For anybody who wants to have their key signed, please bring:
- Government-issued photographic ID
- Printouts of your GPG fingerprint (obtained with 'gpg --fingerprint')
If you have never used GPG before for signing or encryption, but wish to start, it's easy to create your own key:
First, create ~/.gnupg/gpg.conf with minimum acceptable defaults:
fixed-list-mode keyid-format 0xlong personal-digest-preferences SHA512 SHA384 SHA256 SHA224 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed use-agent sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g verify-options show-uid-validity list-options show-uid-validity cert-digest-algo SHA512
Then, create a new key:
% gpg --gen-key
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 3y
Key expires at Sun 18 Mar 14:39:33 2018 GMT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: (your full name)
Email address: (your email address)
Comment:
You selected this USER-ID:
"(your full name) <your email address>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Enter passphrase: <enter something long here, 16-24 chars minimum>
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.........+++++
.....+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.....+++++
........+++++
public and secret key created and signed.
pub 4096R/0xE47BF8A297CD415A 2015-03-19 [expires: 2018-03-18]
Key fingerprint = A41D 2706 4A95 2EE4 ED83 9120 E47B F8A2 97CD 415A
uid [ unknown] (your full name) <your email address>
sub 4096R/0xE47BF8A297CD415A 2015-03-19 [expires: 2018-03-18]From there, you can add extra email addresses to the key (with gpg --edit-key and the "adduid" option"), and then generate/print the fingerprint off as above ready to have your key signed. It is also recommended that you upload your key to a keyserver (gpg --send-keys), to make it easier for others to sign your key.