NetBSD Wiki/
developer key signing
Developer Key Signing
Developers need to generate, maintain, and sign keys to keep a web of trust. The following are shortcut commands to accomplish this.
Many of the commands will have various prompts that should be obvious (selecting keys out of a list, entering passphrases, etc). That verbage has been eliminated from the examples.
- Key Generation
- Extend Expiration
- Key Uploading
- Key Download
- Key Signing
- Signature Upload
Key Generation
TBD
Extending Expiration
Your key will eventually expire. You can extend the key expiration time:
netpgp:
unsupported at this time.
gpg:
# gpg --edit-key C631C69E Command> expire Key is valid for? (0) 5y
You will need to re-upload to the key-server.
Key Uploading
gpg:
# gpg --keyserver pgp.mit.edu --send-keys C631C69E
Key Download
If you have the fingerprint, it's pretty easy to download the key. This will import into your keychain.
netpgp: (Only if already downloaded from keyserver.)
# netpgpkeys --import-key file
gpg:
# gpg --keyserver pgp.mit.edu --search-keys C631C69E
Key Signing
gpg:
# gpg --default-key cyber@netbsd.org --sign-key C631C69E
Signature Upload
gpg:
# gpg --keyserver pgp.mit.edu --send-keys E361D0FA
Add a comment