1 |
nightmorph 12/11/13 23:11:19 |
2 |
|
3 |
Modified: gnupg-user.xml |
4 |
Log: |
5 |
update gnupg guide for bug #443016. updated key generation process and gpg-agent/pinentry instructions. |
6 |
|
7 |
Revision Changes Path |
8 |
1.52 xml/htdocs/doc/en/gnupg-user.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/gnupg-user.xml?rev=1.52&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/gnupg-user.xml?rev=1.52&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/gnupg-user.xml?r1=1.51&r2=1.52 |
13 |
|
14 |
Index: gnupg-user.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/gnupg-user.xml,v |
17 |
retrieving revision 1.51 |
18 |
retrieving revision 1.52 |
19 |
diff -u -r1.51 -r1.52 |
20 |
--- gnupg-user.xml 31 Oct 2012 18:44:41 -0000 1.51 |
21 |
+++ gnupg-user.xml 13 Nov 2012 23:11:19 -0000 1.52 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/gnupg-user.xml,v 1.51 2012/10/31 18:44:41 swift Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/gnupg-user.xml,v 1.52 2012/11/13 23:11:19 nightmorph Exp $ --> |
27 |
|
28 |
<guide> |
29 |
<title>GnuPG Gentoo User Guide</title> |
30 |
@@ -14,6 +14,9 @@ |
31 |
<author title="Editor"> |
32 |
<mail link="swift@g.o">Sven Vermeulen</mail> |
33 |
</author> |
34 |
+<author title="Editor"> |
35 |
+ <mail link="nightmorph"/> |
36 |
+</author> |
37 |
|
38 |
<abstract> |
39 |
This small guide will teach you the basics of using GnuPG, a tool for secure |
40 |
@@ -24,8 +27,8 @@ |
41 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
42 |
<license/> |
43 |
|
44 |
-<version>3</version> |
45 |
-<date>2012-10-31</date> |
46 |
+<version>4</version> |
47 |
+<date>2012-11-13</date> |
48 |
|
49 |
<chapter> |
50 |
<title>Introduction</title> |
51 |
@@ -93,17 +96,17 @@ |
52 |
under certain conditions. See the file COPYING for details. |
53 |
|
54 |
Please select what kind of key you want: |
55 |
- (1) DSA and ElGamal (default) |
56 |
- (2) DSA (sign only) |
57 |
- (4) ElGamal (sign and encrypt) |
58 |
- (5) RSA (sign only) |
59 |
+ (1) RSA and RSA (default) |
60 |
+ (2) DSA and Elgamal |
61 |
+ (3) DSA (sign only) |
62 |
+ (4) RSA (sign only) |
63 |
Your selection? <i>1</i> |
64 |
</pre> |
65 |
|
66 |
<p> |
67 |
Here you can choose the type of key you want to use. Most users will go for the |
68 |
-default DSA and ElGamal. Next is the key size - remember that bigger is better |
69 |
-but don't use a size larger than 2048 with DSA/ElGamal keys. Generally 1024 is |
70 |
+default RSA and RSA. Next is the key size - remember that bigger is better |
71 |
+but don't use a size larger than 2048 with DSA/ElGamal keys. Generally 2048 is |
72 |
more than enough for normal email. |
73 |
</p> |
74 |
|
75 |
@@ -112,13 +115,10 @@ |
76 |
go for a key that never expires or to something like 2 or 3 years. |
77 |
</p> |
78 |
|
79 |
-<pre caption="Choosing key size" > |
80 |
-DSA keypair will have 1024 bits. |
81 |
-About to generate a new ELG-E keypair. |
82 |
- minimum keysize is 768 bits |
83 |
- default keysize is 1024 bits |
84 |
- highest suggested keysize is 2048 bits |
85 |
- What keysize do you want? (1024) <i>2048</i> |
86 |
+<pre caption="Choosing key size"> |
87 |
+RSA keypair will have 1024 bits. |
88 |
+RSA keys may be between 1024 and 4096 bits long. |
89 |
+ What keysize do you want? (2048) <i>2048</i> |
90 |
Requested keysize is 2048 bits |
91 |
Please specify how long the key should be valid. |
92 |
0 = key does not expire |
93 |
@@ -139,9 +139,7 @@ |
94 |
<pre caption="Entering user information" > |
95 |
Is this correct (y/n)? <i>y</i> |
96 |
|
97 |
-You need a User-ID to identify your key; the software constructs the user id |
98 |
-from Real Name, Comment and Email Address in this form: |
99 |
-"Heinrich Heine (Der Dichter) <heinrichh@×××××××××××.de>" |
100 |
+GnuPG needs to construct a user ID to identify your key. |
101 |
|
102 |
Real name: <i>John Doe</i> |
103 |
Email address: <i>john@×××××××××××××××××.flick</i> |
104 |
@@ -157,8 +155,8 @@ |
105 |
|
106 |
<p> |
107 |
Now enter your key passphrase twice. It is a good idea to use a strong password. |
108 |
-If someone ever gets hold of your private key and cracks your password, they |
109 |
-will be able to send messages signed by "you", making everyone believe the mails |
110 |
+If someone ever gets hold of your private key and cracks your password, they |
111 |
+will be able to send messages signed by "you", making everyone believe the mails |
112 |
were sent by you. |
113 |
</p> |
114 |
|
115 |
@@ -366,13 +364,13 @@ |
116 |
<p> |
117 |
Now that you have your key, it is probably a good idea to send it to the world |
118 |
key server. There are a lot of keyservers in the world and most of them exchange |
119 |
-keys between them. Here we are going to send John Doe's key to the subkeys.pgp.net |
120 |
-server. This uses HTTP, so if you need to use a proxy for HTTP traffic don't |
121 |
-forget to set it (<c>export http_proxy=http://proxy_host:port/</c>). The command |
122 |
-for sending the key is: <c>gpg --keyserver subkeys.pgp.net --keyserver-options |
123 |
-honor-http-proxy --send-key 75447B14</c> where <c>75447B14</c> is the key ID. |
124 |
-If you don't need a HTTP proxy you can remove the <e>--keyserver-options |
125 |
-honor-http-proxy</e>. |
126 |
+keys between them. Here we are going to send John Doe's key to the |
127 |
+subkeys.pgp.net server. This uses HTTP, so if you need to use a proxy for HTTP |
128 |
+traffic don't forget to set it (<c>export |
129 |
+http_proxy=http://proxy_host:port/</c>). The command for sending the key is: |
130 |
+<c>gpg --keyserver subkeys.pgp.net --keyserver-options honor-http-proxy |
131 |
+--send-key 75447B14</c> where <c>75447B14</c> is the key ID. If you don't need |
132 |
+a HTTP proxy you can remove the <e>--keyserver-options honor-http-proxy</e>. |
133 |
</p> |
134 |
|
135 |
<p> |
136 |
@@ -449,7 +447,7 @@ |
137 |
</p> |
138 |
|
139 |
<p> |
140 |
-Gentoo provides a few GPG agent applications. The <c>app-crypt/gnupg-1.9.*</c> |
141 |
+Gentoo provides a few GPG agent applications. The <c>app-crypt/gnupg</c> |
142 |
package contains what could be considered the reference one, and will be the |
143 |
one we'll use in this document. |
144 |
</p> |
145 |
@@ -457,30 +455,41 @@ |
146 |
</body> |
147 |
</section> |
148 |
<section> |
149 |
-<title>Installing and Configuring gpg-agent and pinentry</title> |
150 |
+<title>Configuring gpg-agent and pinentry</title> |
151 |
<body> |
152 |
|
153 |
<p> |
154 |
-You should install <c>gnupg-1.9.*</c>, which includes <c>gpg-agent</c>, and |
155 |
-<c>pinentry</c>. <c>pinentry</c> is the helper application that gpg-agent uses |
156 |
-to request the passphrase in a graphical window. It comes in three flavors: it |
157 |
-can popup a window using the gtk+, Qt, or curses library (depending on the USE |
158 |
-flag you set when emerging it). |
159 |
+GnuPG includes <c>gpg-agent</c> and <c>pinentry</c>. <c>pinentry</c> is the |
160 |
+helper application that gpg-agent uses to request the passphrase in a graphical |
161 |
+window. It comes in three flavors: it can popup a window using the gtk+, Qt, or |
162 |
+curses library (depending on your USE flags in |
163 |
+<path>/etc/portage/make.conf</path>). |
164 |
+</p> |
165 |
+ |
166 |
+<p> |
167 |
+If you installed <c>pinentry</c> with more than one popup window type, you can |
168 |
+choose between them with <c>eselect-pinentry</c>: |
169 |
</p> |
170 |
|
171 |
-<pre caption="Installing gpg-agent and pinentry"> |
172 |
-# <i>emerge \>=gnupg-1.9.20 pinentry</i> |
173 |
+<pre caption="Switching popup windows"> |
174 |
+# <i>eselect pinentry list</i> |
175 |
+Available pinentry implementations: |
176 |
+ [1] pinentry-gtk-2 * |
177 |
+ [2] pinentry-curses |
178 |
+ [3] pinentry-qt4 |
179 |
+ |
180 |
+# <i>eselect pinentry set 1</i> |
181 |
</pre> |
182 |
|
183 |
<p> |
184 |
-Next, create a file called <path>~/.gnupg/gpg-agent.conf</path> and enter the |
185 |
+Now create a file called <path>~/.gnupg/gpg-agent.conf</path> and enter the |
186 |
following lines which define the default timeout of the passphrase (e.g. 30 |
187 |
minutes) and the application to be called for when the passphrase should be |
188 |
-retrieved the first time (e.g. the Qt version of pinentry). |
189 |
+retrieved the first time (e.g. the gtk+ version of pinentry). |
190 |
</p> |
191 |
|
192 |
<pre caption="Editing ~/.gnupg/gpg-agent.conf"> |
193 |
-pinentry-program /usr/bin/pinentry-qt |
194 |
+pinentry-program /usr/bin/pinentry-gtk-2 |
195 |
no-grab |
196 |
default-cache-ttl 1800 |
197 |
</pre> |
198 |
@@ -505,10 +514,10 @@ |
199 |
<body> |
200 |
|
201 |
<p> |
202 |
-If you use KDE as graphical environment, edit |
203 |
+If you use KDE as your graphical environment, edit |
204 |
<path>/etc/kde/startup/agent-startup.sh</path> and uncomment the following |
205 |
-(system-wide) or <path>~/.kde4/env/gpg-agent.sh</path> (local user) and add |
206 |
-the following command to it to have KDE automatically starting the GPG agent: |
207 |
+(system-wide) or <path>~/.kde4/env/gpg-agent.sh</path> (local user) and add the |
208 |
+following command to it to have KDE automatically starting the GPG agent: |
209 |
</p> |
210 |
|
211 |
<pre caption="Make KDE automatically start the GPG agent"> |