Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Starting Out:
- - Run the command `gpg --expert --full-generate-key`
- - Create a certified certificate
- ```bash
- $ gpg --expert --full-generate-key
- gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
- Please select what kind of key you want:
- (1) RSA and RSA (default)
- (2) DSA and Elgamal
- (3) DSA (sign only)
- (4) RSA (sign only)
- (7) DSA (set your own capabilities)
- (8) RSA (set your own capabilities)
- (9) ECC and ECC
- (10) ECC (sign only)
- (11) ECC (set your own capabilities)
- (13) Existing key
- Your selection? 8
- Possible actions for a RSA key: Sign Certify Encrypt Authenticate
- Current allowed actions: Sign Certify Encrypt
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? s
- Possible actions for a RSA key: Sign Certify Encrypt Authenticate
- Current allowed actions: Certify Encrypt
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? e
- Possible actions for a RSA key: Sign Certify Encrypt Authenticate
- Current allowed actions: Certify
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? Q
- RSA keys may be between 1024 and 4096 bits long.
- What keysize do you want? (3072) 2048
- Requested keysize is 2048 bits
- Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
- Key is valid for? (0)
- Key does not expire at all
- Is this correct? (y/N) y
- GnuPG needs to construct a user ID to identify your key.
- Real name: Matt Wright
- Email address: test@nowhere.com
- Comment:
- You selected this USER-ID:
- "Matt Wright <test@nowhere.com>"
- Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
- We need to generate a lot of random bytes. It is a good idea to perform
- some other action (type on the keyboard, move the mouse, utilize the
- disks) during the prime generation; this gives the random number
- generator a better chance to gain enough entropy.
- gpg: key AAAAAAAAAAAAAAAAAAA marked as ultimately trusted
- gpg: directory '/home/matt/.gnupg/openpgp-revocs.d' created
- gpg: revocation certificate stored as '/home/matt/.gnupg/openpgp-revocs.d/9B000EEXXXXXXXXXXXXXXXXXXXXXXXXXXXX.rev'
- public and secret key created and signed.
- pub rsa2048 2019-06-14 [C]
- 9B000EEXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- uid Matt Wright <test@nowhere.com>
- ```
- ## Add Authentication Subkey
- - Run the command `gpg --expert --edit-key KEYID`, where KEYID is given in the previous step (above, it's AAAAAAAAAAAAAAAAAAA)
- - Use the `addkey` function,
- - Add an Authorization Key
- - Save and exit
- ```bash
- $ gpg --expert --edit-key $KEYID
- gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
- Secret key is available.
- gpg: checking the trustdb
- gpg: marginals needed: 3 completes needed: 1 trust model: pgp
- gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
- sec rsa2048/XXXXXXXXXXXXXXXX
- created: 2019-06-14 expires: never usage: C
- trust: ultimate validity: ultimate
- [ultimate] (1). Matt Wright <test@nowhere.com>
- gpg> addkey
- Please select what kind of key you want:
- (3) DSA (sign only)
- (4) RSA (sign only)
- (5) Elgamal (encrypt only)
- (6) RSA (encrypt only)
- (7) DSA (set your own capabilities)
- (8) RSA (set your own capabilities)
- (10) ECC (sign only)
- (11) ECC (set your own capabilities)
- (12) ECC (encrypt only)
- (13) Existing key
- Your selection? 8
- Possible actions for a RSA key: Sign Encrypt Authenticate
- Current allowed actions: Sign Encrypt
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? s
- Possible actions for a RSA key: Sign Encrypt Authenticate
- Current allowed actions: Encrypt
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? e
- Possible actions for a RSA key: Sign Encrypt Authenticate
- Current allowed actions:
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? a
- Possible actions for a RSA key: Sign Encrypt Authenticate
- Current allowed actions: Authenticate
- (S) Toggle the sign capability
- (E) Toggle the encrypt capability
- (A) Toggle the authenticate capability
- (Q) Finished
- Your selection? q
- RSA keys may be between 1024 and 4096 bits long.
- What keysize do you want? (3072) 2048
- Requested keysize is 2048 bits
- Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
- Key is valid for? (0)
- Key does not expire at all
- Is this correct? (y/N) y
- Really create? (y/N) y
- We need to generate a lot of random bytes. It is a good idea to perform
- some other action (type on the keyboard, move the mouse, utilize the
- disks) during the prime generation; this gives the random number
- generator a better chance to gain enough entropy.
- sec rsa2048/XXXXXXXXXXXXXXXX
- created: 2019-06-14 expires: never usage: C
- trust: ultimate validity: ultimate
- ssb rsa2048/YYYYYYYYYYYYYYYY
- created: 2019-06-14 expires: never usage: A
- [ultimate] (1). Matt Wright <test@nowhere.com>
- gpg> quit
- Save changes? (y/N) y
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement