From SubfireWiki

Contents 1 Security 1.1 GNU GPG 1.1.1 Public Key 1.1.2 Private Export 1.1.3 Signing keys 1.1.4 Trusting Keys 1.2 Server

Security

GNU GPG

A nice GUI tool for keys:

sudo apt-get install seahorse

Public Key

• public key id: 966B1F02

To get my public key:

gpg --recv-keys --keyserver wwwkeys.pgp.net 966B1F02

Private Export

• Export the private key:

gpg -a --export-secret-keys 966B1F02 | gpg -aco malcom-private.key.gpg

• Import the private key:

gpg --decrypt malcom-private.key.gpg | gpg --import

• Why even do this you ask?

So you can save it to a CD, and then delete the file after. Following the above commands will require your passphrase to re-import the private key, so it's pretty safe.

Signing keys

To sign someone else's key do the following:

gpg --sign-key 4C9DA1D0
gpg --send-key 4C9DA1D0

Trusting Keys

Now that both parties have signed their respective keys, you are now ready to trust a key:

gpg --edit-key 4C9DA1D0

At the prompt type in 'trust' and then answer the questions. At the end type in save.

Then send the key:

gpg --send-keys 4C9DA1D0 

Server

• http://www.debian.org/doc/manuals/securing-debian-howto/ap-harden-step.en.html
• http://www.debian.org/doc/manuals/securing-debian-howto/