Monday, September 22, 2003

GPG A-Z

(a.k.a. the quick guide to setting up a new key pair, an update to my previous blog entry.)

My first assumption is that you've gotten GPG up and running. So we'll skip past all of those steps.

1. Go to the GPG folder, run "gpg --gen-key" and follow the prompts. The FAQ is useful, but recommended settings are "DSA and ElGamal", 1024 or 2048 bits, and 1 year expiration.

2. Use the command "gpg --export -a emailaddress@yourdomain.net" to spit your public key (never publish your private key!) out to the screen (or you may want to pipe it into a text file using the command "gpg --export -a emailaddress@yourdomain.net > mykeys.txt").

3. Use the MIT key server to publish your public key (using the text file that you generated in the previous step). Or use the following command to publish all of your public keys to the key server: "gpg --send-keys --keyserver wwwkeys.pgp.net". You should also send copies of your public key to anyone else that you know who uses PGP/GPG (they can then import your public key block). The commerical version of PGP uses a different set of key servers, but anyone who uses the commercial product can submit public keys that you give them.

4. Make a secure backup copy of your key-ring files (secring.gpg and pubring.gpg).

posted by Wuphon's at 2:01 PM