Projet

Général

Profil

Tuto pgp » Historique » Version 8

pizzacoca, 08/03/2019 23:53

1 1 pizzacoca
# Tutos pgp
2
3 5 pizzacoca
## Liens externes
4
5 7 pizzacoca
pad de travail : https://pad.aquilenet.fr/p/atelier_22092018
6
7 5 pizzacoca
### Manuel Gnupgp
8 1 pizzacoca
https://www.gnupg.org/gph/fr/manual.html#AEN248
9
https://linux.die.net/man/1/gpg2
10
11 5 pizzacoca
### Création des clefs
12 1 pizzacoca
https://keyring.debian.org/creating-key.html
13
http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
14
https://www.activpart.com/utiliser-openpgp-linux-debian-gnupg/
15
https://help.github.com/articles/generating-a-new-gpg-key/
16
http://gpglinux.free.fr/
17
18 5 pizzacoca
### Gestion des clefs
19 1 pizzacoca
https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management
20
https://wiki.faimaison.net/doku.php?id=gpg&s[]=gpg
21
22 5 pizzacoca
### Signature des clefs
23 1 pizzacoca
https://www.debian.org/events/keysigning.fr.html
24 2 pizzacoca
25 5 pizzacoca
### Les copains 
26 1 pizzacoca
http://www.giroll.org/
27 3 pizzacoca
28
## En ligne de commande
29 4 pizzacoca
30 8 pizzacoca
Pour générer de l'entropie facile
31
32
~~~
33
apt-get install rng-tools #installation
34
rngd -f -r /dev/urandom #lancer dans une autre console
35
~~~
36
37 4 pizzacoca
Installation de l'outil
38
39
~~~
40
sudo apt-get install gnupg
41
~~~
42
43
44
Génération de la clef
45
46
~~~
47
gpg --full-generate-key
48
~~~
49
50
Il y aura un premier lot de choix à réaliser (type d'utilisation, degré de chiffrement, durée de validité) 
51
> gpg: keyring `/home/user/.gnupg/secring.gpg' created
52
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
53
Please select what kind of key you want:
54
   (1) RSA and RSA (default)
55
   (2) DSA and Elgamal
56
   (3) DSA (sign only)
57
   (4) RSA (sign only)
58
Your selection? **1**
59
RSA keys may be between 1024 and 4096 bits long.
60
What keysize do you want? (2048) **4096**
61
Requested keysize is 4096 bits
62
Please specify how long the key should be valid.
63
         0 = key does not expire
64
      <n>  = key expires in n days
65
      <n>w = key expires in n weeks
66
      <n>m = key expires in n months
67
      <n>y = key expires in n years
68
Key is valid for? (0) **3y**
69
Key expires at Tue 11 May 2019 12:53:08 AM EDT
70
Is this correct? (y/N) **y**
71
72
Ensuite viendront d'autres questions concernant votre identité puis le **mot de passe**
73
74
> You need a user ID to identify your key; the software constructs the user ID
75
from the Real Name, Comment and Email Address in this form:
76
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
77
Real name: **Test User**
78
Email address: **test@example.org**
79
Comment: 
80
You selected this USER-ID:
81
    "Test User <test@example.org>"
82
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? **o**
83
You need a Passphrase to protect your secret key.
84
passphrase not correctly repeated; try again.
85
We need to generate a lot of random bytes. It is a good idea to perform
86
some other action (type on the keyboard, move the mouse, utilize the
87
disks) during the prime generation; this gives the random number
88
generator a better chance to gain enough entropy.
89
..........+++++
90
91
A ce moment-là c'est une bonne idée de lancer une vidéo, faire des trucs sur le pc
92
(note : il existe un utilitaire qui crée de l'entropie tout seul mais 'jme rapelle plus de son nom)
93
94
> .................................+++++
95
We need to generate a lot of random bytes. It is a good idea to perform
96
some other action (type on the keyboard, move the mouse, utilize the
97
disks) during the prime generation; this gives the random number
98
generator a better chance to gain enough entropy.
99
........+++++
100
.......+++++
101
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
102
gpg: key 23955501 marked as ultimately trusted
103
public and secret key created and signed.
104
105
A ce moment-là les clefs sont crées (probablement dans ~/.gnupg
106 6 pizzacoca
107
###Génération du certificat de révocation
108
109
110
### Envoi de la clef
111
112
gpg --keyserver pool.sks-keyservers.net --send-key '519D 4592 3D31 56E6 B7A8  269E F9E2 35C3 2395 5501'
113
114
### Edition d'une clef
115
116
gpg --edit-key 285AFE12FFC70E5B8A950BB0FF2DCF039EB27061