Hello *,
I am stuck and have many questions.
[In the process of becoming a dev, I've generated a gpg key, of course. It
vwas on an old notebook. When I switched to a newer notebook, I forgot to
copy it, because I don't use gpg regularly. No risk that it became known -
the disk was re-partitioned and re-formatted. Probably, that key has
expired anyway.]
1. So, I start
gpg --gen-key
It creates ~/.gnupg/ and some files in it. Should I press ctrl-C, then
edit ~/.gnupg/gpg.conf, and then re-start gpg --gen-key? Or editing
gpg.conf can be done later?
2. Then I choose 1, 3y, y, then my name and the @gentoo.org email address.
After that,
gpg --list-keys
says
/home/<username>/.gnupg/pubring.gpg
-------------------------------
pub 4096R/0x<16_hex_digits_1> 2013-02-26 [expires: 2016-02-26]
uid [ultimate] <my_name> <my_gentoo_email_address>
sub 4096R/0x<16_hex_digits_2> 2013-02-26 [expires: 2016-02-26]
So, my key id is 0x<16_hex_digits_1>, right?
3. Now I do
gpg --edit-key 0x<16_hex_digits_1>
addkey
Then I choose
(4) RSA (sign only)
right? Then I choose 4096, 1y, y, y, save. Now
gpg --list-keys
gives
/home/<username>/.gnupg/pubring.gpg
-------------------------------
pub 4096R/0x<16_hex_digits_1> 2013-02-26 [expires: 2016-02-26]
uid [ultimate] <my_name> <my_gentoo_email_address>
sub 4096R/0x<16_hex_digits_2> 2013-02-26 [expires: 2016-02-26]
sub 4096R/0x<16_hex_digits_3> 2013-02-26 [expires: 2014-02-26]
4. I do
gpg --output revoke.asc --gen-revoke 0x<16_hex_digits_1>
and choose 1.
6. Encrypted backup of your secret keys.
I don't understand this.
7. In your gpg.conf:
# include an unambiguous indicator of which key made a signature:
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
sig-notation issuer-...@notations.openpgp.fifthhorseman.net=%g
I don't understand this.
5. I do
gpg --keyserver subkeys.pgp.net --send-key 0x<16_hex_digits_1>
6. On dev.gentoo.org, I am supposed to do
perl_ldap -b user -M gpgkey <gpg-id> <user>
perl_ldap -b user -M gpgfingerprint <gpg-fingerprint> <user>
Is <gpg-id> 0x<16_hex_digits_1>? Or 0x<16_hex_digits_3>? What is
<gpg-fingerprint> and how do I get it? Is <user> my username on
dev.gentoo.org?
What's even more important, perl_ldap asks my ldap password. I suppose I
haven't got one. My usual Gentoo password (used in bugzilla, forums) does
not work. How do I get an ldap password?
7. If I'll ever complete all the above, I'll add sign to FEATURES in
/etc/portage/make.conf, and
PORTAGE_GPG_DIR="/home/<username>/.gnupg"
and also
PORTAGE_GPG_KEY="0x<16_hex_digits_3>!"
Is this correct? Is it <16_hex_digits_3>, and not, say, <16_hex_digits_1>?
Should I add ! at the end, as suggested by mgorny?
During the time I'm reading all these instructions, I could bump 10
packages. Very complicated for a person who does not use gpg and knows
next to nothing about it.
Andrey Grozin
