The key-cert object MUST
be added into the database before your maintainer is updated to
reference it. A new maintainer should not be submitted with a PGPKEY
auth reference unless you include the key-cert object with your new
maintainer object submission.
The example below uses PGP version 5.0. When you enter
PGP commands PGP will default to ~/.pgp in your default directory.
You can override the default using the 'PGPPATH' environment variable.
-
Create a PGP key.
In the example, the 'Enter pass phrase:' line is highlighted in orange to indicate that the value you supply will be needed each time you PGP-sign a submission.
Therefore it's a good idea to keep your pass phrase in a safe place or,
ideally, memorize it so there is no possibility that another party can
find it. Anyone with your pass phrase has the ability to impersonate you
and breach your DB objects.
% pgpk -g
Choose the type of your public key:
1) DSS/Diffie-Hellman - New algorithm for 5.0 (default)
2) RSA
Choose 1 or 2: 2
Pick your public/private keypair key size:
1) 768 bits- Commercial grade, probably not currently breakable
2) 1024 bits- High commercial grade, secure for many years
3) 2048 bits- "Military" grade, secure for the forseeable future
Choose 1, 2 or 3, or enter desired number of bits
(768 - 2048): 1
You need a user ID for your public key. The desired form for this
user ID is your FULL name, followed by your E-mail address enclosed in
, if you have an E-mail address. For example:
Joe Smith
If you violate this standard, you will lose much of the benefits of
PGP 5.0's keyserver and email integration.
Enter a user ID for your public key: Gerald A. Winters < gerald@merit.edu >
Enter the validity period of your key in days from 0 - 999
0 is forever (and the default): 0
You need a pass phrase to protect your private key(s).
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.
Enter pass phrase:
Enter again, for confirmation:
Enter pass phrase:
Collecting randomness for key...
We need to generate 35 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text
on your keyboard until you hear the beep:
0 * -Enough, thank you.
******* ...............*******
Keypair created successfully.
If you wish to send this new key to a server, enter the URL of the server,
below. If not, enter nothing.
%
- Extract your public key block.
% pgpk -xa gerald
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP for Personal Privacy 5.0
mQBtAzlPun4AAAEDAL4HzIVpazkecT7nWTotIsbmSdyfeImWVA4ZzVXZuwb6quK3
SocNluXQnzCDf9rSGO7mT2gLYKFSpBuQXQ0mZfGjL1yXT1FLIdkb94B0B7vPiTVb
+d/f4Ye0diwnAceU0QAFEbQkR2VyYWxkIEEuIFdpbnRlcnMgPGdlcmFsZEBtZXJp
dC5lZHU+iQB1AwUQOU+6frR2LCcBx5TRAQHR0QMAp6lAb8/SEq8V8lLTtB908sPq
H2Sh034w75ekZIwWVP3WQx9DcugWxbaNv5mYhfq4eoGNBZ2svNFZ0s0440bD8gAU
CFuhzB4dp523YePxHxgK5MuMPVqRCnbLETgrnfcs
=sYcq
-----END PGP PUBLIC KEY BLOCK-----
- Get your hex ID.
The hex ID is '01C794D1'.
% pgpk -l gerald
Type Bits KeyID Created Expires Algorithm Use
sec+ 768 0x01C794D1 2000-06-20 ---------- RSA Sign & Encrypt
uid Gerald A. Winters
1 matching key found
%
- Construct a 'key-cert' object.
Note that the 'method:', 'owner:' and 'fingerpr:' attributes have
not been specified. These attributes are auto-generated by the
DB software and so they are intentionally omitted. The red + need to be added before each line of the public
key block.
key-cert: PGPKEY-01C794D1
certif:
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP for Personal Privacy 5.0
+
+mQBtAzlPun4AAAEDAL4HzIVpazkecT7nWTotIsbmSdyfeImWVA4ZzVXZuwb6quK3
+SocNluXQnzCDf9rSGO7mT2gLYKFSpBuQXQ0mZfGjL1yXT1FLIdkb94B0B7vPiTVb
++d/f4Ye0diwnAceU0QAFEbQkR2VyYWxkIEEuIFdpbnRlcnMgPGdlcmFsZEBtZXJp
+dC5lZHU+iQB1AwUQOU+6frR2LCcBx5TRAQHR0QMAp6lAb8/SEq8V8lLTtB908sPq
+H2Sh034w75ekZIwWVP3WQx9DcugWxbaNv5mYhfq4eoGNBZ2svNFZ0s0440bD8gAU
+CFuhzB4dp523YePxHxgK5MuMPVqRCnbLETgrnfcs
+=sYcq
+-----END PGP PUBLIC KEY BLOCK-----
mnt-by: MAINT-MERIT
changed: gerald@merit.edu 20000709
source: RADB
- Update your maintainer to use PGP authentication using the PGP key
from the 'key-cert' object. Be sure to add your key-cert object to the
database *before* you update your maintainer.
The new 'auth:' attribute is highlighted in boldface type.
mntner: MAINT-GERALD
descr: Illustrate PGP authenticaion
admin-c: Gerald Winters
tech-c: Gerald Winters
upd-to: gerald@merit.edu
mnt-nfy: gerald@merit.edu
auth: CRYPT-PW pfrutahVELjzI
auth: PGPKEY-01C794D1
mnt-by: MAINT-GERALD
changed: gerald@merit.edu 20000709
source: RADB
- Email your objects to the registry.
Assume the objects are in a file called 'db-objects.txt'.
% mail auto-dbm@radb.net < db-objects.txt
- After you have successfully added your 'key-cert' object
to the DB and updated your maintainer to use PGP authentication,
you can PGP-sign your submissions.
