1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK 4.0 -
  6. Manual

Digital Signatures For Rhn Packages; Generating A Gnupg Keypair - Red Hat NETWORK 4.0 - CHANNEL MANAGEMENTT GUIDE Manual

Channel management
Hide thumbs Also See for NETWORK 4.0 - CHANNEL MANAGEMENTT GUIDE:
Table of Contents

Advertisement

10

3.2. Digital Signatures for RHN Packages

All packages distributed through RHN should have a digital signature. A digital signature
is created with a unique private key and can be verified with the corresponding public
key. After creating a package, the SRPM (Source RPM) and the RPM can be digitally
signed with a GnuPG key. Before the package is installed, the public key is used to verify
the package was signed by a trusted party and the package has not changed since it was
signed.

3.2.1. Generating a GnuPG Keypair

A GnuPG keypair consists of the private and public keys. To generate a keypair type the
following command as the root user on the shell prompt:
gpg --gen-key
If you execute this command as a non-root user, you see the following message:
gpg: Warning: using insecure memory!
This message appears because non-root users cannot lock memory pages. Since you do not
want anyone else to have your private GnuPG key or your passphrase, you want to generate
the keypair as root. The root user can lock memory pages, which means the information is
never written to disk.
After executing the command to generate a keypair, you see an introductory screen con-
taining key options similar to the following:
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)
Your selection?
Accept the default option:
digital signature and encrypt/decrypt with two types of technologies. Type 1 and then press
[Enter].
Next, choose the key size, which is how long the key should be. The longer the key, the
more resistant against attacks your messages are. Creating a key of at least 1024 bits in
size is recommended.
The next option asks you to specify how long you want your key to be valid. If you do
choose an expiration date, remember that anyone who is using your public key must also
(1) DSA and ElGamal
Chapter 3. Building Custom Packages
. This option allows you to create a

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK 4.0 - CHANNEL MANAGEMENTT GUIDE

Related Content for Red Hat NETWORK 4.0 - CHANNEL MANAGEMENTT GUIDE

Table of Contents