GnuPg

Pasos para trabajar con gpg.

• Generar una clave:

 emeteo@cernicalo[[0&]]$ gpg --gen-key
gpg (GnuPG) 1.2.3; Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and ElGamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
              minimum keysize is  768 bits
              default keysize is 1024 bits
    highest suggested keysize is 2048 bits
What keysize do you want? (1024)
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct (y/n)? y

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"

Real name: Perico de los palotes
Email address: perico.palotes@undominio.com
Comment: galpon
You selected this USER-ID:
    \"Perico de los palotes (galpon) <perico.palotes@undominio.com>\"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

Enter passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++.++++++++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++..
+++++.+++++.++++++++++++++++++++.+++++++++++++++.++++++++++>++++++++++...............+++++
public and secret key created and signed.
key marked as ultimately trusted.

pub  1024D/160D998A 2004-07-26 Perico de los palotes (galpon) <perico.palotes@undominio.com>
     Key fingerprint = 9F40 1650 1B6D 750B 8FA9  496C CB90 9113 160D 998A
sub  1024g/5761B71D 2004-07-26

• Lista claves públicas:

emeteo@cernicalo[[0&]]$ gpg --list-keys
/home/emeteo/.gnupg/pubring.gpg
-------------------------------
pub  1024D/160D998A 2004-07-26 Perico de los palotes (galpon) <perico.palotes@undominio.com>
sub  1024g/5761B71D 2004-07-26

• Ver fingerprint:

emeteo@cernicalo[[0&]]$ gpg --fingerprint perico
pub  1024D/160D998A 2004-07-26 Perico de los palotes (galpon) <perico.palotes@undominio.com>
     Key fingerprint = 9F40 1650 1B6D 750B 8FA9  496C CB90 9113 160D 998A
sub  1024g/5761B71D 2004-07-26

• Export a un fichero la clave pública:

emeteo@cernicalo[[0&]]$ gpg --export -a perico >miclave.asc

• Importar una clave de un anillo público:

Es necesario tener la opción keyserver en el ~/.gnupg/gpg.conf:

keyserver pgp.escomposlinux.org

emeteo@cernicalo[[0&]]$ gpg --recv-keys 779971DC
gpg: key 779971DC: public key \"Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>\" imported
gpg: Total number processed: 1
gpg:               imported: 1
emeteo@cernicalo[[0&]]$ gpg --list-keys
/home/emeteo/.gnupg/pubring.gpg
-------------------------------
pub  1024D/160D998A 2004-07-26 Perico de los palotes (galpon) <perico.palotes@undominio.com>
sub  1024g/5761B71D 2004-07-26

pub  1024D/779971DC 2000-03-21 Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
uid                            Mario Teijeiro (emeteo) <emeteo@telefonica.net>
uid                            Mario Teijeiro Otero (emeteo) <asimovi@teleline.es>
uid                            Mario Teijeiro (emeteo) <emeteo@telefonica.net>
uid                            Mario Teijeiro Otero (emeteo) <asimovi@teleline.es>
uid                            Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sub  2048g/D08821FF 2000-03-21

• Importar una clave desde un fichero:

emeteo@cernicalo[[0&]]$ gpg --import /tmp/a.asc
gpg: key 5EBC947C: public key \"Benjamín Albiñana Pérez <benalb@escomposlinux.org>\" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Firmar una clave:

 # Es necesario verificar el finguerprint y comprobar la identidad de la persona.
 # Una vez que estemos seguros que la clave pertenece a la persona que dice ser:

emeteo@cernicalo[[0&]]$ gpg --sign-key emeteo
gpg: key 779971DC: duplicated user ID detected - merged

gpg: checking the trustdb
gpg: checking at depth 0 signed<code>0 ot(-/q/n/m/f/u)</code>0/0/0/0/0/1
pub  1024D/779971DC  created: 2000-03-21 expires: never      trust: -/-
sub  2048g/D08821FF  created: 2000-03-21 expires: never
(1). Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
(2)  Mario Teijeiro (emeteo) <emeteo@telefonica.net>
(3)  [[revoked]] Mario Teijeiro Otero <mteijeiro@escomposlinux.org>
(4)  Mario Teijeiro Otero (emeteo) <asimovi@teleline.es>

Really sign all user IDs? yes
User ID \"Mario Teijeiro Otero <mteijeiro@escomposlinux.org>\" is revoked.  Unable to sign.

pub  1024D/779971DC  created: 2000-03-21 expires: never      trust: -/-
 Primary key fingerprint: 7788 5526 6B2A 47BE 9618  8F48 30AB 1CF9 7799 71DC

     Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
     Mario Teijeiro (emeteo) <emeteo@telefonica.net>
     Mario Teijeiro Otero (emeteo) <asimovi@teleline.es>

How carefully have you verified the key you are about to sign actually belongs
to the person named above?  If you don't know what to answer, enter \"0\".

   (0) I will not answer. (default)
   (1) I have not checked at all.
   (2) I have done casual checking.
   (3) I have done very careful checking.

Your selection? (enter '?' for more information): 2
Are you really sure that you want to sign this key
with your key: \"Perico de los palotes (galpon) <perico.palotes@undominio.com>\" (160D998A)

I have checked this key casually.

Really sign? y

You need a passphrase to unlock the secret key for
user: \"Perico de los palotes (galpon) <perico.palotes@undominio.com>\"
1024-bit DSA key, ID 160D998A, created 2004-07-26

ahora podemos ver que realmente hemos firmado la clave:

emeteo@cernicalo[[0&]]$ gpg --list-sigs emeteo
pub  1024D/779971DC 2000-03-21 Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sig         A3A76752 2002-05-26   [[User id not found]]
sig 3       779971DC 2001-12-25   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sig 3       779971DC 2001-12-25   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sig 2       160D998A 2004-07-26   Perico de los palotes (galpon) <perico.palotes@undominio.com>
uid                            Mario Teijeiro (emeteo) <emeteo@telefonica.net>
sig 3       779971DC 2002-11-13   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sig 2       160D998A 2004-07-26   Perico de los palotes (galpon) <perico.palotes@undominio.com>
uid                            [[revoked]] Mario Teijeiro Otero <mteijeiro@escomposlinux.org>
rev         779971DC 2002-11-27   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sig 3       779971DC 2000-11-13   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
uid                            Mario Teijeiro Otero (emeteo) <asimovi@teleline.es>
sig 3       779971DC 2000-03-21   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>
sig 2       160D998A 2004-07-26   Perico de los palotes (galpon) <perico.palotes@undominio.com>
sub  2048g/D08821FF 2000-03-21
sig         779971DC 2000-03-21   Mario Teijeiro Otero (emeteo) <emeteo@escomposlinux.org>

De momento esto es todo.