6944
Comment:
|
11705
gpg param ordering is finikity
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
OpenPGP allows you to sign documents, such as emails or text files, using a digital key. Launchpad uses this key during a small number of tasks where it's important to confirm your identity. You can use most of Launchpad without OpenPGP. However, if you want to sign the Ubuntu Code of Conduct or use the Bug Tracker's email interface, you will need to register an OpenPGP key in your Launchpad account. You may occasionally receive an email from Launchpad that has been encrypted to your OpenPGP key, or signed by someone else's OpenPGP key. If you need help viewing such messages in your mail reader, please see our guide to [[ReadingOpenPgpMail|reading OpenGPG signed mailed]]. = Creating your OpenPGP keys = OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key. You can generate both keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use. {i} '''Note:''' If you're using any operating system that doesn't come with GPG, see the [[http://gnupg.org/download/index.en.html|GPG download page]]. You may also prefer to follow the [[http://www.gnupg.org/gph/en/manual.html#AEN26|GPG manual]]. |
OpenPGP allows you to sign documents, such as emails or text files, using a digital key. Launchpad uses this key during a small number of tasks where it's important to confirm your identity. You can use most of Launchpad without OpenPGP. However, if you want to sign the Ubuntu Code of Conduct or use the Bug Tracker's email interface, you will need to register an OpenPGP key in your Launchpad account. You may occasionally receive an email from Launchpad that has been encrypted to your OpenPGP key, or signed by someone else's OpenPGP key. If you need help viewing such messages in your mail reader, please see our guide to [[ReadingOpenPgpMail|reading OpenGPG signed mail]]. OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key. = Using Passwords and Encryption Keys to manage OpenPGP keys = ||<tablestyle="float:right; margin: 0 0 1em 1em;" style="padding:0.5em;">{{attachment:Screenshot-Passwords and Encryption Keys.png | Passwords and Encryption Keys }}|| The easiest way to generate a new OpenPGP key in Ubuntu is to use the ''Passwords and Encryption Keys'' tool. If you are using Ubuntu 10.04 or an earlier version, it is located at ''Applications > Accessories > Passwords and Encryption Keys''. In Ubuntu 10.10 and later versions, it is located at ''System > Preferences > Passwords and Encryption Keys'' == Creating your OpenPGP keys == '''Step 1:''' Open ''Passwords and Encryption Keys''. '''Step 2:''' Select ''File > New'', select ''PGP Key'' and then follow the on-screen instructions. Now you'll see your new key listed in the ''Passwords and Encryption Keys'' tool. == Publishing your key to a keyserver == '''Step 1:''' Open ''Passwords and Encryption Keys''. '''Step 2:''' Select the ''My Personal Keys'' tab, select your key. '''Step 3:''' Select ''Remote > Sync and Publish Keys'' from the menu. Choose the ```Sync``` button. (You may need to add ```hkp://keyserver.ubuntu.com``` to your key servers if you are not using Ubuntu.) It can take up to thirty minutes before your key is available to Launchpad. After that time, you're ready to import key into into Launchpad. == Importing your key into Launchpad == OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key. '''Step 1:''' Open ''Passwords and Encryption Keys''. '''Step 2:''' Select the ''My Personal Keys'' tab, select your key and open the property window by pressing Space Bar or double clicking with your pointer. Select the ''Details'' tab of the property window. '''Step 3:''' Select the ''Fingerprint'' text (the ten blocks of numbers and letter). Copy the text by pressing the ```control+c``` keys together. '''Step 4:''' Visit your [[https://launchpad.net/people/+me/+editpgpkeys|OpenPGP keys]] page. '''Step 5:''' Paste the fingerprint that you copied in step 3 into the `Fingerprint` text-box, then click the ```Import Key``` button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import. '''Step 6:''' Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours. {i} '''Quick tip:''' Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type ```gpg``` in your terminal, then paste the email contents into your terminal window. '''Step 7:''' Back on the Launchpad website, use the ```Confirm``` button and Launchpad will complete the import of your OpenPGP key. Launchpad will confirm that it has imported your key. {i} '''Note:''' If you created the key id using an email address not registered in your Launchpad account, use the ```Confirm Them``` button to use it with Launchpad. You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface. == Renewing your key == You may have set your key to expire. You can update your key's expiration date and republish it. '''Step 1:''' Open ''Passwords and Encryption Keys''. '''Step 2:''' Select the ''My Personal Keys'' tab, select your key and open the property window by pressing Space Bar or double clicking with your pointer. Select the ''Details'' tab of the property window. '''Step 3:''' Set a new expiration date or choose never. Close the property window '''Step 4:''' With you key still selected, select ''Remote > Sync and Publish Keys'' from the menu. Choose the ```Sync``` button. = Using GPG to manage OpenPGP keys = OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key. You can create and manage OpenPGP keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use. {i} '''Note:''' If you're using any operating system that doesn't come with GPG, see the [[http://gnupg.org/download/index.en.html|GPG download page]]. You may also prefer to follow the [[http://www.gnupg.org/gph/en/manual.html#AEN26|GPG manual]]. == Creating your OpenPGP keys with gpg == |
Line 25: | Line 151: |
'''Step 2:''' GPG will now ask you a number of questions about the type of key you want to generate. Don't worry if you're unsure what to do, follow the steps below to select the default option each time. The first question asks what type of key you want to generate. Press ```Enter``` to select the default. |
'''Step 2:''' GPG will now ask you a number of questions about the type of key you want to generate. Don't worry if you're unsure what to do, follow the steps below to select the default option each time. The first question asks what type of key you want to generate. Press ```Enter``` to select the default. |
Line 31: | Line 160: |
'''Step 4:''' You can choose to set an expiry date for your key. Expiry dates are useful if you're dealing with highly secure content. Press `Enter` to choose a non-expiring key, then press `y` followed by `Enter` to confirm. '''Step 5:''' To help identify your key, GPG combines your name, email address and any comment you choose. Enter your real name, when prompted, then press ```Enter```. '''Step 6:''' Enter the email address that you're most likely to use with your Launchpad account, then press ```Enter```. '''Step 7:''' Optionally, you may enter a comment, such as ```My main OpenPGP key```, then press ```Enter```. |
'''Step 4:''' You can choose to set an expiry date for your key. Expiry dates are useful if you're dealing with highly secure content. Press `Enter` to choose a non-expiring key, then press `y` followed by `Enter` to confirm. '''Step 5:''' To help identify your key, GPG combines your name, email address and any comment you choose. Enter your real name, when prompted, then press ```Enter```. '''Step 6:''' Enter the email address that you're most likely to use with your Launchpad account, then press ```Enter```. '''Step 7:''' Optionally, you may enter a comment, such as ```My main OpenPGP key```, then press ```Enter```. |
Line 48: | Line 183: |
'''Step 9:''' You must protect your key with a password. Enter, then confirm, a password that other people can't easily guess but that is memorable to you. {i} '''Important:''' If you forget this password there is no way to retrieve it and your key will become useless. '''Step 10:''' GPG will now generate your keys. To increase the strength of your keys, you should type randomly on your keyboard. This gives GPG extra data from which to generate your keys. Your keys are now stored as ```public.key``` and ```private.key``` in the current directory. '''Step 11:''' Check that your key has been generated by typing ```gpg --list-keys``` and, if successful, you'll see a message similar to: |
'''Step 9:''' You must protect your key with a password. Enter, then confirm, a password that other people can't easily guess but that is memorable to you. {i} '''Important:''' If you forget this password there is no way to retrieve it and your key will become useless. '''Step 10:''' GPG will now generate your keys. To increase the strength of your keys, you should type randomly on your keyboard. This gives GPG extra data from which to generate your keys. Your keys are now stored as ```public.key``` and ```private.key``` in the current directory. '''Step 11:''' Check that your key has been generated by typing ```gpg --list- keys``` and, if successful, you'll see a message similar to: |
Line 67: | Line 208: |
Make a note of the ''pub'' id, which is `1024D/13245678` in the example above. '''Step 12:''' Launchpad doesn't store your key directly, so you need to export your public key to a key server, such as keyserver.ubuntu.com: {{{ gpg --send-keys --keyserver keyserver.ubuntu.com 12345678 |
Make a note of the ''pub'' id, which is `12345678` in the example above. '''Step 12:''' Launchpad doesn't store your key directly, so you need to export your public key to a key server, such as keyserver.ubuntu.com: {{{ gpg --keyserver keyserver.ubuntu.com --send-keys 12345678 |
Line 83: | Line 225: |
= Importing your key into Launchpad = '''Step 1:''' Launchpad identifies your OpenPGP key by its fingerprint. In your terminal, you can ask GPG for your key's fingerprint by typing: |
== Importing your key into Launchpad with gpg == You can generate both keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use. '''Step 1:''' Launchpad identifies your OpenPGP key by its fingerprint. In your terminal, you can ask GPG for your key's fingerprint by typing: |
Line 100: | Line 248: |
Highlight and copy only the numeric fingerprint: ```0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72``` in the example above. '''Step 2:''' Visit your [[https://launchpad.net/people/+me/+editpgpkeys|OpenPGP keys]] page '''Step 3:''' Paste the fingerprint that you copied in step 1 into the `Fingerprint` text-box, then click the '''Import Key''' button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import. '''Step 4:''' Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours. {i} '''Quick tip:''' Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type ```gpg``` in your terminal, then paste the email contents into your terminal window. '''Step 6:''' Back on the Launchpad website, click the ```Confirm``` button and Launchpad will complete the import of your OpenPGP key. |
Highlight and copy only the numeric fingerprint: ```0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72``` in the example above. '''Step 2:''' Visit your [[https://launchpad.net/people/+me/+editpgpkeys|OpenPGP keys]] page '''Step 3:''' Paste the fingerprint that you copied in step 1 into the `Fingerprint` text-box, then click the ```Import Key``` button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import. '''Step 4:''' Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours. {i} '''Quick tip:''' Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type ```gpg``` in your terminal, then paste the email contents into your terminal window. '''Step 6:''' Back on the Launchpad website, click the ```Confirm``` button and Launchpad will complete the import of your OpenPGP key. |
Line 114: | Line 275: |
{i} '''Note:''' If you created the key id using an email address not registered in your Launchpad account, click ```confirm them``` to use it with Launchpad. You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface. |
{i} '''Note:''' If you created the key id using an email address not registered in your Launchpad account, click ```confirm them``` to use it with Launchpad. You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface. |
Line 120: | Line 285: |
Similarly, if you want to use some aspects of Launchpad's code hosting or Personal Package Archives, you need to [[YourAccount/CreatingAnSSHKeyPair|tell Launchpad about your SSH keys]]. ||<tablestyle="border: 0; width: 100%;"> ~-[[YourAccount/Branding|< Branding your account]] -~ ||<style="text-align: right;"> ~- [[YourAccount/CreatingAnSSHKeyPair|Importing an SSH key >]] -~ || |
Similarly, if you want to use some aspects of Launchpad's code hosting or Personal Package Archives, you need to [[YourAccount/CreatingAnSSHKeyPair|tell Launchpad about your SSH keys]]. ||<tablestyle="border: 0; width: 100%;"> ~-[[YourAccount/NewAccount|< Creating your account]] -~ ||<style="text-align: right;"> ~- [[YourAccount/CreatingAnSSHKeyPair|Importing an SSH key >]] -~ || |
Launchpad Help > Your account > Importing your PGP key
Contents |
OpenPGP allows you to sign documents, such as emails or text files, using a digital key. Launchpad uses this key during a small number of tasks where it's important to confirm your identity.
You can use most of Launchpad without OpenPGP. However, if you want to sign the Ubuntu Code of Conduct or use the Bug Tracker's email interface, you will need to register an OpenPGP key in your Launchpad account.
You may occasionally receive an email from Launchpad that has been encrypted to your OpenPGP key, or signed by someone else's OpenPGP key. If you need help viewing such messages in your mail reader, please see our guide to reading OpenGPG signed mail.
OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key.
Using Passwords and Encryption Keys to manage OpenPGP keys
The easiest way to generate a new OpenPGP key in Ubuntu is to use the Passwords and Encryption Keys tool. If you are using Ubuntu 10.04 or an earlier version, it is located at Applications > Accessories > Passwords and Encryption Keys. In Ubuntu 10.10 and later versions, it is located at System > Preferences > Passwords and Encryption Keys
Creating your OpenPGP keys
Step 1: Open Passwords and Encryption Keys.
Step 2: Select File > New, select PGP Key and then follow the on-screen instructions.
Now you'll see your new key listed in the Passwords and Encryption Keys tool.
Publishing your key to a keyserver
Step 1: Open Passwords and Encryption Keys.
Step 2: Select the My Personal Keys tab, select your key.
Step 3: Select Remote > Sync and Publish Keys from the menu. Choose the Sync button. (You may need to add hkp://keyserver.ubuntu.com to your key servers if you are not using Ubuntu.)
It can take up to thirty minutes before your key is available to Launchpad. After that time, you're ready to import key into into Launchpad.
Importing your key into Launchpad
OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key.
Step 1: Open Passwords and Encryption Keys.
Step 2: Select the My Personal Keys tab, select your key and open the property window by pressing Space Bar or double clicking with your pointer. Select the Details tab of the property window.
Step 3: Select the Fingerprint text (the ten blocks of numbers and letter). Copy the text by pressing the control+c keys together.
Step 4: Visit your OpenPGP keys page.
Step 5: Paste the fingerprint that you copied in step 3 into the Fingerprint text-box, then click the Import Key button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import.
Step 6: Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours.
Quick tip: Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type gpg in your terminal, then paste the email contents into your terminal window.
Step 7: Back on the Launchpad website, use the Confirm button and Launchpad will complete the import of your OpenPGP key.
Launchpad will confirm that it has imported your key.
Note: If you created the key id using an email address not registered in your Launchpad account, use the Confirm Them button to use it with Launchpad.
You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface.
Renewing your key
You may have set your key to expire. You can update your key's expiration date and republish it.
Step 1: Open Passwords and Encryption Keys.
Step 2: Select the My Personal Keys tab, select your key and open the property window by pressing Space Bar or double clicking with your pointer. Select the Details tab of the property window.
Step 3: Set a new expiration date or choose never. Close the property window
Step 4: With you key still selected, select Remote > Sync and Publish Keys from the menu. Choose the Sync button.
Using GPG to manage OpenPGP keys
OpenPGP uses two types of digital keys: one public, one private. Each time you sign a document, OpenPGP appends a unique code to it, produced using the private key. That unique code is your digital signature and can be opened only with the public key.
You can create and manage OpenPGP keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use.
Note: If you're using any operating system that doesn't come with GPG, see the GPG download page. You may also prefer to follow the GPG manual.
Creating your OpenPGP keys with gpg
Step 1: Open a terminal and type:
gpg --gen-key
Step 2: GPG will now ask you a number of questions about the type of key you want to generate. Don't worry if you're unsure what to do, follow the steps below to select the default option each time.
The first question asks what type of key you want to generate. Press Enter to select the default.
Step 3: Press Enter again, to select the default key size.
Step 4: You can choose to set an expiry date for your key. Expiry dates are useful if you're dealing with highly secure content. Press Enter to choose a non-expiring key, then press y followed by Enter to confirm.
Step 5: To help identify your key, GPG combines your name, email address and any comment you choose. Enter your real name, when prompted, then press Enter.
Step 6: Enter the email address that you're most likely to use with your Launchpad account, then press Enter.
Step 7: Optionally, you may enter a comment, such as `My main OpenPGP key, then press Enter`.
Step 8: GPG will show you its proposed id for the key. For example:
You selected this USER-ID: "Matthew Revell (My test OpenPGP key) <test@matthewrevelltest.com>"
If you're happy with the id, press the letter O (for Okay), then Enter.
Step 9: You must protect your key with a password. Enter, then confirm, a password that other people can't easily guess but that is memorable to you.
Important: If you forget this password there is no way to retrieve it and your key will become useless.
Step 10: GPG will now generate your keys. To increase the strength of your keys, you should type randomly on your keyboard. This gives GPG extra data from which to generate your keys.
Your keys are now stored as public.key and private.key in the current directory.
Step 11: Check that your key has been generated by typing `gpg --list- keys` and, if successful, you'll see a message similar to:
/home/matthew/.gnupg/pubring.gpg -------------------------------- pub 1024D/12345678 2007-01-26 uid Matthew Revell (My test OpenPGP key) <test@matthewrevelltest.com> sub 2048g/9ABCDEF1 2007-01-26
Make a note of the pub id, which is 12345678 in the example above.
Step 12: Launchpad doesn't store your key directly, so you need to export your public key to a key server, such as keyserver.ubuntu.com:
gpg --keyserver keyserver.ubuntu.com --send-keys 12345678
Replace 12345678 with the pub id you noted in step 11.
If successful, GPG will display a message similar to:
gpg: sending key 12345678 to hkp server keyserver.ubuntu.com
Importing your key into Launchpad with gpg
You can generate both keys using the GPG tool. If you're running Ubuntu, and most other Linux-based operating systems, GPG is ready to use.
Step 1: Launchpad identifies your OpenPGP key by its fingerprint. In your terminal, you can ask GPG for your key's fingerprint by typing:
gpg --fingerprint
GPG will display a message similar to:
pub 1024D/12345678 2007-01-26 Key fingerprint = 0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72 uid Matthew Revell (My test OpenPGP key) <test@matthewrevelltest.com> sub 2048g/ABCDEF12 2007-01-26
Highlight and copy only the numeric fingerprint: `0464 39CD 2486 190A 2C5A 0739 0E68 04DC 16E7 CB72` in the example above.
Step 2: Visit your OpenPGP keys page
Step 3: Paste the fingerprint that you copied in step 1 into the Fingerprint text-box, then click the Import Key button. Launchpad will use the fingerprint to check the Ubuntu key server for your key and, if successful, send you an encrypted email asking you to confirm the key import.
Step 4: Check the email account that Launchpad has sent the confirmation email to. If your email client supports OpenPGP encryption, it will prompt you for the password you chose for the key when GPG generated it. Enter the password, then click the link to confirm that the key is yours.
Quick tip: Launchpad encrypts the email, using your public key, so that it can be sure that the key is yours. If your email software doesn't support OpenPGP encryption, copy the encrypted email's contents, type gpg in your terminal, then paste the email contents into your terminal window.
Step 6: Back on the Launchpad website, click the Confirm button and Launchpad will complete the import of your OpenPGP key.
Launchpad will confirm that it has imported your key.
Note: If you created the key id using an email address not registered in your Launchpad account, click confirm them to use it with Launchpad.
You can now sign the Ubuntu Code of Conduct and use the Bug Tracker's email interface.
Next step
Similarly, if you want to use some aspects of Launchpad's code hosting or Personal Package Archives, you need to [[YourAccount/CreatingAnSSHKeyPair|tell Launchpad about your SSH keys]].