-
Notifications
You must be signed in to change notification settings - Fork 3
GPG Setup
This will help you through the creation of a cryptographic key pair for signing software releases.
This guide presumes you have gnupg
installed. Installing gnupg
is a matter of doing an apt-get
or yum install
or installing via homebrew
on OSX. On Mac you can also install GPGTools, see below.
NOTE : Fedora has by default a gnupg
client and agent. So it should just work out of the box.
I'm using gnupg
2 on this tutorial, but everything applies to v1 too, being the only difference that v1's executable is gpg
and v2 is gpg2
.
- Download and install GPGTools
- it might be the case that a symbolic link to its
gpg-agent
is missing. If that's the case create it with (inside of the/usr/local/bin
directory:
ln -s /usr/local/MacGPG2/bin/gpg-agent gpg-agent
- Run
gpg
and let it create the config folder. Usually it goes under $HOME/.gnupg - Run
gpg --gen-key
- Select RSA and RSA
- Accept the default keysize (2048)
- Set key expiration - usually 2 years (2y) is a good compromise for beginners.
- Confirm key expiry date
- Add your Real Name, like John Doe Moe
- Add your email address - note that you can have more than one
- no comment is needed
- you need to generate a passphrase for your key, and this is the kind of password that needs to be strong.
Okay, now that you have your keys,let's try to sign and to decrypt a file.
1.Choose or create a test file that we will sign, for instance foo.txt
2.Encrypt your file gpg --encrypt --recipient 'Your Name' foo.txt
3.Decrypt your file gpg --output foo.txt --decrypt foo.txt.gpg