like. We have indicated in bold and red reasonable responses to the questions you will be asked:
-------------------------------------------------------------------- gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: keyring `/home/afnog/.gnupg/secring.gpg' created gpg: keyring `/home/afnog/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire= key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 4y Key expires at Sun May 25 22:40:46 2014 CAT Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: AfNOG User Email address: afnog@pcX.sae.ws.afnog.org Comment: You selected this USER-ID: "AfNOG User " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. Enter your afnog user password here We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ...+++++ +++++ gpg: /home/afnog/.gnupg/trustdb.gpg: trustdb created gpg: key FD738CC0 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2014-05-25 pub 2048R/FD738CC0 2010-05-26 [expires: 2014-05-25] Key fingerprint = 9F27 8A7D 17B2 559E E525 1DF1 2D3D 8A4A FD73 8CC0 uid AfNOG User sub 2048R/8AF8279C 2010-05-26 [expires: 2014-05-25] --------------------------------------------------------------------
At this point your PGP public and private keys have been created. Your PGP information will be stored in your user's account home directory under the ".gnupg" directory.
To extract your public key as text do:
$ gpg -a --export <your key id>
Note: "your key id" is probably your email address in this case.
To see what public keys you have installed, you can always type
$ gpg --list-keys
To place your newly generated public key on the MIT
(Massachussetts Institute of Technology in Boston, Massachussetts,
United States) PGP server do the following:
$ gpg --list-keys yourUserid
Look for the line that says "pub" - the second set of numbers after the "/" is your key-id. A sample such line is:
pub 1024D/E947C3B4 2012-11-28 [expires: 2012-11-28]
The string "E947C3B4" is the key-id in this case.
$ gpg --keyserver pgp.mit.edu --send-keys key-id
That's it! Your public key is now available to anyone who goes to the MIT PGP server and searches on your name, email address, etc. Your key information will propagate to all the pgp key-servers worldwide within a few hours.
GENERATING YOUR PUBLIC KEY'S FINGERPRINT
You calculate the fingerprint for a local copy of a public key like this:
$ gpg --fingerprint <key id>
IMPORTING SOMEONE ELSE'S PUBLIC KEY
Once you have obtained a public key, you can import it to your local keyring so that you can use it like this:
$ gpg --import <filename>
SIGNING A PUBLIC KEY
If you have a copy of someone else's public key on your keyring and you have decided that you trust it (e.g. by verifying the fingerprint with the key's owner) and you have also decided that you trust the identity of the key's owner (e.g. by checking a passport) you can sign it.
To sign a key:
$ gpg --sign-key <key id>
This does several things:
There are many more things you can do with GnuPG than those described in these notes. For more information, see:
http://www.gnupg.org/