User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE

101

102

103

104

105

106

107

108

109

110

Chapter 3. Encryption

100

Warning

If you forget your passphrase, the key cannot be used and any data encrypted using that key will

be lost.

To find your GPG key ID, look in the ''Key ID'' column next to the newly created key. In most cases, if

you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x6789ABCD". You should

make a backup of your private key and store it somewhere secure.

3.9.3. Creating GPG Keys Using the Command Line

Use the following shell command: gpg --gen-key

This command generates a key pair that consists of a public and a private key. Other people use your

public key to authenticate and/or decrypt your communications. Distribute your public key as widely as

possible, especially to people who you know will want to receive authentic communications from you,

such as a mailing list.

A series of prompts directs you through the process. Press the Enter key to assign a default value if

desired. The first prompt asks you to select what kind of key you prefer:

Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA

(sign only) Your selection? In almost all cases, the default is the correct choice. A DSA/ElGamal key

allows you not only to sign communications, but also to encrypt files.

Next, choose the key size: minimum keysize is 768 bits default keysize is 1024 bits highest suggested

keysize is 2048 bits What keysize do you want? (1024) Again, the default is sufficient for almost all

users, and represents an ''extremely'' strong level of security.

Next, choose when the key will expire. It is a good idea to choose an expiration date instead of

using the default, which is ''none.'' If, for example, the email address on the key becomes invalid, an

expiration date will remind others to stop using that public key.

Please specify how long the key should be valid. 0 = key does not expire d = key expires in n days w =

key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0)

Entering a value of 1y, for example, makes the key valid for one year. (You may change this expiration

date after the key is generated, if you change your mind.)

Before the gpg program asks for signature information, the following prompt appears: Is this

correct (y/n)? Enter y to finish the process.

Next, enter your name and email address. Remember this process is about authenticating you as a

real individual. For this reason, include your real name. Do not use aliases or handles, since these

disguise or obfuscate your identity.

Enter your real email address for your GPG key. If you choose a bogus email address, it will be more

difficult for others to find your public key. This makes authenticating your communications difficult. If

you are using this GPG key for [[DocsProject/SelfIntroduction| self-introduction]] on a mailing list, for

example, enter the email address you use on that list.

Use the comment field to include aliases or other information. (Some people use different keys for

different purposes and identify each key with a comment, such as "Office" or "Open Source Projects.")