Primary Key Creation

From f0063afa71bc7e71f19d174acc2fde26f0c11850 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Tue, 15 May 2018 13:13:16 +1000 Subject: docs: python bindings HOWTO - DITA XML version * Due to the org-babel bug which breaks Python source code examples beyond the most simple snippets, ported the HOWTO to a source format which I *know* for sure won't break it. * Details of the org-mode bug is in https://dev.gnupg.org/T3977 * DITA project uses DITA-OT 2.x (2.4 or 2.5, IIRC) with support for DITA 1.3. * source files were written with oXygenXML Editor 20.0, hence the oXygenXML project file in the directory; however only the .ditamap and .dita files are required to generate any output with the DITA-OT. Signed-off-by: Ben McGinnes --- .../python/docs/dita/howto/part05/primary-key.dita | 97 ++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 lang/python/docs/dita/howto/part05/primary-key.dita (limited to 'lang/python/docs/dita/howto/part05/primary-key.dita') diff --git a/lang/python/docs/dita/howto/part05/primary-key.dita b/lang/python/docs/dita/howto/part05/primary-key.dita new file mode 100644 index 00000000..5401dc9f --- /dev/null +++ b/lang/python/docs/dita/howto/part05/primary-key.dita @@ -0,0 +1,97 @@ + + + + + Primary Key Creation + +

Generating a primary key uses the create_key method in a Context. It + contains multiple arguments and keyword arguments, including: userid, + algorithm, expires_in, expires, + sign, encrypt, certify, + authenticate, passphrase and force. The + defaults for all of those except userid, algorithm, + expires_in, expires and passphrase is + False. The defaults for algorithm and + passphrase is None. The default for + expires_in is 0. The default for + expires is True. There is no default for + userid.

If passphrase is left as None then the key will not be + generated with a passphrase, if passphrase is set to a string then that + will be the passphrase and if passphrase is set to True + then gpg-agent will launch pinentry to prompt for a passphrase. For the sake of convenience, + these examples will keep passphrase set to None.

+ import gpg + +c = gpg.Context() + +c.home_dir = "~/.gnupg-dm" +userid = "Danger Mouse <dm@secret.example.net>" + +dmkey = c.create_key(userid, algorithm="rsa3072", expires_in=31536000, + sign=True, certify=True) + +

One thing to note here is the use of setting the c.home_dir parameter. + This enables generating the key or keys in a different location. In this case to keep the + new key data created for this example in a separate location rather than adding it to + existing and active key store data. As with the default directory, + ~/.gnupg, any temporary or separate directory needs the permissions + set to only permit access by the directory owner. On posix systems this means setting the + directory permissions to 700.

The temp-homedir-config.py script in the HOWTO examples directory will + create an alternative homedir with these configuration options already set and the correct + directory and file permissions.

The successful generation of the key can be confirmed via the returned + GenkeyResult object, which includes the following data:

+ print(""" +Fingerprint: {0} +Primary Key: {1} + Public Key: {2} + Secret Key: {3} + Sub Key: {4} + User IDs: {5} +""".format(dmkey.fpr, dmkey.primary, dmkey.pubkey, dmkey.seckey, dmkey.sub, + dmkey.uid)) + +

Alternatively the information can be confirmed using the command line program:

+ bash-4.4$ gpg --homedir ~/.gnupg-dm -K +~/.gnupg-dm/pubring.kbx +---------------------- +sec rsa3072 2018-03-15 [SC] [expires: 2019-03-15] + 177B7C25DB99745EE2EE13ED026D2F19E99E63AA +uid [ultimate] Danger Mouse <dm@secret.example.net> + +bash-4.4$ + +

As with generating keys manually, to preconfigure expanded preferences for the cipher, + digest and compression algorithms, the gpg.conf file must contain those + details in the home directory in which the new key is being generated. I used a cut down + version of my own gpg.conf file in order to be able to generate + this:

+ bash-4.4$ gpg --homedir ~/.gnupg-dm --edit-key 177B7C25DB99745EE2EE13ED026D2F19E99E63AA showpref quit +Secret key is available. + +sec rsa3072/026D2F19E99E63AA + created: 2018-03-15 expires: 2019-03-15 usage: SC + trust: ultimate validity: ultimate +[ultimate] (1). Danger Mouse <dm@secret.example.net> + +[ultimate] (1). Danger Mouse <dm@secret.example.net> + Cipher: TWOFISH, CAMELLIA256, AES256, CAMELLIA192, AES192, CAMELLIA128, AES, BLOWFISH, IDEA, CAST5, 3DES + Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1 + Compression: ZLIB, BZIP2, ZIP, Uncompressed + Features: MDC, Keyserver no-modify + +bash-4.4$ + +

+ + + -- cgit v1.2.3