Then export the public key: gpg -export -armor >. gpg-revocation-certificate -gen-revoke Įxport public key and private key (i.e., the keypair/subkeys) to a safe location and make the key safe to useįirst export the private key: gpg -export-secret-keys -armor >. It must be kept safe because it can render my keys useless -) gpg -output. Generating a revocation certificate will allow me to later revoke this keypair if it is compromised. –> now you must see “Currently allowed actions: Authenticate”.Next, create an authentication sub-key for SSH authentication: gpg -expert -edit-key Next, create a signing sub-key for code signing: gpg -edit-key Gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAMELLIA256 CAMELLIA192 CAMELLIA128 TWOFISH CAST5 ZLIB BZIP2 ZIP Uncompressed When selecting the passphrase, use a tool like Keepass, don’t choose the passphrase yourself, you’re not smart enough -) Set strong hash preferences on the keypair Create the keypairįirst of all, create the key: gpg -gen-key With the configuration below I can just revoke a specific sub-key and create a new one, while keeping my identity. Secondly, it might just not be safe to do so.Īlso, without this setup, if the keys I use on a daily bases were to be compromised, I wouldn’t have any other choice but to re-create everything from scratch (i.e., new identity!). Firstly, different key types have different lifecycles. Because in general, mixing signing and encryption keys is not a good idea, management & security wise. You might ask “Why not a simple key that does it all?”. There’s nothing much to it.įirst of all, I didn’t reinvent the wheel, I’ve mostly applied what Alex Cabal has described here, so thanks to him! disabled key ids (short & long) since those are insecure.set preferences towards the usage of stronger secure hash algorithms by default.Click after seeing the certificate improt result.The most important with this configuration it that I’ve… Navigate through the files and select the public certificate that you wish to import and click. In Keopatra menu, click on File -> Import certificate. Open Kleopatra using the Windows start menu, go to Start -> All programs -> Gpg4win -> Kleopatra 2. Open the exported certificate with a text editor. Select a file folder to save the certificate, then save the certificate with the file type.asc (from the check box) 5. Select the public certificate to be exported by clicking on it.
It will take some time to generate the key pair, after that you will see the Key Pair Successfully Created page, click on. Enter your passphrase, which should be an easy to remember and hard to guess secret passphrase, then confirm your entry with clicking on. Review your name and address in the next page, if everything is correct then click on. Fill out your name and address then click on. The page will display the Certificate Creation Wizard, click on Create a personal openpgp key pair then click on. Generate your Public/Private key-pair: 1. In some cases you will be asked to restart Windows, click on. The next page displays the installation location, You can either go with the suggested folder or select a different folder for installing, then click on. The next page displays the selection of components, leave the default selection and click on. The next page displays the license agreement, Click on. Make sure to close all running programs then click on. The welcome dialog will appear afterwards. Confirm your language 'English' and click. The installation will soon start and you will be asked for the language to be used.
Run gpg4win exe to install GnuPG for windows. Go to the following website click on gpg4win exe. 1 GPG4win / Kleopatra Documentation Secure file and encryption by using GnuPG for WindowsĢ GPG4win Detailed How To: Installing Gpg4win: 1.
0 kommentar(er)
