Tuto pgp » Historique » Version 11
pizzacoca, 11/02/2020 22:28
| 1 | 1 | pizzacoca | # Tutos pgp |
|---|---|---|---|
| 2 | |||
| 3 | 5 | pizzacoca | ## Liens externes |
| 4 | |||
| 5 | 7 | pizzacoca | pad de travail : https://pad.aquilenet.fr/p/atelier_22092018 |
| 6 | |||
| 7 | 5 | pizzacoca | ### Manuel Gnupgp |
| 8 | 1 | pizzacoca | https://www.gnupg.org/gph/fr/manual.html#AEN248 |
| 9 | 11 | pizzacoca | ["man gpg2](https://linux.die.net/man/1/gpg2) |
| 10 | 1 | pizzacoca | |
| 11 | 5 | pizzacoca | ### Création des clefs |
| 12 | 1 | pizzacoca | https://keyring.debian.org/creating-key.html |
| 13 | http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ |
||
| 14 | https://www.activpart.com/utiliser-openpgp-linux-debian-gnupg/ |
||
| 15 | https://help.github.com/articles/generating-a-new-gpg-key/ |
||
| 16 | http://gpglinux.free.fr/ |
||
| 17 | |||
| 18 | 5 | pizzacoca | ### Gestion des clefs |
| 19 | 1 | pizzacoca | https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management |
| 20 | https://wiki.faimaison.net/doku.php?id=gpg&s[]=gpg |
||
| 21 | |||
| 22 | 5 | pizzacoca | ### Signature des clefs |
| 23 | 1 | pizzacoca | https://www.debian.org/events/keysigning.fr.html |
| 24 | 2 | pizzacoca | |
| 25 | 5 | pizzacoca | ### Les copains |
| 26 | 1 | pizzacoca | http://www.giroll.org/ |
| 27 | 3 | pizzacoca | |
| 28 | ## En ligne de commande |
||
| 29 | 4 | pizzacoca | |
| 30 | 9 | pizzacoca | ### Pour générer de l'entropie facile |
| 31 | 8 | pizzacoca | |
| 32 | ~~~ |
||
| 33 | apt-get install rng-tools #installation |
||
| 34 | rngd -f -r /dev/urandom #lancer dans une autre console |
||
| 35 | ~~~ |
||
| 36 | |||
| 37 | 9 | pizzacoca | ### Installation de l'outil |
| 38 | 4 | pizzacoca | |
| 39 | ~~~ |
||
| 40 | sudo apt-get install gnupg |
||
| 41 | ~~~ |
||
| 42 | |||
| 43 | |||
| 44 | 9 | pizzacoca | ### Génération de la clef |
| 45 | 4 | pizzacoca | |
| 46 | ~~~ |
||
| 47 | gpg --full-generate-key |
||
| 48 | ~~~ |
||
| 49 | |||
| 50 | Il y aura un premier lot de choix à réaliser (type d'utilisation, degré de chiffrement, durée de validité) |
||
| 51 | > gpg: keyring `/home/user/.gnupg/secring.gpg' created |
||
| 52 | gpg: keyring `/home/user/.gnupg/pubring.gpg' created |
||
| 53 | Please select what kind of key you want: |
||
| 54 | (1) RSA and RSA (default) |
||
| 55 | (2) DSA and Elgamal |
||
| 56 | (3) DSA (sign only) |
||
| 57 | (4) RSA (sign only) |
||
| 58 | Your selection? **1** |
||
| 59 | RSA keys may be between 1024 and 4096 bits long. |
||
| 60 | What keysize do you want? (2048) **4096** |
||
| 61 | Requested keysize is 4096 bits |
||
| 62 | Please specify how long the key should be valid. |
||
| 63 | 0 = key does not expire |
||
| 64 | <n> = key expires in n days |
||
| 65 | <n>w = key expires in n weeks |
||
| 66 | <n>m = key expires in n months |
||
| 67 | <n>y = key expires in n years |
||
| 68 | Key is valid for? (0) **3y** |
||
| 69 | Key expires at Tue 11 May 2019 12:53:08 AM EDT |
||
| 70 | Is this correct? (y/N) **y** |
||
| 71 | |||
| 72 | Ensuite viendront d'autres questions concernant votre identité puis le **mot de passe** |
||
| 73 | |||
| 74 | > You need a user ID to identify your key; the software constructs the user ID |
||
| 75 | from the Real Name, Comment and Email Address in this form: |
||
| 76 | "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" |
||
| 77 | Real name: **Test User** |
||
| 78 | Email address: **test@example.org** |
||
| 79 | Comment: |
||
| 80 | You selected this USER-ID: |
||
| 81 | "Test User <test@example.org>" |
||
| 82 | Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? **o** |
||
| 83 | You need a Passphrase to protect your secret key. |
||
| 84 | passphrase not correctly repeated; try again. |
||
| 85 | We need to generate a lot of random bytes. It is a good idea to perform |
||
| 86 | some other action (type on the keyboard, move the mouse, utilize the |
||
| 87 | disks) during the prime generation; this gives the random number |
||
| 88 | generator a better chance to gain enough entropy. |
||
| 89 | ..........+++++ |
||
| 90 | |||
| 91 | A ce moment-là c'est une bonne idée de lancer une vidéo, faire des trucs sur le pc |
||
| 92 | (note : il existe un utilitaire qui crée de l'entropie tout seul mais 'jme rapelle plus de son nom) |
||
| 93 | |||
| 94 | > .................................+++++ |
||
| 95 | We need to generate a lot of random bytes. It is a good idea to perform |
||
| 96 | some other action (type on the keyboard, move the mouse, utilize the |
||
| 97 | disks) during the prime generation; this gives the random number |
||
| 98 | generator a better chance to gain enough entropy. |
||
| 99 | ........+++++ |
||
| 100 | .......+++++ |
||
| 101 | gpg: /home/user/.gnupg/trustdb.gpg: trustdb created |
||
| 102 | gpg: key 23955501 marked as ultimately trusted |
||
| 103 | public and secret key created and signed. |
||
| 104 | |||
| 105 | A ce moment-là les clefs sont crées (probablement dans ~/.gnupg |
||
| 106 | 1 | pizzacoca | |
| 107 | ###Génération du certificat de révocation |
||
| 108 | |||
| 109 | 9 | pizzacoca | En prévision d'un problème de confiance de votre clef |
| 110 | 6 | pizzacoca | |
| 111 | 9 | pizzacoca | ~~~ |
| 112 | gpg --gen-revoke id-de-la-clef #alternative en cas d'espace dans l'id de la clef : "id de la clef" |
||
| 113 | ~~~ |
||
| 114 | 6 | pizzacoca | |
| 115 | 9 | pizzacoca | ### Envoi de la clef sur un serveur |
| 116 | |||
| 117 | 6 | pizzacoca | gpg --keyserver pool.sks-keyservers.net --send-key '519D 4592 3D31 56E6 B7A8 269E F9E2 35C3 2395 5501' |
| 118 | 1 | pizzacoca | |
| 119 | ### Edition d'une clef |
||
| 120 | |||
| 121 | gpg --edit-key 285AFE12FFC70E5B8A950BB0FF2DCF039EB27061 |
||
| 122 | 9 | pizzacoca | |
| 123 | ### génération de la clef publique dans un fichier texte |
||
| 124 | |||
| 125 | ~~~ |
||
| 126 | gpg --export --armor id-de-la-clef |
||
| 127 | ~~~ |
||
| 128 | |||
| 129 | |||
| 130 | ### génération de la clef secrete dans un fichier texte |
||
| 131 | |||
| 132 | ~~~ |
||
| 133 | gpg --export-secret-keys --armor id-de-la-clef |
||
| 134 | ~~~ |