NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
misc/46468: Example in htdocs/developers/pgp.xml is not appropriate for recent GnuPG
>Number: 46468
>Category: misc
>Synopsis: Example in htdocs/developers/pgp.xml is not appropriate for
>recent GnuPG
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: doc-bug
>Submitter-Id: net
>Arrival-Date: Sun May 20 08:20:00 +0000 2012
>Originator: Ryo ONODERA
>Release: NetBSD 6.99.7
>Organization:
>Environment:
System: NetBSD hydrogen.elements.tetera.org 6.99.7 NetBSD 6.99.7 (LEAFGIRLC)
#3: Sat May 19 14:13:12 JST 2012
root%hydrogen.elements.tetera.org@localhost:/usr/obj/sys/arch/i386/compile/LEAFGIRLC
i386
Architecture: i386
Machine: i386
>Description:
htdocs/developers/pgp.xml has the description that RSA/RSA key is not default,
and creating RSA/RSA key is difficult.
But at least with GnuPG 1.4.12 from pkgsrc has RSA/RSA option
and it is default.
>How-To-Repeat:
See http://www.netbsd.org/developers/pgp.html and try gpg --gen-key
>Fix:
You can download patched pgp.xml
from http://ryo-on.users.sourceforge.net/netbsd/en/pgp.xml .
Index: pgp.xml
===================================================================
RCS file: /cvsroot/htdocs/developers/pgp.xml,v
retrieving revision 1.14
diff -u -r1.14 pgp.xml
--- pgp.xml 21 Nov 2010 16:45:26 -0000 1.14
+++ pgp.xml 20 May 2012 08:11:03 -0000
@@ -151,27 +151,25 @@
choose long key lengths. The key size limitation of a maximum of 1024 bits
in the current DSA standard may limit the security of DSA. For maximum
security it is therefore advisable to use 2048-bit RSA keys for both,
- encrypting and signing. Unfortunately, gnupg does not make it simple to
- create this type of key (gnupg defaults to creating 1024-bit DSA/ElGamal
+ encrypting and signing.
keys).
</para>
- <para>
- In brief, you must first generate a "sign-only" RSA key by selecting that
- option from the --gen-key menu; then you must use --edit-key on that key,
- and use the "addkey" command to add an RSA encryption subkey (gnupg
dialogue
- trimmed for brevity):
- </para>
<note><title/>
<programlisting>
% gpg --gen-key
+gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
Please select what kind of key you want:
- (1) DSA and ElGamal (default)
- (2) DSA (sign only)
- (4) ElGamal (sign and encrypt)
- (5) RSA (sign only)
-Your selection? 5
-What keysize do you want? (1024) 2048
-Requested keysize is 2048 bits
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 2048
+Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
@@ -180,67 +178,34 @@
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
-Is this correct (y/n)? y
-You need a User-ID to identify your key; the software constructs the user id
-from Real Name, Comment and Email Address in this form:
+Is this correct? (y/N) y
+
+You need a user ID to identify your key; the software constructs the user ID
+from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh%duesseldorf.de@localhost>"
-Real name: Joe Doe
+Real name: Joe Doe
Email address: joe%doe.org@localhost
-Comment: (NetBSD)
-You selected this USER-ID: "Joe Doe (NetBSD) joe%doe.org@localhost"
+Comment: NetBSD
+You selected this USER-ID:
+ "Joe Doe (NetBSD) <joe%doe.org@localhost>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
+You need a Passphrase to protect your secret key.
Enter passphrase:
Repeat passphrase:
-public and secret key created and signed.
-key marked as ultimately trusted.
-pub 2048R/8385E7E3 2004-02-09 Joe Doe (NetBSD) <joe%doe.org@localhost>
-Key fingerprint = 9DDA CB87 9FF2 9950 1F5A 7F79 F38C E6DE 8385 E7E3
-
-Note that this key cannot be used for encryption. You may want to use
-the command "--edit-key" to generate a secondary key for this purpose.
-% gpg --edit-key 8385E7E3
-Secret key is available.
+gpg: /home/joe/.gnupg/trustdb.gpg: trustdb created
+gpg: key 7CEBFEBC marked as ultimately trusted
+public and secret key created and signed.
gpg: checking the trustdb
-gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1
-pub 2048R/8385E7E3 created: 2004-02-09 expires: never trust: u/u
-(1). Joe Doe (NetBSD) <joe%doe.org@localhost>
-
-Command> addkey
-Key is protected.
-You need a passphrase to unlock the secret key for
-user: "Joe Doe (NetBSD) joe%doe.org@localhost"
-2048-bit RSA key, ID 8385E7E3, created 2004-02-09
-
-Enter passphrase:
-Please select what kind of key you want:
- (2) DSA (sign only)
- (3) ElGamal (encrypt only)
- (4) ElGamal (sign and encrypt)
- (5) RSA (sign only)
- (6) RSA (encrypt only)
-Your selection? 6
-What keysize do you want? (1024) 2048
-Requested keysize is 2048 bits
-Please specify how long the key should be valid.
-
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
-Key is valid for? (0) 0
-Key does not expire at all
-Is this correct (y/n)? y
-Really create? y
-
-pub 2048R/8385E7E3 created: 2004-02-09 expires: never trust: u/u
-sub 2048R/7BD27991 created: 2004-02-09 expires: never
-(1). "Joe Doe (NetBSD) joe%doe.org@localhost"
-
-Command> save
-%
+gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+pub 2048R/7CEBFEBC 2012-05-20
+ Key fingerprint = 67A7 FC80 8140 5F9B CE96 E19D E5B7 BF68 7CEB FEBC
+uid Joe Doe (NetBSD) <joe%doe.org@localhost>
+sub 2048R/6F64A1B1 2012-05-20
</programlisting>
</note>
<para>
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index