GPG https://www.keopx.net/categoria/gpg es Crear claves GPG2 en GNU/Linux con Ed25519 https://www.keopx.net/blog/crear-claves-gpg2-en-gnulinux-con-ed25519 <span class="field field--name-title field--type-string field--label-hidden">Crear claves GPG2 en GNU/Linux con Ed25519</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Vamos a crear un par de claves GPG2 basados en cifrado <em>Ed25519</em>. Lo realizaremos en la consola aunque también se puede realizar utilizando "Contraseñas y claves de cifrado".</p> <p>A continuación, invocamos gpg en la consola con la opción <em>--expert</em> y <em>--full-gen-key</em>.</p> <pre> <code class="language-bash">$ gpg2 --expert --full-gen-key gpg (GnuPG) 2.1.8; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.</code></pre><p>Luego, seleccionamos el <em>9</em> para seleccionar la clave principal de <em>ECC</em> y la subclave de cifrado <em>de ECC</em>.</p> <pre> <code class="language-bash">Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC and ECC (10) ECC (sign only) (11) ECC (set your own capabilities) Your selection? 9</code></pre><p>La siguiente es la <strong>selección importante</strong>. Seleccionamos <em>1</em> para seleccionar "<em>Curve25519</em>".</p> <pre> <code class="language-bash">Please select which elliptic curve you want: (1) Curve 25519 (2) NIST P-256 (3) NIST P-384 (4) NIST P-521 (5) Brainpool P-256 (6) Brainpool P-384 (7) Brainpool P-512 (8) secp256k1 Your selection? 1</code></pre><p>Verás una <em>ADVERTENCIA</em>, pero es lo que quieres.</p> <pre> <code class="language-bash">gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. Use this curve anyway? (y/N) y</code></pre><p>Se le pregunta sobre la caducidad de la clave.</p> <pre> <code class="language-bash">Please specify how long the key should be valid. 0 = key does not expire &lt;n&gt; = key expires in n days &lt;n&gt;w = key expires in n weeks &lt;n&gt;m = key expires in n months &lt;n&gt;y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y </code></pre><p>Luego, pregunta sobre una identidad de usuario.</p> <pre> <code class="language-bash"> GnuPG needs to construct a user ID to identify your key. Real name: keopx Email address: keopx@keopx.net Comment: You selected this USER-ID: "keopx &lt;keopx@keopx.net&gt;" </code></pre><p>Por último, pide confirmación.</p> <pre> <code class="language-bash">Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o</code></pre><p>Entonces, va así.</p> <pre> <code class="language-bash">We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. </code></pre><p>Pide a la frase de contraseña las claves por ventana emergente y, a continuación, finaliza.</p> <pre> <code class="language-bash">gpg: key D1A0681AAEDE141B marked as ultimately trusted gpg: directory '/home/user/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/4E2A32714B8E5ADAECA181ABD1A0681AAEDE141B.rev' public and secret key created and signed. pub ed25519 2019-01-13 [SC] 4E2A32714B8E5ADAECA181ABD1A0681AAEDE141B 4E2A32714B8E5ADAECA181ABD1A0681AAEDE141B uid keopx &lt;keopx@keopx.net&gt; sub cv25519 2019-01-13 [E] </code></pre><p>Referencia:</p> <ul><li><a href="https://debconf17.debconf.org/talks/162/">https://debconf17.debconf.org/talks/162/</a></li> <li><a href="https://www.keopx.net/blog/crear-claves-gpg-en-gnulinux">https://www.keopx.net/blog/crear-claves-gpg-en-gnulinux</a></li> </ul></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/keopx" typeof="schema:Person" property="schema:name" datatype="">keopx</span></span> <span class="field field--name-created field--type-created field--label-hidden">Dom, 13/01/2019 - 13:14</span> <div class="field field--name-field-tax-cat field--type-entity-reference field--label-above"> <div class="field__label">Categoria</div> <div class="field__items"> <div class="field__item"><a href="/categoria/gpg" hreflang="es">GPG</a></div> <div class="field__item"><a href="/categoria/gnu-linux" hreflang="es">GNU Linux</a></div> <div class="field__item"><a href="/categoria/seguridad" hreflang="es">Seguridad</a></div> </div> </div> <div class="field field--name-field-tax-tag field--type-entity-reference field--label-above"> <div class="field__label">Tag</div> <div class="field__items"> <div class="field__item"><a href="/tag/seguridad" hreflang="es">seguridad</a></div> <div class="field__item"><a href="/tag/gpg" hreflang="es">GPG</a></div> <div class="field__item"><a href="/tag/gnu-linux" hreflang="es">GNU Linux</a></div> </div> </div> <section class="field field--name-field-comments field--type-comment field--label-above comment-wrapper"> <h2 class="title comment-form__title">Añadir nuevo comentario</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=301&amp;2=field_comments&amp;3=comment" token="aKhbvLK9H1YjgGr-ZNN1elbev_LB5TsJErSit8E7BMo"></drupal-render-placeholder> </section> Sun, 13 Jan 2019 12:14:10 +0000 keopx 301 at https://www.keopx.net Crear claves GPG en GNU/Linux https://www.keopx.net/blog/crear-claves-gpg-en-gnulinux <span class="field field--name-title field--type-string field--label-hidden">Crear claves GPG en GNU/Linux</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Vamos a crear un par de claves GPG. Lo realizaremos en la consola aunque también se puede realizar "Contraseñas y claves de cifrado".</p> <p><strong>[Actualización]</strong></p> <blockquote><p>Right now the question is a bit broader: <strong>RSA</strong> vs. <strong>DSA</strong> vs. <strong>ECDSA</strong> vs. <strong>Ed25519</strong>. So:</p> <p><a href="https://isecpartners.com/media/105564/ritter_samuel_stamos_bh_2013_cryptopocalypse.pdf">A presentation at BlackHat 2013</a> suggests that significant advances have been made in solving the problems on complexity of which the strength of <strong>DSA</strong> and some other algorithms is founded, so they can be <strong><em>mathematically</em> broken</strong> very soon. Moreover, the attack may be possible (but harder) to extend to RSA as well.</p> <p>The presentation suggests using elliptic curve cryptography instead. The ECC algorithms supported by OpenSSH are <strong>ECDSA</strong> and, since OpenSSH 6.5, <strong>Ed25519.</strong></p> </blockquote> <ul><li> <h3>Ver: <a href="https://www.keopx.net/blog/crear-claves-gpg2-en-gnulinux-con-ed25519">https://www.keopx.net/blog/crear-claves-gpg2-en-gnulinux-con-ed25519</a></h3> </li> </ul><h3>Creación de clave</h3> <pre> <code class="language-bash">gpg --gen-key</code></pre><p>Elegir, eso si tener en cuenta que la clave que se utilice hará que sea mas robusta ante un ataque por fuerza bruta por eso mínimo de 8 caracteres de todo tipo, mayúsculas, minúsculas, numérico...</p> <p>Ejemplo de clave: <em>Dv]YR{bHeh,@1Qh</em></p> <pre> <code class="language-bash">Por favor seleccione tipo de clave deseado: (1) DSA y ElGamal (por defecto) (2) DSA (sólo firmar) (5) RSA (sólo firmar) ¿Su elección?: 1 El par de claves DSA tendrá 1024 bits. las claves ELG-E pueden tener entre 1024 y 4096 bits de longitud. ¿De qué tamaño quiere la clave? (2048) 4096 El tamaño requerido es de 4096 bits Por favor, especifique el período de validez de la clave. 0 = la clave nunca caduca = la clave caduca en n días w = la clave caduca en n semanas m = la clave caduca en n meses y = la clave caduca en n años ¿Validez de la clave (0)? 0 Key does not expire at all nunca caduca ¿Es correcto (s/n)? s</code></pre><p>Ya tenemos la clave eso si nos pedirá que realicemos tareas para recoger info aleatoria para generar la clave.</p> <h3>Listar las claves</h3> <pre> <code class="language-bash">gpg --list-keys</code></pre><h3>Clave de revocación</h3> <p>Esto es necesario ya que si algún día queremos eliminar la clave por cualquier motivo sin esto sera imposible.</p> <pre> <code class="language-bash">gpg --output nombre_revoke.asc --gen-revoke tu_email@email.com ¿Crear un certificado de revocación para esta clave? s Por favor elija una razón para la revocación: 0 = No se dio ninguna razón 1 = La clave ha sido comprometida 2 = La clave ha sido reemplazada. 3 = La clave ya no está en uso Q = Cancelar</code></pre><p>Te pedirá el contraseña.</p> <h3>Clave privada completa</h3> <pre> <code class="language-bash">gpg --output miclave_privada_sec.asc --armor --export-secret-key tu_email@email.com</code></pre><h3>Clave publica</h3> <pre> <code class="language-bash">gpg -a --export tu_email@email.com &gt; miclave_publica.asc</code></pre><h3>Exportar clave publica al servidor</h3> <p>Antes de nada tenemos que elegir un:</p> <ul><li>hkp://keyserver.ubuntu.com:11371</li> <li>hkp://pgp.mit.edu:11371</li> <li>ldap://keyserver.pgp.com</li> <li>pgp.rediris.es</li> </ul><pre> <code class="language-bash">gpg --keyserver pgp.rediris.es --send-keys tu_email@email.com</code></pre><p>Referencia:</p> <ul><li><a href="http://www.gnupg.org/gph/es/manual.html#AEN27">http://www.gnupg.org/gph/es/manual.html#AEN27</a></li> <li><a href="http://www.versvs.net/anotacion/como-por-que-usar-cifrado-correo-tutorial-apto-para-novatos">http://www.versvs.net/anotacion/como-por-que-usar-cifrado-correo-tutorial-apto-para-novatos</a></li> </ul><p> </p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/keopx" typeof="schema:Person" property="schema:name" datatype="">keopx</span></span> <span class="field field--name-created field--type-created field--label-hidden">Sáb, 04/07/2009 - 19:04</span> <div class="field field--name-field-tax-cat field--type-entity-reference field--label-above"> <div class="field__label">Categoria</div> <div class="field__items"> <div class="field__item"><a href="/categoria/gpg" hreflang="es">GPG</a></div> <div class="field__item"><a href="/categoria/gnu-linux" hreflang="es">GNU Linux</a></div> <div class="field__item"><a href="/categoria/seguridad" hreflang="es">Seguridad</a></div> </div> </div> <div class="field field--name-field-tax-tag field--type-entity-reference field--label-above"> <div class="field__label">Tag</div> <div class="field__items"> <div class="field__item"><a href="/tag/seguridad" hreflang="es">seguridad</a></div> <div class="field__item"><a href="/tag/gpg" hreflang="es">GPG</a></div> <div class="field__item"><a href="/tag/gnu-linux" hreflang="es">GNU Linux</a></div> </div> </div> <section class="field field--name-field-comments field--type-comment field--label-above comment-wrapper"> <h2 class="title comment-form__title">Añadir nuevo comentario</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=106&amp;2=field_comments&amp;3=comment" token="1Sqj-gEQpJsfb8ZexSEiLfPM54HovMLW3aGAcq1HoLo"></drupal-render-placeholder> </section> Sat, 04 Jul 2009 17:04:33 +0000 keopx 106 at https://www.keopx.net