Difference between revisions of "DeveloperWiki:Managing the Master Key"

From ArchWiki
Jump to: navigation, search
(Creating the master key)
Line 1: Line 1:
 
[[Category:DeveloperWiki]]
 
[[Category:DeveloperWiki]]
 +
 +
==Prepare your Smartcard==
 +
Install the <code>ccid</code> package and start the <code>pcscd</code> daemon. Insert your smartcard reader and check the output of <code>gpg --card-status</code>
 +
 
==Creating the master key==
 
==Creating the master key==
We assume you want to store the keyring in the directory "master-key-home".
+
Run <code>gpg --card-edit</code>. Type in <code>admin</code> to enabled administration functions. All available commands can now be listed by issuing the <code>help</code> command.
<pre>gpg --homedir master-key-home --gen-key</pre>
+
 
Choose <code>(4) RSA (sign only)</code> and <code>4096 bits</code>
+
To create a new key pair just type in <code>generate</code>. Create a <code>3072 bits</code> key and enter your data according to this example:
Enter your data according to this:
+
 
<pre>
 
<pre>
 
Real name: Pierre Schmitz
 
Real name: Pierre Schmitz

Revision as of 17:48, 14 November 2011


Prepare your Smartcard

Install the ccid package and start the pcscd daemon. Insert your smartcard reader and check the output of gpg --card-status

Creating the master key

Run gpg --card-edit. Type in admin to enabled administration functions. All available commands can now be listed by issuing the help command.

To create a new key pair just type in generate. Create a 3072 bits key and enter your data according to this example:

Real name: Pierre Schmitz
Email address: pierre@master-key.archlinux.org
Comment: Arch Linux Master Key

Confirm that your USER-ID looks like "Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>". Generating the key will take some time.

Signing the master key

Revoking a master key

Signing developer keys

Revoking developer keys