mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 02:40:08 +00:00
488 lines
16 KiB
ReStructuredText
488 lines
16 KiB
ReStructuredText
====================
|
|
Generating key pairs
|
|
====================
|
|
|
|
In this section, we describe how to generate 2048-bit RSA keys.
|
|
|
|
You would like to use newer ECC keys instead of RSA keys. It is also described.
|
|
|
|
|
|
Key length of RSA
|
|
=================
|
|
|
|
In 2005, NIST (National Institute of Standards and Technology, USA)
|
|
issued the first revision of NIST Special Publication 800-57,
|
|
"Recommendation for Key Management".
|
|
|
|
In 800-57, NIST advises that 1024-bit RSA keys will no longer be
|
|
viable after 2010 and advises moving to 2048-bit RSA keys. NIST
|
|
advises that 2048-bit keys should be viable until 2030.
|
|
|
|
As of 2016, GnuPG's default for generating RSA key is 2048-bit.
|
|
|
|
Some people have preference on RSA 4096-bit keys, considering "longer is better".
|
|
|
|
However, "longer is better" is not always true. When it's long, it
|
|
requires more computational resource, memory, and storage. Further,
|
|
it consumes more power for nomal usages. These days, many people has
|
|
enough computational resource, that would be true, but less is better
|
|
for power consumption, isn't it?
|
|
|
|
For security, the key length is just a single factor. We had and will have
|
|
algorithm issues, too. It is true that it's difficult to update
|
|
our public keys, but this problem wouldn't be solved by just having
|
|
longer keys.
|
|
|
|
We deliberately recommend use of RSA 2048-bit keys for Gnuk,
|
|
considering device computation power and host software constraints.
|
|
|
|
Thus, the key size is 2048-bit in the examples below.
|
|
|
|
When/If your environment allows use of newer ECC keys, newer ECC keys are recommended.
|
|
|
|
|
|
Generating RSA keys on host PC
|
|
==============================
|
|
|
|
Here is the example session to generate main key and a subkey for encryption.
|
|
|
|
I invoke GnuPG with ``--quick-gen-key`` option. ::
|
|
|
|
$ gpg --quick-gen-key "Niibe Yutaka <gniibe@fsij.org>"
|
|
About to create a key for:
|
|
"Niibe Yutaka <gniibe@fsij.org>"
|
|
|
|
Continue? (Y/n) y
|
|
|
|
It askes passphrase for this **key on host PC**.
|
|
Note that this is a passphrase for the key on host PC.
|
|
It is different thing to the passphrase of Gnuk Token.
|
|
We enter two same inputs two times
|
|
(once for passphrase input, and another for confirmation),
|
|
<PASSWORD-KEY-ON-PC>.
|
|
|
|
Then, GnuPG generate keys. It takes some time. ::
|
|
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
disks) during the prime generation; this gives the random number
|
|
generator a better chance to gain enough entropy.
|
|
gpg: key 76A9392B02CD15D1 marked as ultimately trusted
|
|
gpg: revocation certificate stored as '/home/gniibe.gnupg/openpgp-revocs.d/36CE0B8408CFE5CD07F94ACF76A9392B02CD15D1.rev'
|
|
public and secret key created and signed.
|
|
|
|
gpg: checking the trustdb
|
|
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
|
|
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
|
|
pub rsa2048 2016-06-20 [S]
|
|
36CE0B8408CFE5CD07F94ACF76A9392B02CD15D1
|
|
uid [ultimate] Niibe Yutaka <gniibe@fsij.org>
|
|
sub rsa2048 2016-06-20 []
|
|
|
|
Done.
|
|
|
|
Then, we create authentication subkey.
|
|
Authentication subkey is not that common,
|
|
but very useful (for SSH authentication).
|
|
As it is not that common, we need ``--expert`` option for GnuPG. ::
|
|
|
|
gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc.
|
|
This is free software: you are free to change and redistribute it.
|
|
There is NO WARRANTY, to the extent permitted by law.
|
|
|
|
Secret key is available.
|
|
|
|
sec rsa2048/76A9392B02CD15D1
|
|
created: 2016-06-20 expires: never usage: SC
|
|
trust: ultimate validity: ultimate
|
|
ssb rsa2048/4BD1EB26F0E607E6
|
|
created: 2016-06-20 expires: never usage: E
|
|
[ultimate] (1). Niibe Yutaka <gniibe@fsij.org>
|
|
|
|
gpg>
|
|
|
|
Here, it displays that there are main key and a subkey.
|
|
It prompts sub-command with ``gpg>`` .
|
|
|
|
Here, we enter ``addkey`` sub-command.
|
|
|
|
gpg> addkey
|
|
|
|
GnuPG asks kind of key. We select ``RSA (set your own capabilities)``. ::
|
|
|
|
Please select what kind of key you want:
|
|
(3) DSA (sign only)
|
|
(4) RSA (sign only)
|
|
(5) Elgamal (encrypt only)
|
|
(6) RSA (encrypt only)
|
|
(7) DSA (set your own capabilities)
|
|
(8) RSA (set your own capabilities)
|
|
(10) ECC (sign only)
|
|
(11) ECC (set your own capabilities)
|
|
(12) ECC (encrypt only)
|
|
(13) Existing key
|
|
Your selection? 8
|
|
|
|
And select ``Authenticate`` for the capabilities for this key.
|
|
Initially, it's ``Sign`` and ``Encrypt``.
|
|
I need to deselect ``Sign`` and ``Encrypt``, and select ``Authenticate``.
|
|
To do that, I enter ``s``, ``e``, and ``a``. ::
|
|
|
|
Possible actions for a RSA key: Sign Encrypt Authenticate
|
|
Current allowed actions: Sign Encrypt
|
|
|
|
(S) Toggle the sign capability
|
|
(E) Toggle the encrypt capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
Your selection? s
|
|
|
|
Possible actions for a RSA key: Sign Encrypt Authenticate
|
|
Current allowed actions: Encrypt
|
|
|
|
(S) Toggle the sign capability
|
|
(E) Toggle the encrypt capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
Your selection? e
|
|
|
|
Possible actions for a RSA key: Sign Encrypt Authenticate
|
|
Current allowed actions:
|
|
|
|
(S) Toggle the sign capability
|
|
(E) Toggle the encrypt capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
Your selection? a
|
|
|
|
Possible actions for a RSA key: Sign Encrypt Authenticate
|
|
Current allowed actions: Authenticate
|
|
|
|
(S) Toggle the sign capability
|
|
(E) Toggle the encrypt capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
OK, we set the capability of ``Authenticate``.
|
|
We enter ``q`` to finish setting capabilities. ::
|
|
|
|
Your selection? q
|
|
|
|
GnuPG asks bitsize and expiration, we enter 2048 for bitsize and no expiration.
|
|
Then, we confirm that we really create the key. ::
|
|
|
|
RSA keys may be between 1024 and 4096 bits long.
|
|
What keysize do you want? (2048)
|
|
Requested keysize is 2048 bits
|
|
Please specify how long the key should be valid.
|
|
0 = key does not expire
|
|
<n> = key expires in n days
|
|
<n>w = key expires in n weeks
|
|
<n>m = key expires in n months
|
|
<n>y = key expires in n years
|
|
Key is valid for? (0) 0
|
|
Key does not expire at all
|
|
Is this correct? (y/N) y
|
|
Really create? (y/N) y
|
|
|
|
Then, it askes the passphrase, it is the passphrase of **key on host PC**.
|
|
It's the one we entered above as <PASSWORD-KEY-ON-PC>.
|
|
|
|
Then, GnuPG generate the key. ::
|
|
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
disks) during the prime generation; this gives the random number
|
|
generator a better chance to gain enough entropy.
|
|
|
|
sec rsa2048/76A9392B02CD15D1
|
|
created: 2016-06-20 expires: never usage: SC
|
|
trust: ultimate validity: ultimate
|
|
ssb rsa2048/4BD1EB26F0E607E6
|
|
created: 2016-06-20 expires: never usage: E
|
|
ssb rsa2048/F3BA52C64012198D
|
|
created: 2016-06-20 expires: never usage: A
|
|
[ultimate] (1). Niibe Yutaka <gniibe@fsij.org>
|
|
|
|
gpg>
|
|
|
|
We save the key (to the storage of the host PC). ::
|
|
|
|
gpg> save
|
|
$
|
|
|
|
Now, we have three keys (one primary key for signature and certification,
|
|
subkey for encryption, and another subkey for authentication).
|
|
|
|
|
|
Publishing public key
|
|
=====================
|
|
|
|
We make a file for the public key by ``--export`` option of GnuPG. ::
|
|
|
|
$ gpg --armor --output <YOUR-KEY>.asc --export <YOUR-KEY-ID>
|
|
|
|
We can publish the file by web server. Or we can publish the key
|
|
to a keyserver, by invoking GnuPG with ``--send-keys`` option. ::
|
|
|
|
$ gpg --keyserver pool.sks-keyservers.net --send-keys <YOUR-KEY-ID>
|
|
|
|
Here, pool.sks-keyservers.net is a keyserver, which is widely used.
|
|
|
|
|
|
Backup the private key
|
|
======================
|
|
|
|
There are some ways to back up private key, such that backup .gnupg
|
|
directory entirely, or use of paperkey, etc.
|
|
Here, we describe backup by ASCII file.
|
|
ASCII file is good, because it has less risk on transfer.
|
|
Binary file has a risk to be modified on transfer.
|
|
|
|
Note that the key on host PC is protected by passphrase (which
|
|
is <PASSWORD-KEY-ON-PC> in the example above). Using the key
|
|
from the backup needs this passphrase. It is common that
|
|
people will forget passphrase for backup. Never forget it.
|
|
You have been warned.
|
|
|
|
To make ASCII backup for private key,
|
|
invokde GnuPG with ``--armor`` option and ``--export-secret-keys``
|
|
specifying the key identifier. ::
|
|
|
|
$ gpg --armor --output <YOUR-SECRET>.asc --export-secret-keys <YOUR-KEY-ID>
|
|
|
|
From the backup,
|
|
we can recover privet key by invoking GnuPG with ``--import`` option. ::
|
|
|
|
$ gpg --import <YOUR-SECRET>.asc
|
|
|
|
|
|
Generating ECC keys on host PC
|
|
==============================
|
|
|
|
Here is an example session log to create newer ECC keys. You need
|
|
libgcrypt 1.7 or newer and GnuPG 2.1.8 or newer.
|
|
|
|
Next, we invoke gpg frontend with ``--expert`` and ``--full-gen-key`` option. ::
|
|
|
|
$ gpg --expert --full-gen-key
|
|
gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc.
|
|
This is free software: you are free to change and redistribute it.
|
|
There is NO WARRANTY, to the extent permitted by law.
|
|
|
|
Then, we input ``9`` to select ECC primary key and ECC encryption subkey. ::
|
|
|
|
Please select what kind of key you want:
|
|
(1) RSA and RSA (default)
|
|
(2) DSA and Elgamal
|
|
(3) DSA (sign only)
|
|
(4) RSA (sign only)
|
|
(7) DSA (set your own capabilities)
|
|
(8) RSA (set your own capabilities)
|
|
(9) ECC and ECC
|
|
(10) ECC (sign only)
|
|
(11) ECC (set your own capabilities)
|
|
Your selection? 9
|
|
|
|
Next is the important selection. We input ``1`` to select "Curve25519". ::
|
|
|
|
Please select which elliptic curve you want:
|
|
(1) Curve 25519
|
|
(2) NIST P-256
|
|
(3) NIST P-384
|
|
(4) NIST P-521
|
|
(5) Brainpool P-256
|
|
(6) Brainpool P-384
|
|
(7) Brainpool P-512
|
|
(8) secp256k1
|
|
Your selection? 1
|
|
|
|
You may see WARNING (it depends on version of GnuPG) and may been asked. Since it is what you want, please answer with 'y'. ::
|
|
|
|
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
|
|
Use this curve anyway? (y/N) y
|
|
|
|
It asks about expiration of key. ::
|
|
|
|
Please specify how long the key should be valid.
|
|
0 = key does not expire
|
|
<n> = key expires in n days
|
|
<n>w = key expires in n weeks
|
|
<n>m = key expires in n months
|
|
<n>y = key expires in n years
|
|
Key is valid for? (0)
|
|
Key does not expire at all
|
|
Is this correct? (y/N) y
|
|
|
|
Then, it asks about a user ID. ::
|
|
|
|
GnuPG needs to construct a user ID to identify your key.
|
|
|
|
Real name: Kunisada Chuji
|
|
Email address: chuji@gniibe.org
|
|
Comment:
|
|
You selected this USER-ID:
|
|
"Kunisada Chuji <chuji@gniibe.org>"
|
|
|
|
Lastly, it asks confirmation. ::
|
|
|
|
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
|
|
|
|
Then, it goes like this. ::
|
|
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
disks) during the prime generation; this gives the random number
|
|
generator a better chance to gain enough entropy.
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
disks) during the prime generation; this gives the random number
|
|
generator a better chance to gain enough entropy.
|
|
|
|
It asks the passphrase for keys by pop-up window, and then, finishes. ::
|
|
|
|
gpg: key 17174C1A7C406DB5 marked as ultimately trusted
|
|
gpg: revocation certificate stored as '/home/gniibe.gnupg/openpgp-revocs.d/1719874a4fe5a1d8c465277d5a1bb27e3000f4ff.rev'
|
|
public and secret key created and signed.
|
|
|
|
gpg: checking the trustdb
|
|
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
|
|
gpg: depth: 0 valid: 6 signed: 67 trust: 0-, 0q, 0n, 0m, 0f, 6u
|
|
gpg: depth: 1 valid: 67 signed: 40 trust: 67-, 0q, 0n, 0m, 0f, 0u
|
|
gpg: next trustdb check due at 2016-10-05
|
|
pub ed25519 2016-07-08
|
|
F478770235B60A230BE78005006A236C292C31D7
|
|
uid [ultimate] Kunisada Chuji <chuji@gniibe.org>
|
|
sub cv25519 2016-07-08
|
|
|
|
$
|
|
|
|
We have the primary key with ed25519, and encryption subkey with cv25519.
|
|
|
|
|
|
Next, we add authentication subkey which can be used with OpenSSH.
|
|
We invoke gpg frontend with ``--edit-key`` and the key ID. ::
|
|
|
|
$ gpg2 --expert --edit-key 17174C1A7C406DB5
|
|
gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc.
|
|
This is free software: you are free to change and redistribute it.
|
|
There is NO WARRANTY, to the extent permitted by law.
|
|
|
|
Secret key is available.
|
|
|
|
sec ed25519/17174C1A7C406DB5
|
|
created: 2016-07-08 expires: never usage: SC
|
|
trust: ultimate validity: ultimate
|
|
ssb cv25519/37A03183DF7B31B1
|
|
created: 2016-07-08 expires: never usage: E
|
|
[ultimate] (1). Kunisada Chuji <chuji@gniibe.org>
|
|
|
|
We invoke ``addkey`` subcommand. ::
|
|
|
|
gpg> addkey
|
|
|
|
It asks a kind of key, we input ``11`` to select ECC for authentication. ::
|
|
|
|
Please select what kind of key you want:
|
|
(3) DSA (sign only)
|
|
(4) RSA (sign only)
|
|
(5) Elgamal (encrypt only)
|
|
(6) RSA (encrypt only)
|
|
(7) DSA (set your own capabilities)
|
|
(8) RSA (set your own capabilities)
|
|
(10) ECC (sign only)
|
|
(11) ECC (set your own capabilities)
|
|
(12) ECC (encrypt only)
|
|
(13) Existing key
|
|
Your selection? 11
|
|
|
|
and then, we specify "Authenticate" capability. ::
|
|
|
|
Possible actions for a ECDSA/EdDSA key: Sign Authenticate
|
|
Current allowed actions: Sign
|
|
|
|
(S) Toggle the sign capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
Your selection? a
|
|
|
|
Possible actions for a ECDSA/EdDSA key: Sign Authenticate
|
|
Current allowed actions: Sign Authenticate
|
|
|
|
(S) Toggle the sign capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
Your selection? s
|
|
|
|
Possible actions for a ECDSA/EdDSA key: Sign Authenticate
|
|
Current allowed actions: Authenticate
|
|
|
|
(S) Toggle the sign capability
|
|
(A) Toggle the authenticate capability
|
|
(Q) Finished
|
|
|
|
Your selection? q
|
|
|
|
Then, it asks which curve. We input ``1`` for "Curve25519". ::
|
|
|
|
Please select which elliptic curve you want:
|
|
(1) Curve 25519
|
|
(2) NIST P-256
|
|
(3) NIST P-384
|
|
(4) NIST P-521
|
|
(5) Brainpool P-256
|
|
(6) Brainpool P-384
|
|
(7) Brainpool P-512
|
|
(8) secp256k1
|
|
Your selection? 1
|
|
|
|
It may ask confirmation with WARNING (depends on version). We say ``y``. ::
|
|
|
|
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
|
|
Use this curve anyway? (y/N) y
|
|
|
|
It asks expiration of the key. ::
|
|
|
|
Please specify how long the key should be valid.
|
|
0 = key does not expire
|
|
<n> = key expires in n days
|
|
<n>w = key expires in n weeks
|
|
<n>m = key expires in n months
|
|
<n>y = key expires in n years
|
|
Key is valid for? (0)
|
|
Key does not expire at all
|
|
Is this correct? (y/N) y
|
|
|
|
And the confirmation. ::
|
|
|
|
Really create? (y/N) y
|
|
|
|
It goes. ::
|
|
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
disks) during the prime generation; this gives the random number
|
|
generator a better chance to gain enough entropy.
|
|
|
|
It asks the passphrase. And done. ::
|
|
|
|
sec ed25519/17174C1A7C406DB5
|
|
created: 2016-09-08 expires: never usage: SC
|
|
trust: ultimate validity: ultimate
|
|
ssb cv25519/37A03183DF7B31B1
|
|
created: 2016-09-08 expires: never usage: E
|
|
ssb ed25519/4AD7D2428679DF5F
|
|
created: 2016-09-08 expires: never usage: A
|
|
[ultimate] (1). Kunisada Chuji <chuji@gniibe.org>
|
|
|
|
We type ``save`` to exit form gpg. ::
|
|
|
|
gpg> save
|
|
$
|
|
|