On Sun, 11 Jan 2015 12:06:18 -0500 Rich Freeman <ri...@gentoo.org> wrote:
> On Sun, Jan 11, 2015 at 11:43 AM, Brian Dolbec <dol...@gentoo.org> > wrote: > > Of the remaining devs, only 16 keys total pass the GLEP 63 > > requirements. More info can be found in the First-Use wiki page > > [4] > > If you just create a gpg key with 5yr expiry and otherwise-default > options, typing a larger number into the keysize prompt, do you get a > compliant key? The guides talk about editing your gpg.conf, and it > looks like the tool does it for you, but is any of that necessary to > generate a compliant key? I'd prefer raw gpg commands and not a > script that automates everything. > > Would this work: > gpg --gen-key > option 2 - DSA and Elgamal > size 3072 (the max) > expires 5y > Enter your name, email, and passphrase. > > I've been putting off generating a new key until this all settles > down, and would prefer to mess with it as infrequently as possible. > Most likely I'll just switch to Gentoo-dedicated key for the tree. > Wait for Kristian to reply about the algorythm choice. But for the rest, yes, you don't need gkeys to create your key, It is just most people seem to know little about using gpg, so creating the template where you just filled out name, email, password, makes it easy. From the above, it looks like you also need to create a signing subkey with a preferred 1 yr. expiry. But it can be 5 years max. too. You may also want to add an encryption subkey for encrypted email and such. I added a little more info to the First-Use wiki page, I included a link to a great webpage about setting up gpg keys. https://alexcabal.com/creating-the-perfect-gpg-keypair/ there are lots more, but I like that one, it is clear, concise,... -- Brian Dolbec <dolsen>
