Before I built my Yum Repository, I had to create a GnuPG Key so that I could sign RPMs that were created to ensure their authenticity. Basically, GnuPG is a tool for secure communication:
GnuPG uses
public-key cryptography so that users may communicate securely.
In a public-key system, each user has a pair of keys consisting of
a private key and a public key.
A user's private key is kept secret; it need never be revealed.
The public key may be given to anyone with whom the user wants to
communicate.
GnuPG uses a somewhat more sophisticated scheme in which a user has
a primary keypair and then zero or more additional subordinate
keypairs.
The primary and subordinate keypairs are bundled to facilitate key
management and the bundle can often be considered simply as one keypair.
To create a GnuPG key pair, first create a hidden directory called .gnupg in your home directory:
~>
cd ~/
~> mkdir .gnupg
Next, generate the key pair:~> mkdir .gnupg
~>
gpg --gen-key
This will lead to a selection screen with
the following options: Please
select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
Select the first option, since the others
cannot be used for encryption.(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
DSA
keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Select 2048 and hit enter (the default
choice).ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested
keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Since I am planning on keeping my
repository around for
the foreseeable future, I do not want my key to expire. But be
careful. If you choose a key that does not expire, and you
want to
change it later, you will first have to revoke the key and it may be
difficult to communicate a change
to users who have your public key.
In my case, I hit '0' and Enter.Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key
does not expire at all
Is this correct? (y/N)
To verify, press 'y' and Enter. Then Enter
your name, e-mail address, and a comment:Is this correct? (y/N)
You
need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Dr. Gregory R. Kriehn
Email address: gkriehn@csufresno.edu
Comment: Professor Kriehn
Press 'O' to continue:from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Dr. Gregory R. Kriehn
Email address: gkriehn@csufresno.edu
Comment: Professor Kriehn
You
selected this USER-ID:
"Dr. Gregory R. Kriehn (Professor Kriehn) <gkriehn@csufresno.edu>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
Then you will have to choose a passphrase
to protect
your key. Be sure to use a strong password. From the perspective of
security, the passphrase to unlock the private
key is one of the weakest points in GnuPG (and other public-key
encryption systems as well) since it is the only protection you have if
another individual gets your private key.
Ideally, the passphrase should not use words from a dictionary and
should mix the case of alphabetic characters as well as use
non-alphabetic characters.
A good passphrase is crucial to the secure use of GnuPG."Dr. Gregory R. Kriehn (Professor Kriehn) <gkriehn@csufresno.edu>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
NOTE: Forgetting your passphrase will result in your key being useless. Remember this passphrase carefully, there is no way to recover it when it's lost. After you type your passphrase twice, the key will be generated.
Enter
passphrse:
Repeat passphrase:
Please follow the instructions on the
screen till you reach a screen similar to the one below.Repeat passphrase:
gpg:
key F8F5F58A marked as ultimately trusted
public and secret key created and signed.
pub 1024D/F8F5F58A 2007-12-05
Key fingerprint = B4FD 3733 1E43 1007 44BA D909 AEDB DBFC F8F5 F58A
uid Dr. Gregory R. Kriehn (Professor Kriehn) <gkriehn@csufresno.edu>
sub 2048g/333255A3 2007-12-05
In my case, the key-id is F8F5F58A (yours
will be different).public and secret key created and signed.
pub 1024D/F8F5F58A 2007-12-05
Key fingerprint = B4FD 3733 1E43 1007 44BA D909 AEDB DBFC F8F5 F58A
uid Dr. Gregory R. Kriehn (Professor Kriehn) <gkriehn@csufresno.edu>
sub 2048g/333255A3 2007-12-05
It's probably a good idea to set this key as default in your .bashrc file, so that applications using GPG can automatically use your key. Do this by entering the line below in your ~/.bashrc file. Please note that will be sourced only during your next session, unless you source it manually.
export
GPGKEY=F8F5F58A
Then source your ~/.bashrc file:
~>
source ~/.bashrc
Finally, export your public key and save
it as a text file. In my case, I executed the following:~>
gpg --export --armor --comment "Professor Kriehn's GnuPG Key" --comment
"http://optics.csufresno.edu/" > RPM-GPG-KEY-kriehn
Your GnuPG key is now ready for use.References
http://fedoranews.org/tchung/gpg/
https://help.ubuntu.com/community/GnuPrivacyGuardHowto