[clo-devel] Re: Please upload your public GPG key to common-lisp.net
mb at bese.it
Tue Nov 11 19:02:44 UTC 2003
Mario Mommer <mommer at igpm.rwth-aachen.de> writes:
> I think we should point people to a place where they get information
> on exactly what they should do. As an example of someone quite
> ignorant of this, I propose myself :) I don't even know what I could
> ask google. What kind of keys are these, how do I get them, etc?
grab Gnu Privacy Guard from www.gnupg.org, download and build it.
Then you need to create a key. Since this isn't an intro to gpg i'll
just tell you what to do and not what you could do or what all the
$ gpg --gen-key
will create a public/private key pair and add it to your
1) You'll want to create a DSA/Elgamal key which pair can be used for both
signing and encrypting.
2) The key size should be at least 1024, I tend to use 2048 but that's
just because I have an inferiority complex :).
3) Then you'll need to say when the key expires. I'd suggest to have
it expire in the not too distant future, a year or two. Expired
keys are still good for verifying signatures, and you'll use an
expired key to sign your new key so changing keys isn't a big deal.
4) You'll need to specify the user id. The user id can not change (it
is infact encoded in the key) and should represent who (and in what
role) uses this key. As an example I have two keys, one is for me
personally and has my name and my regular email address, another
was created for the purpose of being a common-lisp.net developer,
and has my name but uses the mbaringer at common-lisp.net email
5) now pick a pass phrase. This is the only real protection saving
your private key once someone gets their hands on it. If someone
gets your secret key and knows your pass phrase they can sign and
encrypt as if they were you. chose something long (hard to brute
force) with lower case letters, upper case letters, some numbers
and punctuation chars.
6) now gpg will go around and collect entropy, when it's done you'll
have in your key ring (located in ~/.gnupg) a freshly created,
completly trusted, key.
7) export an ascii-armored copy of your public key with the command
"gpg --armor --export <KEYID>" (you can get the KEYID from the
listing of the keys in your key ring (either use the hexadecimal id
or an email adresss if it's unique in your keyring)). Redirect the
output of that command to a file and copy that file to your home
directory on common-lisp.net.
8) Now go have look at the docs at gnupg.org from same good manuals,
howtos, tutorials, etc.
hope this helps.
Ring the bells that still can ring.
Forget your perfect offering.
There is a crack in everything.
That's how the light gets in.
More information about the clo-devel