Skip to content

Instantly share code, notes, and snippets.

@econchick

econchick/key_signing.md

Last active Aug 29, 2015
Embed
What would you like to do?
PyLadies PyCon GPG Key Signing Par-Tay

GPG Key Signing

follow online: pyladi.es/gpg-key-party

Prep

Download & Setup Required Software

  • Mac OS X: GPG Suite - follow their download & installation instructions
  • Linux:
    • First see if you already have it, which is most likely: Try running gpg --help.
    • If an error occurs:
      • Debian/Ubuntu: sudo apt-get install gnupg
      • Fedora/Red Hat: sudo yum install gnupg
    • Try gpg --help again after installation
  • Windows: gpg4win
    • Follow their download & installation instructions, note where you installed the program, e.g. C:\Program Files\GNU\GnuPG\
    • Add the executable to your environment variable path:
      • Go to My Computer > Properties > Advanced > Environment Variables > Path
      • Edit path by adding the full path to the gpg.exe file (e.g. C:\Program Files\GNU\GnuPG\gpg.exe)

Generate Your Key Pair

When generating keys, be sure to use these when prompted (following OpenPGP's best practices):

Variable Attribute
Key Type RSA and RSA (default)
Key Length 4096 bits
Key Expires 2 years (or less)
Upload to keyserver yes
Keyserver hkps://hkps.pool.sks-keyservers.net

NOTE: Be sure to also create a super secure passphrase, (and perhaps save it to a password manager).

  • If you prefer doing this via a GUI:

    • Windows: Follow Create a Key pair
    • Mac OS X: Open up "GPG Keychain" application and follow the "Create a new key" section from here
    • Linux: Follow the GNOME or KDE instructions
  • Or, via the Command Line (for every OS), and work through the prompts with the values in the above table:

gpg --gen-key

Send Key to Keyserver

  • Command Line:
# replace KEYNAME with your fingerprint
gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key KEYNAME

Sign

  1. Meet a new friend!
  2. Confirm identities with each other (passport, ID)
  3. Exchange each other's Key Fingerprints
  4. Run the following commands:
$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net <LAST_8_FINGERPRINT_DIGITS>
$ gpg --fingerprint <LAST_8_FINGERPRINT_DIGITS>
# Check if the fingerprint given matches what your new friend gave you
# if it doesn't match...run!
# if all okay:
$ gpg --sign-key <LAST_8_FINGERPRINT_DIGITS>
$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key <LAST_8_FINGERPRINT_DIGITS>

High five! Then find a new friend!

OPTIONAL: Generate a back up

NOTE Before exporting to create a back up, it may be best to have a USB drive handy so the backup is not on your machine.

NOTE If you do save your back up to a USB, be sure to keep it safe and secure!

  • Command Line:
# replace email and file name with your details
# if saving to USB, put full path to USB
gpg --export-secret-keys --armor jqdoe@example.com > jqdoe-privkey.asc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.