1 |
Hello *, |
2 |
|
3 |
I am stuck and have many questions. |
4 |
|
5 |
[In the process of becoming a dev, I've generated a gpg key, of course. It |
6 |
vwas on an old notebook. When I switched to a newer notebook, I forgot to |
7 |
copy it, because I don't use gpg regularly. No risk that it became known - |
8 |
the disk was re-partitioned and re-formatted. Probably, that key has |
9 |
expired anyway.] |
10 |
|
11 |
1. So, I start |
12 |
|
13 |
gpg --gen-key |
14 |
|
15 |
It creates ~/.gnupg/ and some files in it. Should I press ctrl-C, then |
16 |
edit ~/.gnupg/gpg.conf, and then re-start gpg --gen-key? Or editing |
17 |
gpg.conf can be done later? |
18 |
|
19 |
2. Then I choose 1, 3y, y, then my name and the @gentoo.org email address. |
20 |
After that, |
21 |
|
22 |
gpg --list-keys |
23 |
|
24 |
says |
25 |
|
26 |
/home/<username>/.gnupg/pubring.gpg |
27 |
------------------------------- |
28 |
pub 4096R/0x<16_hex_digits_1> 2013-02-26 [expires: 2016-02-26] |
29 |
uid [ultimate] <my_name> <my_gentoo_email_address> |
30 |
sub 4096R/0x<16_hex_digits_2> 2013-02-26 [expires: 2016-02-26] |
31 |
|
32 |
So, my key id is 0x<16_hex_digits_1>, right? |
33 |
|
34 |
3. Now I do |
35 |
|
36 |
gpg --edit-key 0x<16_hex_digits_1> |
37 |
addkey |
38 |
|
39 |
Then I choose |
40 |
|
41 |
(4) RSA (sign only) |
42 |
|
43 |
right? Then I choose 4096, 1y, y, y, save. Now |
44 |
|
45 |
gpg --list-keys |
46 |
|
47 |
gives |
48 |
|
49 |
/home/<username>/.gnupg/pubring.gpg |
50 |
------------------------------- |
51 |
pub 4096R/0x<16_hex_digits_1> 2013-02-26 [expires: 2016-02-26] |
52 |
uid [ultimate] <my_name> <my_gentoo_email_address> |
53 |
sub 4096R/0x<16_hex_digits_2> 2013-02-26 [expires: 2016-02-26] |
54 |
sub 4096R/0x<16_hex_digits_3> 2013-02-26 [expires: 2014-02-26] |
55 |
|
56 |
4. I do |
57 |
|
58 |
gpg --output revoke.asc --gen-revoke 0x<16_hex_digits_1> |
59 |
|
60 |
and choose 1. |
61 |
|
62 |
> 6. Encrypted backup of your secret keys. |
63 |
I don't understand this. |
64 |
|
65 |
> 7. In your gpg.conf: |
66 |
> # include an unambiguous indicator of which key made a signature: |
67 |
> # (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
68 |
> sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
69 |
I don't understand this. |
70 |
|
71 |
5. I do |
72 |
|
73 |
gpg --keyserver subkeys.pgp.net --send-key 0x<16_hex_digits_1> |
74 |
|
75 |
6. On dev.gentoo.org, I am supposed to do |
76 |
|
77 |
perl_ldap -b user -M gpgkey <gpg-id> <user> |
78 |
perl_ldap -b user -M gpgfingerprint <gpg-fingerprint> <user> |
79 |
|
80 |
Is <gpg-id> 0x<16_hex_digits_1>? Or 0x<16_hex_digits_3>? What is |
81 |
<gpg-fingerprint> and how do I get it? Is <user> my username on |
82 |
dev.gentoo.org? |
83 |
|
84 |
What's even more important, perl_ldap asks my ldap password. I suppose I |
85 |
haven't got one. My usual Gentoo password (used in bugzilla, forums) does |
86 |
not work. How do I get an ldap password? |
87 |
|
88 |
7. If I'll ever complete all the above, I'll add sign to FEATURES in |
89 |
/etc/portage/make.conf, and |
90 |
|
91 |
PORTAGE_GPG_DIR="/home/<username>/.gnupg" |
92 |
|
93 |
and also |
94 |
|
95 |
PORTAGE_GPG_KEY="0x<16_hex_digits_3>!" |
96 |
|
97 |
Is this correct? Is it <16_hex_digits_3>, and not, say, <16_hex_digits_1>? |
98 |
Should I add ! at the end, as suggested by mgorny? |
99 |
|
100 |
During the time I'm reading all these instructions, I could bump 10 |
101 |
packages. Very complicated for a person who does not use gpg and knows |
102 |
next to nothing about it. |
103 |
|
104 |
Andrey Grozin |