On 02/16/2017 10:59 AM, Anders Bateva wrote:
I thought it would be useful to set an expiration date, so if I did
something wrong I wouldn't be eternally attached to an
inaccessible/unusable key pair.
You are never tied to anything in PGP. If there is ever a time to revoke
the key in the future, you can do so quite easily, as well as generating
and socializing a new key pair.
How can you be so sure my system has not enough entropy?
Because I have over 20 years of experience with Unix systems and
cryptography. Because you're not running haveged, and because it's
taking so long to produce a key.
Do you have some specific objection to running haveged?
Doug
Em 16/02/2017 16:43, Doug Barton escreveu:
If you didn't send the keys to anyone, or upload to any key server
(which it sounds like you did not) then your best bet is to delete
them all and start over from scratch.
You really should install haveged, then wait a few hours, and generate
a new key. The process relies on quality entropy to work properly, and
you obviously haven't had it previously. Having good entropy on your
system is a requirement for a variety of other crypto purposes,
including using gpg down the road.
Also, unless you have a specific purpose for doing so, please don't
use an expiration date on your key. It adds extra complexity for no
good purpose.
hope this helps,
Doug
On 02/16/2017 09:36 AM, Anders Bateva wrote:
Hello I used /"gpg2 --full-gen-key/", and a key pair was generated in
less than 10 minutes. But, after generating, I used "/gpg2 -k/" and
discovered there are 5 keys for my e-mail address on my computer.
Appears some of the earlier tentatives of creating the key pair really
created a key pair. Those are set to expire on 2021 or 2022. The one I
created right now is set to expire on 2018.
Now, what should I do, in order to start using the key pair on my
Thunderbird client, "/gpg2 --send-keys/"?
And how to "cancel" the previous key pairs, "/--delete-keys/",
"/--gen-revoke/"?
Em 15/02/2017 18:16, LeRoy escreveu:
On 02/15/2017 11:28 AM, Anders Bateva wrote:
Hello. I'm using GNU/Linux (distro: Ubuntu), not FreeBSD - sorry, I
forgot to inform this. But, anyway, I did what you instructed:
When I looked at the headers it looked like you were using FreeBSD.
My mistake, sorry. I am currently using Arch Linux.
So, I have both gpg and gpg2. I can't create a symlink because gpg
really exist, it's used for the VPN (when I uninstalled gpg
yesterday, the VPN, I could not login anymore, and when I
reinstalled the VPN today, it installed gpg too).
Here's gpg2:
$ gpg2 --version gpg (GnuPG) 2.1.11 libgcrypt 1.6.5 Copyright (C)
2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL
version 3 or later <http://gnu.org/licenses/gpl.html> This is
free software: you are free to change and redistribute it. There
is NO WARRANTY, to the extent permitted by law.
I noticed that /usr/bin/gpg was not a symlink on your system. Is it a
hard link or is it gpg1? You can use the file command to find out.
If it is not a hard link maybe you should find out what version it is.
gpg --version
As I stated previously Enigmail seems to depend on /usr/bin/gpg being
version 2 of GnuPG.
Should then I use /gpg2 --gen-key/? Maybe /gpg2
--full-generate-key/?
The answer to this question is first finding out what the file gpg
really is. The second part depends how many questions you want to
answe
r.
This is from the man page:
--full-generate-key
--full-gen-key
Generate a new key pair with dialogs for all options.
This is an extended version of --generate-key.
There is also a feature which allows you to create keys
in batch mode. See the manual section ``Unattended key
generation'' on how to use this.
This includes what questions what cipher you want to use along with a
lot of other questions. As a beginner I would use the just the
--gen-key unless you really want to learn all of the details.
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
