Mario Mommer mommer@igpm.rwth-aachen.de writes:
I think we should point people to a place where they get information on exactly what they should do. As an example of someone quite ignorant of this, I propose myself :) I don't even know what I could ask google. What kind of keys are these, how do I get them, etc?
grab Gnu Privacy Guard from www.gnupg.org, download and build it.
Then you need to create a key. Since this isn't an intro to gpg i'll just tell you what to do and not what you could do or what all the aptions mean.
This command:
$ gpg --gen-key
will create a public/private key pair and add it to your keyring.
1) You'll want to create a DSA/Elgamal key which pair can be used for both signing and encrypting.
2) The key size should be at least 1024, I tend to use 2048 but that's just because I have an inferiority complex :).
3) Then you'll need to say when the key expires. I'd suggest to have it expire in the not too distant future, a year or two. Expired keys are still good for verifying signatures, and you'll use an expired key to sign your new key so changing keys isn't a big deal.
4) You'll need to specify the user id. The user id can not change (it is infact encoded in the key) and should represent who (and in what role) uses this key. As an example I have two keys, one is for me personally and has my name and my regular email address, another was created for the purpose of being a common-lisp.net developer, and has my name but uses the mbaringer@common-lisp.net email address.
5) now pick a pass phrase. This is the only real protection saving your private key once someone gets their hands on it. If someone gets your secret key and knows your pass phrase they can sign and encrypt as if they were you. chose something long (hard to brute force) with lower case letters, upper case letters, some numbers and punctuation chars.
6) now gpg will go around and collect entropy, when it's done you'll have in your key ring (located in ~/.gnupg) a freshly created, completly trusted, key.
7) export an ascii-armored copy of your public key with the command "gpg --armor --export <KEYID>" (you can get the KEYID from the listing of the keys in your key ring (either use the hexadecimal id or an email adresss if it's unique in your keyring)). Redirect the output of that command to a file and copy that file to your home directory on common-lisp.net.
8) Now go have look at the docs at gnupg.org from same good manuals, howtos, tutorials, etc.
hope this helps.