informatica:linux:claves_gpg
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| informatica:linux:claves_gpg [2013/07/03 09:02] – external edit 127.0.0.1 | informatica:linux:claves_gpg [2023/11/30 14:04] (current) – jose | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| Para operar con las claves, instalar gunpg: | Para operar con las claves, instalar gunpg: | ||
| - | aptitude install gnupg | + | |
| Line 216: | Line 216: | ||
| + | ==== Revocar Clave del Servidor ==== | ||
| + | Si una clave vamos a dejar de usarla, hay que revocarla. | ||
| + | Para revocarla, tenemos que crear un certificado de revocación y luego subirlo al servidor. Para crear el certificado de revocación, | ||
| + | |||
| + | Vamos a revocar la antigua clave de 1024DSA porque hemos generado una nueva de 4096RSA | ||
| + | |||
| + | < | ||
| + | # gpg --list-keys | ||
| + | |||
| + | ----------------------------- | ||
| + | pub | ||
| + | uid Jose Legido < | ||
| + | sub | ||
| + | |||
| + | pub | ||
| + | uid Jose Legido < | ||
| + | sub | ||
| + | |||
| + | </ | ||
| + | < | ||
| + | # gpg --output revoke1024.asc --gen-revoke 5A988F96 | ||
| + | |||
| + | sec 1024D/ | ||
| + | Create a revocation certificate for this key? (y/N) y | ||
| + | Please select the reason for the revocation: | ||
| + | 0 = No reason specified | ||
| + | 1 = Key has been compromised | ||
| + | 2 = Key is superseded | ||
| + | 3 = Key is no longer used | ||
| + | Q = Cancel | ||
| + | (Probably you want to select 1 here) | ||
| + | Your decision? 3 | ||
| + | Enter an optional description; | ||
| + | > New Key F4AD9A55 | ||
| + | > | ||
| + | Reason for revocation: Key is no longer used | ||
| + | New Key F4AD9A55 | ||
| + | Is this okay? (y/N) y | ||
| + | |||
| + | You need a passphrase to unlock the secret key for | ||
| + | user: "Jose Legido < | ||
| + | 1024-bit DSA key, ID 5A988F96, created 2008-03-20 | ||
| + | |||
| + | ASCII armored output forced. | ||
| + | Revocation certificate created. | ||
| + | |||
| + | Please move it to a medium which you can hide away; if Mallory gets | ||
| + | access to this certificate he can use it to make your key unusable. | ||
| + | It is smart to print this certificate and store it away, just in case | ||
| + | your media become unreadable. | ||
| + | your machine might store the data and make it available to others! | ||
| + | </ | ||
| + | |||
| + | Ahora subimos el certificado de revocación para revocar la clave: | ||
| + | < | ||
| + | # gpg --import revoke1024.asc | ||
| + | gpg: key 5A988F96: "Jose Legido < | ||
| + | gpg: Total number processed: 1 | ||
| + | gpg: new key revocations: | ||
| + | gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model | ||
| + | gpg: depth: 0 valid: | ||
| + | </ | ||
| + | |||
| + | Al cabo de un rato, la clave aparece como revocada: | ||
| + | < | ||
| + | # gpg --search-keys jose@legido.com | ||
| + | gpg: searching for " | ||
| + | (1) Jose Legido < | ||
| + | 4096 bit RSA key F4AD9A55, created: 2014-09-15 | ||
| + | (2) Jose Legido < | ||
| + | 1024 bit DSA key 5A988F96, created: 2008-03-20 (revoked) | ||
| + | |||
| + | </ | ||
| ==== Descargar claves a servidor de claves ==== | ==== Descargar claves a servidor de claves ==== | ||
| Line 267: | Line 340: | ||
| gpg: keyserver search failed: keyserver error | gpg: keyserver search failed: keyserver error | ||
| - | Indicando otro servidor funciona, pero a veces también falla: | + | Indicando otro servidor funciona, pero a veces también falla. |
| - | # gpg | + | Servidores: |
| + | keyserver.ubuntu.com | ||
| + | subkeys.pgp.net | ||
| + | pgp.mit.edu | ||
| + | |||
| + | # gpg | ||
| gpg: searching for " | gpg: searching for " | ||
| | | ||
informatica/linux/claves_gpg.1372842169.txt.gz · Last modified: (external edit)