From MEPIS Documentation Wiki

Revision as of 18:23, 7 September 2011 by Jerry bond (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

GPG or GNU Privacy Guard "allows you to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories." It is available from the repos in the usual manner.

KDE comes with Kgpg, a program that helps configuring and managing GPG through a GUI.

Creating a key Using KGpg

The KDE front end for GPG makes it quite simple for creating a GPG key

  • First open KGpg in expert mode- this will drop you out of the GUI and into the Command line. Just answer the questions and a new key will be generated. accept the creation of the the GPG config file if it already doesn't exist and continue.
  • The wizard should appear, otherwise go to Keys >> Generate Key Pair
  • Walk through the steps of creating a new key - make sure key size is set to 1024, and the algorithm is DSA and ElGamal. The expiration is up to you - but it is much simpler to set it to never (if you feel as if your key might become compromised in the future, set a expiration date)
  • If you are a Community repo packager, make sure that your name and email are the same as those used in the debian/control file - as debsign determines what key to use solely from fields in that file. If you do not include a comment in the debian/control file, you must also leave the comment field in KGpg blank. Also use a secure passphrase to lock your key.
  • Press OK, and your done!

Using your Key to sign DEB packages/source files

  • If the key matches your debian maintainer name and email, the .dsc and .changes file will be signed automatically by debuild/dpkg-buildpackage, asking you for your passphrase. Export your public key, and send this to your maintainer and the repo maintainer, so that they can ensure all future packages are really from you.
  • To import someone's public key, in the terminal run 'gpg --import <path to key.asc>'. Once imported, repo software like reprepro will check signed packages against public keys automatically, whilst adding them.


Personal tools