You technically have, but you practically haven’t. So you might think that you’ve encrypted the document, in addition to signing it. When you gpg -sign a document, the output is in binary. ![]() It’s common to perform both operations on a given document. …AND to assure others that the document was not modified from the original ( integrity check). People sign their documents to assure others that the document was sent by the themselves - that the document-sender’s identify wasn’t spoofed ( authentication)… People encrypt their documents to ensure that only a specific recipient can read them ( encryption). IMPORTANT NOTE: Signing and encrypting a single document is a common task. Signing a file produces a new, signed file that’s binary encoded. You’ve created your keys! In the output, you’ll see rows for your primary keypair’s public key, user ID, and sub-keypair’s public key. To increase the randomness of your keys, manipulate these inputs during this section. Mouse position and keystrokes are part of those inputs, among other things. They rely on a plethora of inputs with wide value-ranges to generate numbers that seem random. Computers aren’t capable of generating truly random numbers. All of the above cryptosystems rely on random numbers to generate keys. Move your mouse and spam your keyboard.For added security, gpg will prompt you for a passphrase every time you perform some operation that requires access to your private keys. This information will be attached to your keys. ![]() Give your name, email address, and any comments you’d like to add. Otherwise, I see no reason to do this, so long as you guard your private keys properly. If you are some high-profile person who’s constantly at risk of having keys stolen, then perhaps you’d like to set an expiration date. The default setting is - no expiration date. You can set your key to expire in N days, weeks, months, or years. I usually opt for the max keysize: 4096 bits. Longer keysizes are more secure, but less performant. Shorter keysizes are less secure, but more performant. Unless you know what you’re doing, I would just stick with the RSA+RSA default. a DSA key for signing and an ElGamal key for encryption/decryption.) However, GPG uses RSA for both keys by default. These two keys can utilize different cryptosystems. ![]() By default, GPG uses 1 primary key for authentication/signing, and 1 subkey for encryption/decryption. The -full-generate-key option will guide you through each step with helpful dialogs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |