Difference between revisions of "DeveloperWiki:Managing the Master Key"

From ArchWiki
Jump to: navigation, search
(Open questions)
Line 27: Line 27:
 
<pre>libusb couldn't open USB device /dev/bus/usb/001/006: Permission denied.
 
<pre>libusb couldn't open USB device /dev/bus/usb/001/006: Permission denied.
 
libusb requires write access to USB device nodes.</pre>
 
libusb requires write access to USB device nodes.</pre>
 +
* udev/packaging issue:
 +
<pre>udevd[273]: specified group 'pcscd' unknown</pre>
 
* Should we advice to create a backup during key creation or rather not?
 
* Should we advice to create a backup during key creation or rather not?
 
* Is the passphrase only used for the backup key?
 
* Is the passphrase only used for the backup key?

Revision as of 13:55, 18 November 2011


Prepare your Smartcard

Install the ccid package and start the pcscd daemon. Insert your smartcard reader and check the output of gpg --card-status

Creating the master key

Run gpg --card-edit. Type in admin to enabled administration functions. All available commands can now be listed by issuing the help command. Use the name and sex commands to set some unimportant meta data.

To create a new key pair just type in generate. Create a 3072 bits key and enter your data according to this example:

Real name: Pierre Schmitz
Email address: pierre@master-key.archlinux.org
Comment: Arch Linux Master Key

Confirm that your USER-ID looks like "Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>". Generating the key will take some time.

Signing the master key

Revoking a master key

Signing developer keys

Revoking developer keys

Open questions

  • Using the smartcard generates following errors without any apparent effect:
libusb couldn't open USB device /dev/bus/usb/001/006: Permission denied.
libusb requires write access to USB device nodes.
  • udev/packaging issue:
udevd[273]: specified group 'pcscd' unknown
  • Should we advice to create a backup during key creation or rather not?
  • Is the passphrase only used for the backup key?
  • Is the public key also stored on the card?
  • How should the url configuration be set?
  • What is the impact of setting forcesig?

External documentation

http://wiki.debian.org/Smartcards/OpenPGP