built my Yum Repository, I had to create a
GnuPG Key so that I could sign RPMs that were created to ensure
their authenticity. Basically, GnuPG is a tool for secure
public-key cryptography so that users may communicate securely.
In a public-key system, each user has a pair of keys consisting of
a private key and a public key.
A user's private key is kept secret; it need never be revealed.
The public key may be given to anyone with whom the user wants to
GnuPG uses a somewhat more sophisticated scheme in which a user has
a primary keypair and then zero or more additional subordinate
The primary and subordinate keypairs are bundled to facilitate key
management and the bundle can often be considered simply as one keypair.
To create a GnuPG key pair, first create a hidden directory called
.gnupg in your home directory:
Next, generate the key pair:
~> mkdir .gnupg
This will lead to a selection screen with
the following options:
select what kind of key you want:
Select the first option, since the others
cannot be used for encryption.
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
keypair will have 1024 bits.
Select 2048 and hit enter (the default
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
keysize is 2048 bits
Since I am planning on keeping my
repository around for
the foreseeable future, I do not want my key to expire. But be
careful. If you choose a key that does not expire, and you
change it later, you will first have to revoke the key and it may be
difficult to communicate a change
to users who have your public key.
In my case, I hit '0' and Enter.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
key expires in n weeks
key expires in n months
key expires in n years
Key is valid for? (0)
does not expire at all
To verify, press 'y' and Enter. Then Enter
your name, e-mail address, and a comment:
Is this correct? (y/N)
need a user ID to identify your key; the software constructs the user ID
Press 'O' to continue:
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter)
Real name: Dr. Gregory R. Kriehn
Email address: firstname.lastname@example.org
Comment: Professor Kriehn
selected this USER-ID:
Then you will have to choose a passphrase
your key. Be sure to use a strong password. From the perspective of
security, the passphrase to unlock the private
key is one of the weakest points in GnuPG (and other public-key
encryption systems as well) since it is the only protection you have if
another individual gets your private key.
Ideally, the passphrase should not use words from a dictionary and
should mix the case of alphabetic characters as well as use
A good passphrase is crucial to the secure use of GnuPG.
"Dr. Gregory R. Kriehn (Professor
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
NOTE: Forgetting your
passphrase will result
in your key being useless. Remember this passphrase carefully, there is
no way to recover it when it's lost. After you type your passphrase
twice, the key will be generated.
Please follow the instructions on the
screen till you reach a screen similar to the one below.
key F8F5F58A marked as ultimately trusted
In my case, the key-id is F8F5F58A (yours
will be different).
public and secret key created and signed.
pub 1024D/F8F5F58A 2007-12-05
Key fingerprint =
B4FD 3733 1E43 1007 44BA D909 AEDB DBFC F8F5 F58A
Dr. Gregory R. Kriehn (Professor Kriehn)
sub 2048g/333255A3 2007-12-05
It's probably a good idea to set
this key as default in your
.bashrc file, so that
applications using GPG can automatically use your key.
Do this by entering the line below in your ~/.bashrc file. Please note
will be sourced only during your next session, unless you source it
Then source your ~/.bashrc file:
Finally, export your public key and save
it as a text file. In my case, I executed the following:
gpg --export --armor --comment "Professor Kriehn's GnuPG Key" --comment
"http://optics.csufresno.edu/" > RPM-GPG-KEY-kriehn
Your GnuPG key is now ready for use.