Developer Key Signing

Developers need to generate, maintain, and sign keys to keep a web of trust. The following are shortcut commands to accomplish this.

Many of the commands will have various prompts that should be obvious (selecting keys out of a list, entering passphrases, etc). That verbage has been eliminated from the examples.

Key Generation

TBD

Extending Expiration

Your key will eventually expire. You can extend the key expiration time:

netpgp:

unsupported at this time.

gpg:

# gpg --edit-key C631C69E
Command> expire
Key is valid for? (0) 5y

You will need to re-upload to the key-server.

Key Uploading

gpg:

# gpg --keyserver pgp.mit.edu --send-keys C631C69E

Key Download

If you have the fingerprint, it's pretty easy to download the key. This will import into your keychain.

netpgp: (Only if already downloaded from keyserver.)

# netpgpkeys --import-key  file

gpg:

# gpg --keyserver pgp.mit.edu --search-keys C631C69E

Key Signing

gpg:

# gpg --default-key cyber@netbsd.org --sign-key C631C69E

Signature Upload

gpg:

# gpg --keyserver pgp.mit.edu --send-keys E361D0FA
Add a comment