![]() Pretty much all the files in there should be owned by you as well, with possible exception of secret keys generated by root, but the most important ones are the directory with secret keys, pubring.kbx, tofu.db and trustdb.gpg. ![]() gnupg directory should be owned by you, the user account. Anyone who has access to revocation file can revoke your public key, so keep the files safe (or delete them, they can be generated again as long as you have the secret key). openpgp-revocs.d – here are revocation certificates for the primary keys you created.You can tell which is which by creation time – the primary key is older. The file name does not match the fingerprint, instead it matches a keygrip that gpg-agent uses to manage them. One file for the primary key and one for the subkey. private-keys-v1.d – in this directory the secret keys are stored in encrypted files.pubring.kbx – this stores all created and imported public keys.You can find your keys and other GPG related files at your home directory: In the public list there will also be the public keys of other people that you imported. You will find there the primary public key which matches your secret key fingerprint and it also has its own public subkey. There is a whole system using a trust database trying to solve the problem of “Does this key really belong to the person it says or is someone trying to impersonate them?” but for the purpose of sharing data between few friends it can be safely ignored in my opinion. Since you created this key, you trust it ultimately. There is also a creation date and an expiration date, if any. You can display it by calling -list-keys with -with-subkey-fingerprint parameter. The subkey has its own, it is just not shown by default. The 40 character long string is the fingerprint of your primary secret key. There is not much of a reason to revoke the signing key but you might want to revoke the decrypting subkey to protect the encrypted data and create a new subkey. There are some advantages to having them separate, mainly when it comes to revoking a key so others stop using it. So your primary key is used for signing and the subkey is used for decrypting. The two keys have different uses, marked with the letters in square brackets at the end:Ĭ – certify (sign another key to make it trusted) Uid – marks user ID associated with primary key, there can be more than one. Sub – public subkey, there can be more than one Pub – public (primary) key, there can be more than one The first three letter word is the type of key, these are: You can view your secret and public keys separately using the commands: You should help it by moving mouse around, typing in another window etc. Don’t forget it of course or you won’t be able to use your secret key anymore. The password is not part of the keys, it is used to encrypt the secret key for safe storage on your computer. If the resulting user ID is correct, continue with o.Type in a name associated with the keys.For encrypting you may want to have expiration date. For signing it is fine to never expire. ![]() Pick the largest one, you should not notice a difference in performance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |