[securityguide] Updated bit suggestion, updated examples, and updated markup.
Eric Christensen
sparks at fedoraproject.org
Tue Jun 17 15:52:12 UTC 2014
commit 64552776b14adaf0494692db8312427d0e0dcb53
Author: Eric H Christensen <sparks at redhat.com>
Date: Tue Jun 17 10:53:23 2014 -0400
Updated bit suggestion, updated examples, and updated markup.
en-US/Using_GPG.xml | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/en-US/Using_GPG.xml b/en-US/Using_GPG.xml
index 1086c7a..8b8c4c2 100644
--- a/en-US/Using_GPG.xml
+++ b/en-US/Using_GPG.xml
@@ -85,29 +85,32 @@ What keysize do you want? (2048)</screen>
<para>
Entering a value of <code>1y</code>, for example, makes the key valid for one year. (You may change this expiration date after the key is generated, if you change your mind.)
</para>
+ <important>
+ <para>Making the key expire after a relatively short period of time provides a failsafe function if you lose control over the key. You must, however, extend the expiration date <emphasis>before</emphasis> the key expires.</para>
+ </important>
<para>
Before the <code>gpg</code>code> program asks for signature information, the following prompt appears:
- <code>Is this correct (y/n)?</code> Enter <code>y</code>code> to finish the process.
+ <code>Is this correct (y/n)?</code> Enter <code>y</code> to finish the process.
</para>
<para>
Next, enter your name and email address. Remember this process is about authenticating you as a real individual. For this reason, include your real name. Do not use aliases or handles, since these disguise or obfuscate your identity.
</para>
<para>
- Enter your real email address for your GPG key. If you choose a bogus email address, it will be more difficult for others to find your public key. This makes authenticating your communications difficult. If you are using this GPG key for [[DocsProject/SelfIntroduction| self-introduction]] on a mailing list, for example, enter the email address you use on that list.
+ Enter your real email address for your GPG key. If you choose a bogus email address, it will be more difficult for others to find your public key. This makes authenticating your communications difficult. If you are using this GPG key for self-introduction on a mailing list, for example, enter the email address you use on that list.
</para>
<para>
Use the comment field to include aliases or other information. (Some people use different keys for different purposes and identify each key with a comment, such as "Office" or "Open Source Projects.")
</para>
<para>
- At the confirmation prompt, enter the letter O to continue if all entries are correct, or use the other options to fix any problems. Finally, enter a passphrase for your secret key. The <code>gpg</code> program asks you to enter your passphrase twice to ensure you made no typing errors.
+ At the confirmation prompt, enter the letter O to continue if all entries are correct, or use the other options to fix any problems. Finally, enter a passphrase for your secret key. The <application>gpg</application> program asks you to enter your passphrase twice to ensure you made no typing errors.
</para>
<para>
Finally, <code>gpg</code> generates random data to make your key as unique as possible. Move your mouse, type random keys, or perform other tasks on the system during this step to speed up the process. Once this step is finished, your keys are complete and ready to use:
</para>
<screen>
-pub 1024D/1B2AFA1C 2005-03-31 John Q. Doe <jqdoe@example.com>
+pub 3072R/1B2AFA1C 2005-03-31 John Q. Doe <jqdoe@example.com>
Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
-sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+sub 3072R/CEA4B22E 2013-03-31 [expires: 2014-03-31]
</screen>
<para>
The key fingerprint is a shorthand "signature" for your key. It allows you to confirm to others that they have received your actual public key without any tampering. You do not need to write this fingerprint down. To display the fingerprint at any time, use this command, substituting your email address:
More information about the docs-commits
mailing list