Stoppt die Vorratsdatenspeicherung! Jetzt klicken &handeln! Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos
und Materialien:
GnuPG

1 Step:
Creating a pair of keys, comprising a privat and a public key:
########
billy@hell:~$ gpg --gen-key
gpg (GnuPG) 1.2.2; Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.


Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 2048
Reqüsted keysize is 2048 bits
Please specify how long the key should be valid.
0 = key dös not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key dös not expire at all
Is this correct (y/n)? y


You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "

Real name: Billy Gate
Email address: billyboy@kglug.de
Comment: KGLUG - Die Kölner Gentoo Linux User Group
You selected this USER-ID:
"Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
.+++++.++++++++++..
[...]
public and secret key created and signed.
key marked as ultimately trusted.

pub 1024D/691A6339 2003-07-16 Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group)
Key fingerprint = 7396 34F3 7197 1EA6 9C79 86CE B6CE D134 691A 6339
sub 2048g/43BCB900 2003-07-16

billy@hell:~$
########



2. Step:
Next I do create a revocation certificate, which will be uses to to mark the certificate as revoked on demand. There could be different reasons to do so; in my case it had been the incorrect systemtime;-)
For this the privat key will be used, so I put in an imaginary value that couldn't exist. It is quite clear?

########
billy@hell:~$ gpg -o rev_billyboy@kglug.de.asc --gen-revoke 4X11Y3Z9

sec 1024D/691A6339 2003-07-16 Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group)

Create a revocation certificate for this key? y
Please select the reason for the revocation:
0 = No reason specified
1 = Key has beebilly@hell:~$n compromised
2 = Key is superseded
3 = Key is no longer used
Q = Cancel
(Probably you want to select 1 here)
Your decision? o
Invalid selection.
Your decision? 0
Enter an optional description; end it with an empty line:

Reason for revocation: No reason specified
(No description given)
Is this okay? y

You need a passphrase to unlock the secret key for user: "Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group) "
1024-bit DSA key, ID 691A6339, created 2003-07-16

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others!
billy@hell:~$
########

######## billy@hell:~$ ls -l rev_tun\@kglug.de.asc
- -rw-r--r-- 1 tun tun 263 Jul 16 10:30 rev_billyboy@kglug.de.asc
billy@hell:~$
########

3. Step:
Thereafter I did changed first of all the rights.

########
billy@hell:~$ chmod 400 rev_tun\@kglug.de.asc
billy@hell:~$ ls -l rev_tun\@kglug.de.asc
- -r-------- 1 tun tun 263 Jul 16 10:30 rev_billyboy@kglug.de.asc
billy@hell:~$
########

4. Step:
Saving the file to an external data medium, deleting itself on the computer as well as putting it into an outsourced safety box;-)

5. Step:
Issuing the public key onto a keyserver.
########
billy@hell:~$ gpg --keyserver wwwkeys.de.pgp.net --send-key 691A6339
gpg: success sending to `wwwkeys.de.pgp.net' (status=200)
billy@hell:~$
########


6. Step:
Checking out from another host which keys will be found. I received the revoked key(1) and the valid(2) one too:

########
billy@hell1:~$ gpg --keyserver wwwkeys.de.pgp.net --search-keys billyboy@kglug.de
gpg: searching for "billyboy@kglug.de" from HKP server wwwkeys.de.pgp.net Keys 1-2 of 2 for "billyboy@kglug.de"
(1) Billy Gate (Köln LUG: billyboy@kglug.de) (revoked)
1024 bit DSA key 6D87671B, created 2003-07-15
(2) Billy Gate (Köln LUG - Die Kölner Linux und U.n.i.x Gruppe)
1024 bit DSA key 691A6339, created 2003-07-15
Enter number(s), N)ext, or Q)uit > 1


gpg: key 6D87671B: invalid self-signature on user id "Billy Gate (Köln LUG: billyboy@kglug.de) "
gpg: key 6D87671B has been created 53022 seconds in future (time warp or clock problem)


[...]
gpg: key 6D87671B: invalid revocation certificate: timestamp conflict - skipped
gpg: key 6D87671B: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1
billy@hell1:~$
########


########
billy@hell1:~$ gpg --keyserver wwwkeys.de.pgp.net --search-keys billyboy@kglug.de
gpg: searching for "billyboy@kglug.de" from HKP server wwwkeys.de.pgp.net
Keys 1-2 of 2 for "billyboy@kglug.de"
(1) Billy Gate (Köln LUG: billyboy@kglug.de) (revoked) 1024 bit DSA key 6D87671B, created 2003-07-15
(2) Billy Gate (Köln LUG - Die Kölner Linux und U.n.i.x Gruppe)
1024 bit DSA key 691A6339, created 2003-07-15 Enter number(s), N)ext, or Q)uit > 2
gpg: key 691A6339: "Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group) " not changed
gpg: Total number processed: 1
gpg: unchanged: 1
billy@hell1:~$
########


7. Step:
Furthermore I had imported the new valid key.
########
billy@hell1:~$ gpg --keyserver wwwkeys.de.pgp.net --recv-keys 691A6339
gpg: key 691A6339: "Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group) " not changed
gpg: Total number processed: 1
gpg: unchanged: 1
billy@hell1:~$
########


########
- -bash-2.05b$ gpg --keyserver wwwkeys.de.pgp.net --recv-keys 691A6339
gpg: WARNUNG: Sensible Daten könnten auf Platte ausgelagert werden.
gpg: siehe http://www.gnupg.org/de/faq.html für weitere Informationen
gpg: Der Schlüssel 691A6339 wurde 837 Sekunden in der Zukunft erzeugt (Zeitreise oder Uhren stimmen nicht überein)
gpg: Schlüssel 691A6339: Ungültige Eigenbeglaubigung für User-ID "Billy Gate (KGLUG - Die Kölner Gentoo Linux User Group) "
gpg: Der Schlüssel 691A6339 wurde 837 Sekunden in der Zukunft erzeugt (Zeitreise oder Uhren stimmen nicht überein)
gpg: Schlüssel 691A6339: Ungültige Unterschlüssel-Anbindung
gpg: Schlüssel 691A6339: Keine gültigen User-IDs
gpg: dies könnte durch fehlende Eigenbeglaubigung verursacht worden sein
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: ohne User-ID: 1
- -bash-2.05b$ date
Mi 16 Jul 2003 10:12:22 CEST
- -bash-2.05b$
########


Ups, wat is'n dat?
I'd imported the key onto a third host whose systemtime had been wrong too and gpg had annotated it adequately.


Correcting the systemtime to remedy the deficiencies!


For my part, I do owning now that it's sensible to the nurse it;)


8. Step:
To revoke the corrupt key I had imported the relevant revocation certificate

########
billy@hell:~$ gpg --import revcert.asc
########


and issued a newly created one then again onto a keyserver.


########
billy@hell:~$ gpg --keyserver wwwkeys.de.pgp.net --send-key 59BC83D9
gpg: success sending to `wwwkeys.de.pgp.net' (status=200)
billy@hell:~$
########


Also interestedly:


gpg --list-keys [USER-ID|KEY-ID]
gpg --list-secret-keys [USER-ID|KEY-ID]
gpg --list-sigs [USER-ID|KEY-ID]
gpg --fingerprint [USER-ID|KEY-ID]


That's all constituted just a part of pgp/gpg's possibilities it does not claim to be ...


But perhaps it is usefull for the beginning and I do hope that I'd nothing forgotten to document.


On that score, as usual: it comes without guarantee.


Oh yes, the privat key is called privat because of it is P_R_I_V_A_T_E.

And another thing: if you read this email an e.g kmail remarks it as trustable, so he couldn't be it, because you have to declare them before.
müsst.
@tun © 2003, translated 2009