Diff for "YourAccount/ImportingYourPGPKey/Draft"

Not logged in - Log In / Register

Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2008-02-27 13:07:16
Size: 6701
Comment:
Revision 3 as of 2008-06-17 14:21:18
Size: 43
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
'''DRAFT: this page is a work in progress. Please [:Feedback:seek further help] or check the [:TitleIndex:wiki index] for a complete page on this topic.'''

||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;">'''Contents'''[[BR]][[TableOfContents]]||

OpenPGP allows you to sign documents, such as emails or text files, using a digital key. Launchpad uses this key during a small number of tasks where it's important to confirm your identity.

You can use most of Launchpad without OpenPGP. However, if you want to sign the Ubuntu Code of Conduct or use the Bug Tracker's email interface, you need to register an OpenPGP key in your Launchpad account.

You may occasionally receive email from Launchpad that has been encrypted to your OpenPGP key, or signed by someone else's OpenPGP key. If you need help viewing such messages in your mail reader, please see our guide to [:ReadingOpenPgpMail:reading OpenGPG signed mailed].

= Creating your OpenPGP keys =

OpenPGP uses two types of digital key: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key.

You can generate both keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use.

{i} '''Note:''' If your version of GPG differs significantly from these instructions, you may prefer to follow the [http://www.gnupg.org/gph/en/manual.html#AEN26 GPG manual].

'''Step 1:''' Open a terminal and type:

{{{
gpg --gen-key
}}}

'''Step 2:''' GPG will now ask you a number of questions about the type of key you want to generate. Don't worry if you're unsure what to do, follow the steps below to select the default option each time.

The first question asks what type of key you want to generate. Press ```Enter``` to select the default.

'''Step 3:''' Press ```Enter``` again, to select the default key size.

'''Step 4:''' You can choose to set an expiry date for your key. Expiry dates are useful if you're dealing with highly secure content. Press `Enter` to choose a non-expiring key, then press `y` followed by `Enter` to confirm.

'''Step 5:''' To help identify your key, GPG combines your name, email address and any comment you choose. Enter your real name, when prompted, then press ```Enter```.

'''Step 6:''' Enter the email address that you're most likely to use with your Launchpad account, then press ```Enter```.

'''Step 7:''' Optionally, enter a comment, such as ```My main OpenPGP key```, then press ```Enter```.

'''Step 8:''' GPG will show you its proposed id for the key. For example:

{{{
You selected this USER-ID:
    "Matthew Revell (My test OpenPGP key) <test@matthewrevelltest.com>"
}}}

If you're happy with the id, press the letter `O` (for ''Okay''), then `Enter`.

'''Step 9:''' You must protect your key with a password. Enter, then confirm, a password that other people can't easily guess but that is memorable to you.

{i} '''Important:''' If you forget this password there is no way to retrieve it and your key will become useless.

'''Step 10:''' GPG will now generate your keys. To increase the strength of your keys, you should type randomly on your keyboard. This gives GPG extra data from which to generate your keys.

Your keys are now stored as ```public.key``` and ```private.key``` in the current directory.

'''Step 11:''' Check that your key has been generated by typing ```gpg --list-keys``` and, if successful, you'll see a message similar to:

{{{
/home/matthew/.gnupg/pubring.gpg
--------------------------------

pub 1024D/12345678 2007-01-26
uid Matthew Revell (My test OpenPGP key) <test@matthewrevelltest.com>
sub 2048g/9ABCDEF1 2007-01-26
}}}

Make a note of the ''pub'' id, which is `1024D/13245678` in the example above.

'''Step 12:''' Launchpad doesn't store your key directly, so you need to export your public key to a key server, such as keyserver.ubuntu.com:

{{{
gpg --send-keys --keyserver keyserver.ubuntu.com 12345678
}}}

Replace `12345678` with the pub id you noted in step 11.

If successful, GPG will display a message similar to:

{{{
gpg: sending key 12345678 to hkp server keyserver.ubuntu.com
}}}

= Importing your key into Launchpad =

'''Step 1:''' Launchpad identifies your OpenPGP key by its fingerprint. In your terminal, you can ask GPG for your key's fingerprint by typing:

{{{
gpg --fingerprint
}}}

GPG will display a message similar to:

{{{
pub 1024D/12345678 2007-01-26
      Key fingerprint = 0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72
uid Matthew Revell (My test OpenPGP key) <test@matthewrevelltest.com>
sub 2048g/ABCDEF12 2007-01-26
}}}

Highlight and copy only the numeric fingerprint: ```0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72``` in the example above.

'''Step 2:''' Visit your [https://launchpad.net/people/+me/+editpgpkeys OpenPGP keys] page

'''Step 3:''' Paste the fingerprint that you copied in step 1 into the `Fingerprint` text-box, then click the '''Import Key''' button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import.

'''Step 4:''' Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours.

{i} '''Quick tip:''' Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type ```gpg``` in your terminal, then paste the email contents into your terminal window.

'''Step 6:''' Back on the Launchpad website, click the ```Confirm``` button and Launchpad will complete the import of your OpenPGP key.

Launchpad will confirm that it has imported your key.

{i} '''Note:''' If you created the key id using an email address not registered in your Launchpad account, click ```confirm them``` to use it with Launchpad.

You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface.

= Next step =

Similarly, if you want to use some aspects of Launchpad's code hosting or Personal Package Archives, you need to [:YourAccount/CreatingAnSSHKeyPair:tell Launchpad about your SSH keys].
#redirect YourAccount/ImportingYourPGPKey

YourAccount/ImportingYourPGPKey/Draft (last edited 2009-05-01 17:57:19 by andrea.corbellini)