[Linux-SIG-Planning] Need Feb. Linux SIG meeting info
P.E.Ahlquist J
[Address Concealed]
Fri Feb 11 14:34:00 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 11 February 2005 12:23, Grant G. Root wrote:
> On 10 Feb 2005 at 15:57, Dave Lundy wrote:
> > Dave Lundy wrote:
> > > Has there been a topic set for the February 17th Linux SIG meeting?
> > > All I remember is that Paul Visscher volunteered to organize a key
> > > signing party. The automated meeting reminder will be sent Sunday
> > > morning, so if you have anything to include, I need it soon. Thanks.
>
> It would really help if Paul would send out a description of what we
> need to do before the key signing and what we need to bring.
>
> I've been playing with GPG a bit and have a key pair, but I still don't
> have a handle on the whole signing thing.
Attached is a short bit that i've been mailing out for at least
a year (when this Q comes up)
I do need to add a part on KeyParty/building web of trust.
- --
Paul Ahlquist
319E 1969 C476 E38D 6133 D3B4 6314 A6A9 67B6 ABB9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQFCDQioYxSmqWe2q7kRAm4+AKC2DgXf4qFChqZzpAbNWiOY9Y+lxACfeRKR
VPKugomB2Ilw4V4itVwG3/I=
=po51
-----END PGP SIGNATURE-----
-------------- next part --------------
Fast gpg key setup
A good write up can be found at:
http://linuxgazette.net/issue60/sharma.html
Here's the steps (gpg already installed on system):
==============
GENERATE A KEY
==============
$ gpg --gen-key # this run sets up the config files
$ gpg --gen-key # now you will make your keys
# the defaults are sufficent for starters
==================
Please select what kind of key you want:
Your selection? 1 DSA and ElGamal (default)
What keysize do you want? (1024)
Key is valid for? (0) 0
Is this correct (y/n)? y
Real name: Your Real Full Name
Email address: email_this_key_is_associated_with_ at example.com
Comment: (optional) Perhaps_the_association_for_this_identity
You selected this USER-ID:
"Kapil Sharma (Unix/Linux consultant) <kapil at linux4biz.net> "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Enter passphrase: [enter a passphrase]
-----------------
Passphrase comments.
"There is no limit on the length of a passphrase, and it
should be carefully chosen. ...the passphrase should not
use words from a dictionary and should mix the case of
alphabetic characters as well as use non-alphabetic characters. "
An example passphrases:
some like passwords like apple*eater, i prefer things like
5L1d45!&stf
sgdoKr5bx9r(dGvlhvkd
...or pr'haps a long miskwote or joke with mizzpellins.
===================
$ gpg --output revoke.asc --gen-revoke [key-id]
-----------
mykey must be a key specifier, either the key ID of your primary
keypair or any part of a user ID that identifies your keypair.
$ man gpg # search on "How to specify a user ID"
------------
"The certificate should not be stored where others can access it
since anybody can publish the revocation certificate and render
the corresponding public key useless. "
===============================
================
PUBLISH YOUR KEY
================
Now you will want to publish your keys on a public keyserver. First
add the line:
keyserver search.keyserver.net
to your ~/.gnupg/options file then issue command:
$ gpg --send-key [your-key-ID]
gpg: Warning: using insecure memory!
gpg: success sending to `search.keyserver.net' (status=200)
Remember: $ man gpg # search on "How to specify a user ID"
You can send you key to specific keyservers like in this example:
$ gpg --keyserver seattle.keyserver.net --send-key [Key_ID]
...but this isn't really necessary. The kyservers exchange key
databases.
===============
EXPORT YOUR KEY
===============
You may want to put your public key on your homepage in addition
to publishing your key on the public keyserver system.
$ gpg --export -armor pea at ahlquist.org
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.0 (GNU/Linux)
mQGiBDplCnERBACFyejBBYKow922Q/+86U+ZPv3mmMmWXbBpTRip3FCo5peWdomt
es2w+E3bQcLOLpWuDktWLbJzKeBfEOVLJUQ1fapEjug2dnYKDde3BRKh2JuL/jKG
B0H/HWdoqfodj0hC4TtyyekkSCXobNsFs7587RzG1OfoClHaLDmWnf8/owCgv+R1
iO8s6hwlDRr9urB+ygwcc/UD/jC78rVljY0o+sejJ2oJCgYl0JOlKxmdAsY85Kch
q8NuMuWPvIRKRBaLjIJnA6d/ar3sWWjtAMjokj8eEM8mJFlLDTNv6qSlo7QGl7lV
5t/WbAVbIl8YxIq4DUEMbjoxwXIvkVGhCgV+RuMxIOeNcB+/FdDjSU+OUChpfpxn
2kooA/9oaOLYJI+om2r0UWHtS22CTsx8cwMcR4cKcVWd5H+RxgVCrpXenWz5ErGQ
3t5Wr3xNJzIjIVf0IOm0gMezqDH+ZjyMBzMibXc37qsOY30IEyRyZuiaHjx2v041
FK0Fv8hN0mLrUS6DamAMgTrlZZNsLg8ywEeDqzET3M74Jp7ibLQ4UGF1bCBFcm5z
dCBBaGxxdWlzdCwgSnIgKG9jdGFsIHBoYXNlKSA8cGVhQGFobHF1aXN0Lm9yZz6I
VwQTEQIAFwUCOmUKcQULBwoDBAMVAwIDFgIBAheAAAoJEGMUpqlntqu5CuUAoKIq
2KtVDapEq6+d125Gwp7ruYOCAJwNM6Kkbncls0CaI2lZgcrlCJSMwIhGBBARAgAG
BQI6oAwkAAoJEP0DJi5RIL7dXuwAn2k+zoXWSTUTOk7mSNOn0jeYSUB+AJ0fKVFT
I2Sn1255JTf2Cn3OOQapGLkBDQQ6ZQp5EAQAmPFv+neAIOuR2IFOOvPSD/oqKY7i
BuKol0OmAH9Vz1NuEwYVSWh9nhsTl6+J0L6LnEWlwCW2JnFhND/3N4czHM+E4aJy
gG1CesbQNnCwAjMhd8ShwIE66B20Er9m61hIi6unDnUgbbNzNwiMq3aFc+lt+fPN
s/xw+EIQjdMJ288ABAsD/jWT9C89asJEj9sTNOdZAEP3S+oNaGMc/aLAUTXdbZ1E
UAw3aPX9ZKhspz7EGhNsFzE3SqzSFe5EdvCeJ0Rd4IuqTG2v6X2D2itXLFoWyVJZ
Psi9cbYHLfE5dDuSDJlZQzv9GF7kzPqzsWI+WL5BT/fgjzpRpoGotIYTkBUP8NG4
iEYEGBECAAYFAjplCnkACgkQYxSmqWe2q7mO+gCgnoEgDQtZTPQ7vOdJSpE1Y+nk
CSIAnidYAcADkSHlft2CbVR1SQOapuuV
=Ib7m
-----END PGP PUBLIC KEY BLOCK-----
The output can, of course, be redirected to a file.
see: http://www.ahlquist.org/gpg/pea-pubkey.asc
===============
IMPORTING A KEY
===============
This adds others keys to your local keyring. These are used when
verifying
a signature or encrypting/decrypting files. The keys can be obtained
from the individual or off a key server.
$ gpg --import <filename>
$ gpg --import mandrake.asc
===========
FINGERPRINT
===========
That long hex string in my sig is my key fingerprint. The key
fingerprint can be used a quisk way to verify a key. The last
eight digits are commonly used as a key identifier.
$ gpg --fingerprint pea at ahlq
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
pub 1024D/67B6ABB9 2001-01-17 Paul Ernst Ahlquist, Jr (octal
phase) <pea at ahlquist.org>
Key fingerprint = 319E 1969 C476 E38D 6133 D3B4 6314 A6A9 67B6
ABB9
sub 1024g/39062DBB 2001-01-17
====================
ENCRYPT/DECRYPT/SIGN
====================
Start with some text file; we'll use 'SumTxtFl' for these examples.
$ ls > SumTxtFl # make a text file to tinker with
#
$ gpg -sea SumTxtFl # sign and encrypt the file SumTxtFl
You will be prompted for various bits of information:
-Passphrase
-KeyID to encrypt to
-KeyID to encrypt to
-end with empty line
The signed, encrypted, ascii-aromored file will be in SumTxtFl.asc.
Now to decrypt that file:
$ gpg -d SumTxtFl.asc # redirect or pipe output as desired
# you will be prmpted for PassPhrase
=========
SUMMARY
=========
These are the steps to do:
1: Generate key pair (public/private)
2: Publish key
3: Use key
-if possible, configure in your mail client
-use from CLI
====================================================================
That should be enough to enable cmdln use of gpg encryption. The
encrypt/sign/decrypt/signature_verify functions may be integrated
into your MUA. See the documentation for your mail client.
KMail is one MUA that nearly seamlessly uses gpg. The plugin for
Mozilla, I believe, is called 'enigmail'.
The nice part of using gpg in the CLI is that large files can be
parked on the web. No worries about prying eyes. Handy stuff.
More information about the Linux-SIG-Planning
mailing list