Andreas Barth schrieb am Donnerstag, dem 22. Dezember 2005: > Hi Peter, > > can you please write me some stanca for the developers reference (or hint > me to the right section on nm.d.o).
Not tested if it compiles etc. --- developers-reference.sgml.orig 2005-12-22 13:11:32.548733352 +0100 +++ developers-reference.sgml 2005-12-22 13:26:15.884445912 +0100 @@ -232,12 +232,39 @@ OpenPGP is an open standard based on <url id="&url-rfc2440;" name="RFC 2440">. <p> -You need a type 4 key for use in Debian Development. +You need a version 4 key for use in Debian Development. Your key length must be at least 1024 bits; there is no reason to use a smaller key, and doing so would be -much less secure. Your key must be signed with your own user -ID; this prevents user ID tampering. <prgn>gpg</prgn> does this -automatically. +much less secure. +<footnote>Version 4 keys are keys conforming to +the OpenPGP standard as defined in RFC 2440. Version 4 is the key +type that has always been created when using GnuPG. PGP versions +since 5.x also could create v4 keys, the other choice having beein +pgp 2.6.x compatible v3 keys (also called "legacy RSA" by PGP). +<p> +Version 4 (primary) keys can either use the RSA or the DSA algorithms, +so this has nothing to do with GnuPG's question about "which kind +of key do you want: (1) DSA and Elgamal, (2) DSA (sign only), (5) +RSA (sign only). If you don't have any special requirements just pick +the defailt. +<p> +The easiest way to tell whether an existing key is a v4 key or a v3 +(or v2) key is to look at the fingerprint: +Fingerprints of version 4 keys are the SHA-1 hash of some key matieral, +so they are 40 hex digits, usually grouped in blocks of 4. Fingerprints +of older key format versions used MD5 and are generally shown in blocks +of 2 hex digits. For example if your fingerprint looks like +<tt>5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F</tt> +then it's a v4 key. +<p> +Another possibility is to pipe the key into <prgn>pgpdump</prgn>, +which will say something like "Public Key Packet - Ver 4". +<p> +Also note that your key must be self-signed (i.e. it has to sign +all its own user IDs; this prevents user ID tampering). All +modern OpenPGP software does that automatically, but if you +have an older key you may have to manually add those signatures. +</footnode> <p> If your public key isn't on public key servers such as &pgp-keyserv;, please read the documentation available locally in &file-keyservs;. Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]