$ gpg -export -armor -output bestuser-gpg.pub The -o or -output option saves the output to a specified file instead of displaying it to standard out on the screen. The -a or -armor option encodes the output to plain text. In most cases, you will want to make sure the key file does not contain any binary characters so it can be displayed on a web page. Use the -export option to export the key from the keyring to a file. Uid Best User (Student account) Įxport the public key to share with othersįor others to send you encrypted messages that can only be decrypted with your private key, you must first share your public key.
Gpg: marginals needed: 3 completes needed: 1 trust model: pgp The quit command exits the edit utility and prompts you to save your changes.Īfter adding a new USER-ID, both identities are shown when listing the key. You can use list to show the identities, uid to select an identity, and deluid to delete an identity. gpg> adduidĬhange (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O To add an email address, you will actually add a USER-ID value. $ gpg -edit-key the subprompt, help or a ? lists the available edit commands. You can change expiration dates and passwords, sign or revoke keys, and add and remove emails and photos.
#GPG MAIL UNINSTALL HOW TO#
A Red Hat knowledge article explains how to configure rngd to use the /dev/urandom device for additional entropy. Besides the keyboard and mouse activity that is suggested in the output of the gpg command, additional entropy sources can be configured with the rng-tools package. If the value is less than 3000, you may need to generate more entropy. You can check the available entropy on a system by viewing a proc file: $ cat /proc/sys/kernel/random/entropy_avail A newly installed virtual machine may not have enough entropy. Once completed, the key information is displayed on the screen.Īdditionally, a lot of random bytes are needed to generate the key. If you are on a graphical desktop such as GNOME, the agent may be a graphical pop-up box. The gpg command requires an agent for this, so you may find that you need to be logged in directly as the user. Susan Lauber (Lauber System Solutions, Inc.) Īfter confirming the settings, you are prompted for a passphrase for the private key. You can use the gpg -list-keys command to view some of the identities for imported keys. Email address is the contact email for the key, and the optional Comment can identify a company, use, or version. The Real name is the name of a person, company, or product. GnuPG needs to construct a user ID to identify your key.Ĭhange (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? The next set of prompts constructs the identity. You are asked to confirm your selection before continuing.
#GPG MAIL UNINSTALL UPDATE#
If you do expire the key, you need a plan to update and rotate keys before the expiration. If you don't expire the key, it is never automatically revoked even if the private key is compromised. For signing keys, I think about the expected lifetime of the objects I am signing. Notice the default is "does not expire." I usually go with years for an email key. Then consider your security habits as well. Please specify how long the key should be valid.Ĭheck company policies for how long the key should be valid. The Fedora and Red Hat security keys we imported in the last article are both 4096 in length. Longer is not always better, but I would definitely go with 2048 or 4096. Unless you have a company policy that specifies otherwise, choose the default of RSA and RSA for your multi-use or email exchange key pair. The first question is what kind of key algorithm you want.
#GPG MAIL UNINSTALL FULL#
Let's describe the options on the full generate option: $ gpg -full-generate-key The quick and full generate options can also be used in a batch mode as documented in the man page.