Home sign Generate a new key pair - GnuPG

November 4, 2013

Generate a new key pair - GnuPG

Generate a new key pair - GnuPG



The option of the command line - gen -key is used to generate a new primary key pair .


gpg - gen-key


gpg (GnuPG ) 0.9.8 , Copyright ( C ) 1999 Free Software Foundation, Inc.

This program Comes With ABSOLUTELY NO WARRANTY .

This is free software , and you are welcome to redistribute it
under Un certain conditions. See the file COPYING for details .

Please select what kind of key you want :
   ( 1) DSA and ElGamal (default )
   (2) DSA ( sign only)
   (4 ) ElGamal ( sign and encrypt )
Your selection ?

GnuPG is able to create several different types of key pairs , but there must be a primary key can generate signatures. Therefore, there are only three options. Option 1 generates two key pairs . A DSA key pair that is the primary key pair to be used only for signing.

Option 2 generates a DSA key pair . Option 4 [2 ] creates a single ElGamal keypair that will be used for both signing and encryption. In all cases it is possible to add additional subkeys for encryption and signing .

The DSA key size must be between 512 and 1024 bits, and an ElGamal key may be any size . GnuPG requires that keys be no smaller than 768 bits. Therefore, if you chose option 1 and also a larger key size of 1024 bits, the ElGamal key will have the desired size but the DSA is limited to 1024 bits.

DSA keypair will have 1024 bits.
About to generate a new ELG -E keypair .
              keysize minimum is 768 bits
default keysize is 1024 bits
    Suggested highest keysize is 2048 bits
What keysize do you want ? (1024)

The longer the key , the more secure against attacks by "brute force" , but otherwise the key size given by definition is appropriate, as it would be cheaper to circumvent the encryption try to break in strength. Also, encryption and decryption will be slower as you increase the size of the key, and a key size larger could affect the length of the digital signature. Once selected, the key size can not be changed ever.

Finally , we must choose a date. If you chose option 1 above , the expiration date will be used for two separate key pairs , ElGamal and DSA .

Requested keysize is 1024 bits
Please specify how long the key Should be valid .
         0 = key does not expire
      <n> = key expires in n days
      <n> w = key expires in n weeks
      <n> m = key expires in n months
      <n> y = key expires in n years
Key is valid for ? (0)

Key does not expire at all
Is this correct (y / n ) ?

For most users , a key without expiration date is appropriate. However, if you choose with an expiration date , the time for it must be chosen carefully, because although you can change the expiration date subsequent to the generation of the key , it can be difficult to communicate a change to those users who possess this public key .

You need a User -ID to identify identity your key , the software constructs the user id
from Real Name , Comment and Email Address In this form:
    " Heinrich Heine ( Der Dichter ) <heinrichh@duesseldorf.de> "

Real name:
Email Address:
comment:

Only create a user ID to generate a key , but you can create additional identifiers if you want to use the key in two or more settings , eg, if used by a party in the office as an employee and partly at home and political activist . Be careful when creating a user ID , because after this can not be edited to make changes.

Although special characters in iso -8859 -1 are accepted , GnuPG us know if we use them to fill in fields [3 ] . For example, if rellenáramos fields with the following data ,

Real name: Angelo

Email address : angelo@systemdeveloper.info

Comment: Testing key pair

We would see the following: " Angelo ( test key pair ) <angelo@systemdeveloper.info> " . Therefore it is best to avoid these characters.
You are using the ` iso -8859-1 'character set.
You selected this User -ID:
    " Angelo ( test key pair ) <angelo@systemdeveloper.info> "

Change ( N ) ame , ( C ) omment , (E ) mail or ( O) kay / ( Q ) uit ?

Still, depending on the version you are using, to list the key you will see a series of strange characters instead of accented vowels , ñ, ç , etc ...
GnuPG needs a password to protect the private keys , primary and secondary , having the user[4].

You need a Passphrase to protect your private key .

Enter passphrase :

There is no limit to the length of a password, and it must be chosen with care. From a security standpoint , the password to unlock the private key is one of the weakest points in GnuPG ( and other systems of public-key encryption ) , as it is the only protection for the user if someone from taking your private key. For an ideally password unused words in a dictionary , and to mix uppercase and lowercase letters, digits, and other characters. A good password is crucial to the safe use of GnuPG .

Repeat passphrase:

As before with the fields of user identification, passwords accept special characters iso -8859 -1. However, keep in mind that if we ever had to use our password from a machine with a keyboard different from ours, we would be unable to unless we change the system configuration .

Generate a revocation certificate

After you have generated a key pair , you must, immediately generate a revocation certificate for the primary public key using the - gen -revoke . If you forget your password or if your private key is compromised or lost , this revocation certificate may be published to notify others that the public key should not be used anymore. A revoked public key can be used to verify signatures made by the user in the past but can not be used to encrypt data. This does not affect the ability to decrypt messages that have been encrypted with the key before its revocation , provided that the user still has access to the private key .

gpg - output D58711B7.asc - gen -revoke 0xD58711B7

1999-09-24 Angelo 1024D/D58711B7 sec ( test key pair ) <angelo@systemdeveloper.info>

The argument mykey must be a key specifier , be it the key identifier ("key ID" ) of the user's primary pair , or whether any other part of a user ID ( "User ID" ) that identifies the pair the said user key . The generated certificate will be in the file revoke.asc . If you omit the - output, the result will be placed on standard output . Since the certificate is short , you may wish to print a paper copy of the certificate to store somewhere safe, such as a safety deposit box . The certificate should not be stored in places where others can access , since anyone can publish the revocation certificate and disable the corresponding public key .
See also

Decrypt Files Encrypted With GnuPG FROM C#

Signing Soap Message With X509 Certificate

GnuPG

www.systemdeveloper.info

Ditulis Oleh : Angelo Hari: 9:05 PM Kategori:

Publicado por en 9:05 PM

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)