View source | Discuss this page | Page history | Printable version   
Toolbox
Main Page
Upload file
What links here
Recent changes
Help

PDF Books
Add page
Show collection (0 pages)
Collections help

Search

Release Management/Keys

Release Management/Internal

Index


Contents

Introduction

A Release Management Team member requires having SSH and GPG keys for their daily work. This is a short initiation guide.

GPG

Key generation

$ gpg --gen-key
gpg (GnuPG) 2.0.11; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John Doe
Email address: john.doe@openbravo.com
Comment: 
You selected this USER-ID:
    "John Doe <john.doe@openbravo.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
(enter a passphrase twice)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 260B15C0 marked as ultimately trusted
public and secret key created and signed. 

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   1024D/260B15C0 2009-07-07
      Key fingerprint = 301A 945D 654E BD5C A83E  E9B6 DE1E 5E4B 260B 15C0
uid                  John Doe <john.doe@openbravo.com>
sub   2048g/7F9F130D 2009-07-07

Key sharing

It is a common and useful practice to share the public part of the key. In the previous example:

gpg --send-keys --keyserver hkp://keys.gnupg.net 260B15C0

Moving keys among systems

To export the public and private parts of the GPG key:

gpg --output mygpgkey_pub.gpg --armor --export 260B15C0
gpg --output mygpgkey_sec.gpg --armor --export-secret-key 7F9F130D

Copy mygpgkey_pub.gpg and mygpgkey_sec.gpg to the target machine, and then import them:

gpg --import mygpgkey_pub.gpg
gpg --import mygpgkey_sec.gpg

Finally, set your level of trust to maximum:

$ gpg --edit-key 260B15C0
gpg (GnuPG) 2.0.11; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  1024D/260B15C0  created: 2009-07-07  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048g/7F9F130D  created: 2009-07-07  expires: never       usage: E   
[ultimate] (1). John Doe <john.doe@openbravo.com>

Command> trust
pub  1024D/260B15C0  created: 2009-07-07  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048g/7F9F130D  created: 2009-07-07  expires: never       usage: E   
[ultimate] (1). John Doe <john.doe@openbravo.com>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  1024D/260B15C0  created: 2009-07-07  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048g/7F9F130D  created: 2009-07-07  expires: never       usage: E   
[ultimate] (1). John Doe <john.doe@openbravo.com>

Command> quit

Retrieved from "http://wiki.openbravo.com/wiki/Release_Management/Keys"

This page has been accessed 2,422 times. This page was last modified on 2 February 2010, at 07:28. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.