SSH and GPG keys

Chiave SSH
Creare una chiave SSH in formato Ed25519 e RSA e' molto semplice, basta installare il client SSH: sudo apt-get install openssh-client ed eseguire i seguenti comandi: ssh-keygen -t ed25519 -C user@host

Generating public/private ed25519 key pair. Enter file in which to save the key (/home/username/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): ********************* Enter same passphrase again: ********************* Your identification has been saved in /home/username/.ssh/id_ed25519. Your public key has been saved in /home/username/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:XNkITSccuOSs110bVRKzZS9ZJJNr1bfNlfH50eAQdK8 user@host The key's randomart image is: +--[ED25519 256]--+ |       .=+o=.O=@| |       o.o* +.#@| |      + .+ . =BX| |      .+.    =+=| |       .S. . oEo.| |     . . . . .  | |       .         | |                 | |                 | +[SHA256]-+

ssh-keygen -t rsa -b 4096 -C user@host

Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ********************* Enter same passphrase again: ********************* Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: SHA256:zdKdK3OFoGUsm+eP6yT5QY2OXIJUchPjeI70GtcE4gc user@host The key's randomart image is: +---[RSA 4096]+ |     E B.       | |    . O =       | |     = = *      | |     o B & = o   | |     + S X =. | |      = @   o   | |     . = B o    | |        + B     | |        .=..    | +[SHA256]-+

E' importante utilizzare una frase segreta lunga almeno una ventina di caratteri.

Chiave GPG
Per creare una chiave GPG utile, per esempio, per crittografare file o email installare: sudo apt-get install gnupg ed eseguire i seguenti comandi: gpg --gen-key

Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire  = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Nome Cognome Email address: indirizzo@dominio.com Comment: You selected this USER-ID: "Nome Cognome " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. gpg: gpg-agent is not available in this session We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .............................+++++...+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .....+++++......+++++ gpg: key ABC123WZ marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u pub  4096R/ABC123WZ 2010-09-26 Key fingerprint = ABC1 AGC2 JBC1 ANC3 AU6 AAC8 ACC3 VBC9 TBC4 QBC6 uid                 Nome Cognome  sub  4096R/WZ123ABC 2010-09-26

gpg --send-key ABC123WZ

gpg: sending key ABC123WZ to hkp server subkeys.pgp.net

gpg --keyserver keyserver.ubuntu.com --send-key ABC123WZ

gpg: sending key ABC123WZ to hkp server keyserver.ubuntu.com

gpg --fingerprint ABC123WZ

pub  1024D/ABC123WZ 2010-09-26 Key fingerprint = ABC1 AGC2 JBC1 ANC3 AU6 AAC8 ACC3 VBC9 TBC4 QBC6 uid                 Nome Cognome  sub  4096g/WZ123ABC 2010-09-26

E' importante utilizzare una frase segreta lunga almeno una ventina di caratteri.

Per ulteriori informazioni: https://help.ubuntu.com/community/GnuPrivacyGuardHowto