On Wed, Mar 19, 2003 at 05:06:28PM -0700, Hans Fugal said: > Tomorrow's meeting is on GnuPG (aka gpg) - a tool for secure > communication. We will cover the basics of gpg, have a signing party. > > I believe the best way to learn gpg is to be introduced to the concepts > and then shown where the manuals are, so that you can learn by doing. > So, I will start with the theory and then we'll run through a quick > HOWTO/demo. > > I will show you how I use gpg in mutt. I don't use other MUAs so if you > are coming and you use a different MUA with gpg it would be wonderful if > you could take a moment to explain to the rest how you do it. > > To facilitate your learning, and to make the keysigning party a success, > you need to generate a private/public key pair before coming. Follow along with > this transcript to do so: (substitute your own name and email of course) > > [EMAIL PROTECTED]:~$ gpg --gen-key > gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it > under certain conditions. See the file COPYING for details. > > Please select what kind of key you want: > (1) DSA and ElGamal (default) > (2) DSA (sign only) > (5) RSA (sign only) > Your selection? > DSA keypair will have 1024 bits. > About to generate a new ELG-E keypair. > minimum keysize is 768 bits > default keysize is 1024 bits > highest suggested keysize is 2048 bits > What keysize do you want? (1024) > Requested keysize is 1024 bits > Please specify how long the key should be valid. > 0 = key does not expire > <n> = key expires in n days > <n>w = key expires in n weeks > <n>m = key expires in n months > <n>y = key expires in n years > Key is valid for? (0) > Key does not expire at all > Is this correct (y/n)? y > > You need a User-ID to identify your key; the software constructs the user id > from Real Name, Comment and Email Address in this form: > "Heinrich Heine (Der Dichter) <[EMAIL PROTECTED]>" > > Real name: Foo Bar > Email address: [EMAIL PROTECTED] > Comment: > You selected this USER-ID: > "Foo Bar <[EMAIL PROTECTED]>" > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o > You need a Passphrase to protect your secret key. > > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > ++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++>.++++++++++...........................................................................................................................+++++ > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > ++++++++++.+++++.+++++++++++++++...+++++++++++++++++++++++++.++++++++++++++++++++.+++++++++++++++++++++++++++++++++++.++++++++++.++++++++++>+++++.....>+++++...<+++++..........................................+++++^^^^ > public and secret key created and signed. > key marked as ultimately trusted. > > pub 1024D/04BA40E4 2003-03-19 Foo Bar <[EMAIL PROTECTED]> > Key fingerprint = 4D27 E130 B2FB BB7D 5F65 98A7 2FA9 3E26 04BA 40E4 > sub 1024g/A983F074 2003-03-19 > > > Now, write down these last three lines and grab some form of picture ID (so we > know you are who you say you are) and show up tomorrow night. > > If you already have a key, then be sure to bring the fingerprint. You > can get it like so: > > [EMAIL PROTECTED]:~$ gpg --fingerprint [EMAIL PROTECTED] > pub 1024D/E0AAD460 2002-03-05 Hans Fugal <[EMAIL PROTECTED]> > Key fingerprint = 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460 > sub 1024g/50169E79 2002-03-05 > > -- > Hans Fugal | De gustibus non disputandum est. > http://hans.fugal.net/ | Debian, vim, mutt, ruby, text, gpg > http://gdmxml.fugal.net/ | WindowMaker, gaim, UTF-8, RISC, JS Bach > --------------------------------------------------------------------- > GnuPG Fingerprint: 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460
When viewing a file from Jayce^, I got the following gpg output:
gpg: Signature made Fri Mar 21 11:34:59 2003 MST using DSA key ID
EF1C0078 gpg: key EF1C0078: public key "Jason Hall (Jayce^)
<[EMAIL PROTECTED]>" +imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: Good signature from "Jason Hall (Jayce^) <[EMAIL PROTECTED]>"
gpg: checking the trustdb
gpg: checking at depth 0 signed=10 ot(-/q/n/m/f/u)=0/0/0/0/0/1
gpg: checking at depth 1 signed=2 ot(-/q/n/m/f/u)=2/2/0/0/6/0
gpg: checking at depth 2 signed=0 ot(-/q/n/m/f/u)=2/0/0/0/0/0
Now, when "checking the trustdb", I gather that it's checking whether a)
I've signed Jason's key, and b) if someone who's key I've signed signed
his key. But, I don't fully understand the output. What do those
numbers mean? It looks to me like someone with ultimate trust (me)
signed his key, but I have not, and my sig is not on there.
--
Derek M Davis Research Assistant
[EMAIL PROTECTED] Formal Verification Lab - PSI
==================================================================
"If things seem really under control, you're not going fast enough.
-Mario Andretti
pgp00000.pgp
Description: PGP signature
