Powered By

Powered by Blogger

Jumat, 08 Januari 2010

How To Create Your Own GPG Key [Linux]

The GPG key (which means Gnu Privacy Guard, aka GnuPG) can be used for many things like signing your packages, sign the Ubuntu Code of Conduct, etc. I am writing this how-to because I plan to write an article on creating .deb packages the right way, and for that you will need to sign them using your GPG key.

Let's get started!

Generate the GPG key:
gpg --gen-key

The above command will display this:

gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)


Enter: "1" which is the default encryption.

Then, you will see something like this:
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)


Enter: 2048

Then you will be asked to enter the key expiration period. It is wise to set an expiration date on your keys! Choose the option you want here:

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)


After selecting "y" when asked if the info is correct, you will have to input your Real Name and Email address (one at a time):

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name:
Email address:


Your must remember exactly how you typed your real name and email address, so be careful what you type and write it down if you think you're going to forget!

Next step:

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?


Here, enter: "O"

Now you must enter your passphrase:

You need a Passphrase to protect your secret key.

gpg: gpg-agent is not available in this session
Enter passphrase:


Enter a complicated pass phrase so nobody can break it and sign packages with your key. After entering the passphrase, do some random actions on your computer so that it can generate enough random bytes:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.


Once your done, you can see your GPG key in ~/.gnugp/. You can also view your keys by typing:
gpg --list-keys


Since our initial goal was to be able to sign .deb packages and sign the Ubuntu Code of Conduct, you need to created a public key:
gpg -a --output ~/.gnupg/YOUR_NAME.gpg --export 'YOUR NAME'

Replace YOUR_NAME and YOUR NAME with... your name (or any other name if you want).

Now import the key:
gpg --import ~/.gnupg/YOUR_NAME.gpg


Make sure YOUR_NAME is the same in the last two commands!

Tidak ada komentar:

Posting Komentar