Developer Key Signing

Developers need to generate, maintain, and sign keys to keep a web of trust. The following are shortcut commands to accomplish this.

Many of the commands will have various prompts that should be obvious (selecting keys out of a list, entering passphrases, etc). That verbage has been eliminated from the examples.

Key Generation
Extend Expiration
Key Uploading
Key Download
Key Signing
Signature Upload

Key Generation

TBD

Extending Expiration

Your key will eventually expire. You can extend the key expiration time:

netpgp:

unsupported at this time.

gpg:

# gpg --edit-key C631C69E
Command> expire
Key is valid for? (0) 5y

You will need to re-upload to the key-server.

Key Uploading

gpg:

# gpg --keyserver pgp.mit.edu --send-keys C631C69E

Key Download

If you have the fingerprint, it's pretty easy to download the key. This will import into your keychain.

netpgp: (Only if already downloaded from keyserver.)

# netpgpkeys --import-key  file

gpg:

# gpg --keyserver pgp.mit.edu --search-keys C631C69E

Key Signing

gpg:

# gpg --default-key cyber@netbsd.org --sign-key C631C69E

Signature Upload

gpg:

# gpg --keyserver pgp.mit.edu --send-keys E361D0FA

Add a comment

Links: tutorials

Last edited late Monday evening, January 10th, 2011

Preferences | Logout