Tuto pgp » Historique » Révision 7
Révision 6 (pizzacoca, 12/09/2018 22:34) → Révision 7/11 (pizzacoca, 22/09/2018 21:45)
# Tutos pgp
## Liens externes
pad de travail : https://pad.aquilenet.fr/p/atelier_22092018
### Manuel Gnupgp
https://www.gnupg.org/gph/fr/manual.html#AEN248
https://linux.die.net/man/1/gpg2
### Création des clefs
https://keyring.debian.org/creating-key.html
http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
https://www.activpart.com/utiliser-openpgp-linux-debian-gnupg/
https://help.github.com/articles/generating-a-new-gpg-key/
http://gpglinux.free.fr/
### Gestion des clefs
https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management
https://wiki.faimaison.net/doku.php?id=gpg&s[]=gpg
### Signature des clefs
https://www.debian.org/events/keysigning.fr.html
### Les copains
http://www.giroll.org/
## En ligne de commande
Installation de l'outil
~~~
sudo apt-get install gnupg
~~~
Génération de la clef
~~~
gpg --full-generate-key
~~~
Il y aura un premier lot de choix à réaliser (type d'utilisation, degré de chiffrement, durée de validité)
> gpg: keyring `/home/user/.gnupg/secring.gpg' created
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? **1**
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) **4096**
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) **3y**
Key expires at Tue 11 May 2019 12:53:08 AM EDT
Is this correct? (y/N) **y**
Ensuite viendront d'autres questions concernant votre identité puis le **mot de passe**
> You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: **Test User**
Email address: **test@example.org**
Comment:
You selected this USER-ID:
"Test User <test@example.org>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? **o**
You need a Passphrase to protect your secret key.
passphrase not correctly repeated; try again.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..........+++++
A ce moment-là c'est une bonne idée de lancer une vidéo, faire des trucs sur le pc
(note : il existe un utilitaire qui crée de l'entropie tout seul mais 'jme rapelle plus de son nom)
> .................................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
........+++++
.......+++++
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 23955501 marked as ultimately trusted
public and secret key created and signed.
A ce moment-là les clefs sont crées (probablement dans ~/.gnupg
###Génération du certificat de révocation
### Envoi de la clef
gpg --keyserver pool.sks-keyservers.net --send-key '519D 4592 3D31 56E6 B7A8 269E F9E2 35C3 2395 5501'
### Edition d'une clef
gpg --edit-key 285AFE12FFC70E5B8A950BB0FF2DCF039EB27061