We need to generate a lot of random bytes. Key expires at Thu Jun 17 09:46:10 2021 CEST Afterwards key length is 4096, expiration time is 1y and confirm twice with y and passphrase on end This step is identical as previous (STEP 2) in every part besides selecting 6 (RSA - encrypt only) on first prompt. Passphrase window will pop out requiring you to insert the passphrase which you have set up in 1st step. On the next two prompts confirm creation with inputting y and pressing enter. This time you input 1y meaning the key will expire in 1 year. It will again prompt you for keysize 4096 and for an expiration time. Key expires at Thu Jun 17 09:44:10 2021 CEST This step is similar to one from the creation of the first key, just on this step you choose 4 ( RSA - sign only ) and press enterĪdd key - RSA sign only - length RSA keys may be between 10 bits long. Insert addkey command to start the procedure for adding the second key Gpg: marginals needed: 3 completes needed: 1 trust model: pgp (the address you provided in the previous step)Įdit key gpg -edit-key -expert You have now generated your certification key.Īfter we have created the key for the certificate we need to add the rest of them. Public and secret key created and signed. Gpg: revocation certificate stored as '/home/realname/.gnupg/openpgp-revocs.d/DAF272D92DAE18C1790A1E8A7C258D4980E4DCB5.rev' Gpg: directory '/home/realname/.gnupg/openpgp-revocs.d' created ![]() Gpg: key 9CD3AF89EB04F8FF marked as ultimately trusted It is a good idea to perform some other action (type on the keyboard, move the mouse, utilise the disks) during the prime generation this gives the random number generator a better chance to gain enough entropy. Key generation - random bytes We need to generate a lot of random bytes. (it is recommended to save passphrase in LastPass or another secure password manager)Īfter you have set the passphrase your key has been created and you will get a message similar to one in the snipper below. ![]() Important: Popup window requesting to set passphrase will show. Key identification You need a user ID to identify your key the software constructs the user ID from the Real Name, Comment and Email Address in this form:Ĭhange (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? o ![]() When satisfied enter O (Okay) and press enter. Please specify how long the key should be valid.Īfterward, it will request your name and email address to construct a user ID to identify the key. For this step only set it as 0 (key does not expire), press enter, and then insert y to confirm and press enter again. In the following step when prompted for key size put 4096 and press enter, after that it will prompt you to input key expiration time. Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Certify Possible actions for a RSA key: Sign Certify Encrypt Authenticate ![]() When "Current allowed actions" has only "Certify", insert Q (finished) and press enter.Ĭertify key generation - step 2 Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt On this prompt, it is necessary to toggle off sign capability ( S) and encrypt capability ( E) by entering capital letter associated with it and pressing enter. Select 8 ( RSA - set your own capabilities) and press enter. There is NO WARRANTY, to the extent permitted by law. This is free software: you are free to change and redistribute it. Gpg (GnuPG) 2.2.19 Copyright (C) 2019 Free Software Foundation, Inc. Start key generation by running the following command: gpg -full-generate-key -expertĬertify key generation - step 1 -> gpg -full-generate-key -expert
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |