![]() Likewise, you will use the subkeys for decrypting and signing messages. You publish the subkeys on the normal keyservers, and everyone else will use them instead of the primary keys for encrypting messages or verifying your message signatures. Subkeys make this easier: you already have an automatically created encryption subkey and you create another subkey for signing, and you keep those on your main computer. Then do the reverse to get back up to your Internet connection for uploading the packages. GPG SUITE MAC TUTORIAL PORTABLEHowever, keeping all your keys extremely safe is inconvenient: every time you need to sign a new package upload, you need to copy the packages onto suitable portable media, go into your sub-basement, prove to the armed guards that you're you by using several methods of biometric and other identification, go through a deadly maze, feed the guard dogs the right kind of meat, and then finally open the safe, get out the signing laptop, and sign the packages. You should keep your private primary key very, very safe. So you should keep all your private keys safe. If anyone else gets access to your private primary key or its private subkey, they can make everyone believe they're you: they can upload packages in your name, vote in your name, and do pretty much anything else you can do. The primary key pair is quite important: it is the best proof of your identity online, at least for Debian, and if you lose it, you'll need to start building your reputation from scratch. GPG SUITE MAC TUTORIAL PASSWORDDebian requires you to have the encryption subkey so that certain kinds of things can be e-mailed to you safely, such as the initial password for your shell account. Without a subkey for encryption, you can't have encrypted e-mails with GnuPG at all. GnuPG actually uses a signing-only key as the primary key, and creates an encryption subkey automatically. In other words, subkeys are like a separate key pair, but automatically associated with your primary key pair. The really useful part of subkeys is that they can be revoked independently of the primary keys, and also stored separately from them. A subkey can be used for signing or for encryption. OpenPGP further supports subkeys, which are like the normal keys, except they're bound to a primary key pair. GnuPG, the implementation used in Debian, picks the right key at any one time. Or, others use the public key to encrypt something, and you use the private key to decrypt it.Īs long as only you have access to the private key, other people can rely on your digital signatures being made by you, and you can rely on nobody else being able to read messages encrypted for you. You use the private key to digitally sign files, and others use the public key to verify the signature. ![]() In public key cryptography, a key is actually a pair: a public key, and a private key. Using OpenPGP subkeys in Debian development ![]() Translation(s): English - Français - Italiano - Português (Brasil) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |