OpenPGP allows you to sign documents, such as emails or text files, using a digital key. Launchpad uses this key during a small number of tasks where it's important to confirm your identity.
You can use most of Launchpad without OpenPGP. However, if you want to sign the Ubuntu Code of Conduct or use the Bug Tracker's email interface, you will need to register an OpenPGP key in your Launchpad account.
You may occasionally receive an email from Launchpad that has been encrypted to your OpenPGP key, or signed by someone else's OpenPGP key. If you need help viewing such messages in your mail reader, please see our guide to reading OpenGPG signed mail.
Creating your OpenPGP keys
OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key.
You can generate both keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use.
Step 1: Open a terminal and type:
Step 2: GPG will now ask you a number of questions about the type of key you want to generate. Don't worry if you're unsure what to do, follow the steps below to select the default option each time.
The first question asks what type of key you want to generate. Press Enter to select the default.
Step 3: Press Enter again, to select the default key size.
Step 4: You can choose to set an expiry date for your key. Expiry dates are useful if you're dealing with highly secure content. Press Enter to choose a non-expiring key, then press y followed by Enter to confirm.
Step 5: To help identify your key, GPG combines your name, email address and any comment you choose. Enter your real name, when prompted, then press Enter.
Step 6: Enter the email address that you're most likely to use with your Launchpad account, then press Enter.
Step 7: Optionally, you may enter a comment, such as My main OpenPGP key, then press Enter.
Step 8: GPG will show you its proposed id for the key. For example:
You selected this USER-ID: "Matthew Revell (My test OpenPGP key) <email@example.com>"
If you're happy with the id, press the letter O (for Okay), then Enter.
Step 9: You must protect your key with a password. Enter, then confirm, a password that other people can't easily guess but that is memorable to you.
Important: If you forget this password there is no way to retrieve it and your key will become useless.
Step 10: GPG will now generate your keys. To increase the strength of your keys, you should type randomly on your keyboard. This gives GPG extra data from which to generate your keys.
Your keys are now stored as public.key and private.key in the current directory.
Step 11: Check that your key has been generated by typing gpg --list-keys and, if successful, you'll see a message similar to:
/home/matthew/.gnupg/pubring.gpg -------------------------------- pub 1024D/12345678 2007-01-26 uid Matthew Revell (My test OpenPGP key) <firstname.lastname@example.org> sub 2048g/9ABCDEF1 2007-01-26
Make a note of the pub id, which is 1024D/12345678 in the example above.
Step 12: Launchpad doesn't store your key directly, so you need to export your public key to a key server, such as keyserver.ubuntu.com:
gpg --send-keys --keyserver keyserver.ubuntu.com 12345678
Replace 12345678 with the pub id you noted in step 11.
If successful, GPG will display a message similar to:
gpg: sending key 12345678 to hkp server keyserver.ubuntu.com
Importing your key into Launchpad
Step 1: Launchpad identifies your OpenPGP key by its fingerprint. In your terminal, you can ask GPG for your key's fingerprint by typing:
GPG will display a message similar to:
pub 1024D/12345678 2007-01-26 Key fingerprint = 0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72 uid Matthew Revell (My test OpenPGP key) <email@example.com> sub 2048g/ABCDEF12 2007-01-26
Highlight and copy only the numeric fingerprint: 0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72 in the example above.
Step 2: Visit your OpenPGP keys page
Step 3: Paste the fingerprint that you copied in step 1 into the Fingerprint text-box, then click the Import Key button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import.
Step 4: Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours.
Quick tip: Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type gpg in your terminal, then paste the email contents into your terminal window.
Step 6: Back on the Launchpad website, click the Confirm button and Launchpad will complete the import of your OpenPGP key.
Launchpad will confirm that it has imported your key.
Note: If you created the key id using an email address not registered in your Launchpad account, click confirm them to use it with Launchpad.
You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface.
Similarly, if you want to use some aspects of Launchpad's code hosting or Personal Package Archives, you need to tell Launchpad about your SSH keys.