Grant Ingersoll wrote: > I'm trying to follow the instructions at: > http://www.apache.org/dev/openpgp.html#generate-key > > And am getting [1] below. I think I have a public keyring (I've signed > releases in the past so I thought it should just work). I'm using GPG > 2.0.12 on OS X (10.6). I have a .gnupg directory and it contains a > bunch of stuff, but I admit I've always just followed the instructions > on this stuff and not understood the why behind it.
the home directory is used by GnuPG to store private keys and configuration information. it's .gnupg by default but a useful trick is setting this to some other location to get a clean configuration to practice on or generate keys into. http://www.apache.org/dev/openpgp.html#home should have some more details. > [1] >>gpg2 --gen-key > gpg (GnuPG/MacGPG2) 2.0.12; Copyright (C) 2009 Free Software Foundation, > Inc. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Please select what kind of key you want: > (1) RSA and RSA (default) > (2) DSA and Elgamal > (3) DSA (sign only) > (4) RSA (sign only) > Your selection? 1 > RSA keys may be between 1024 and 4096 bits long. > What keysize do you want? (2048) 4096 > Requested keysize is 4096 bits > Please specify how long the key should be valid. > 0 = key does not expire > <n> = key expires in n days > <n>w = key expires in n weeks > <n>m = key expires in n months > <n>y = key expires in n years > Key is valid for? (0) 0 > Key does not expire at all > Is this correct? (y/N) y > > GnuPG needs to construct a user ID to identify your key. > > ... > > gpg: no writable public keyring found: Unknown system error > Key generation failed: Unknown system error my best guess is either a permissions issue or a version conflict. either way, the best approach is just to use another home for generation. hopefully this should be covered in http://www.apache.org/dev/openpgp.html#home. i usually generate my keys in a new directory on an encrypted USB stick. that way, if anything goes wrong my active keyrings are not effected. maybe this should be added as a tip. - robert --------------------------------------------------------------------- To unsubscribe, e-mail: community-unsubscr...@apache.org For additional commands, e-mail: community-h...@apache.org