Author: StJohn Piano
This page is subject to change at any time. It is not signed by its author or by Edgecase Datafeed.
4 minute read (5 pages)



Background: GPG 1.4.10 Stateless Operations


Notes:
- In public-key cryptography, a 'key' is really a keypair: a private key and a public key.
- I use the term 'keyfile' to refer to a text file that contains a key (whether private or public).




1) Install GPG, preferably 1.4.x.




2) Choose a real name for the key. This is the name of the relevant person or entity.

This is the name that will be used as a "display name", for readability.

Examples:
"John Smith"
"Joaquin Sorolla"
"Test Key 1"
"Server 456 (Clive)"
"Morgan Industries"




3) Generate the keyname from the real name.

This is the actual name of the key. It will be used wherever a program needs to read an unambigous name for this key.

Procedure:
- Decapitalise any capital letters.
- Remove punctuation.
- Replace spaces with underscores.

Examples:
"John Smith" -> "john_smith"
"Joaquin Sorolla" -> "joaquin_sorolla"
"Test Key 1" -> "test_key_1"
"Server 456 (Clive)" -> "server_456_clive"
"Morgan Industries" -> "morgan_industries"

Exception: Avoid using hyphens and periods in the real name, but if they are necessary then replace them with underscores instead of removing them. They often act as semantic separators, e.g. for version numbers, and it's helpful to preserve the separation.




4) Generate the keyfile names from the keyname.

To generate the private keyfile name, add the suffix "_private_key.txt".

To generate the public keyfile name, add the suffix "_public_key.txt".

Examples:

"john_smith":
- "john_smith_private_key.txt"
- "john_smith_public_key.txt"

"joaquin_sorolla":
- "joaquin_sorolla_private_key.txt"
- "joaquin_sorolla_public_key.txt"

"test_key_1":
- "test_key_1_private_key.txt"
- "test_key_1_public_key.txt"

"server_456_clive":
- "server_456_clive_private_key.txt"
- "server_456_clive_public_key.txt"

"morgan_industries":
- "morgan_industries_private_key.txt"
- "morgan_industries_public_key.txt"




5) Create a temporary home directory for GPG to use.

mkdir tmp_home && chmod 700 tmp_home





6) Create the GPG key. It will be stored in the temporary directory.

Important: Enter the values as shown (e.g. no email address). Use the keyname for the "real name" entry. (This is used in the Edgecase signature verification process.)

gpg --no-default-keyring --homedir tmp_home --gen-key


Answers to the interactive prompts during key generation:
- 1) key type = "1" (RSA and RSA)
- 2) key size = "4096"
- 3) expiry period = "0" (never)
- 4) confirm expiry period = "y"
- 5) real name = "test_key_1"
- 6) email address = ""
- 7) comment = ""
- 8) confirm real name, email address, and comment = "o"
- 9) passphrase = ""
- 10) confirm passphrase = ""
- 11) [Wait for random bytes to be generated. GPG says that it will create a passphrase anyway if an empty passphrase is specified, but I don't think that it actually does]

"" signifies empty string i.e. no input. Press Enter after each prompt to proceed to the next one.




7) Export the GPG keypair into public and private keyfiles.

gpg --no-default-keyring --homedir tmp_home --armor --export-secret-keys "test_key_1" > test_key_1_private_key.txt


gpg --no-default-keyring --homedir tmp_home --armor --export "test_key_1" > test_key_1_public_key.txt





8) Delete the temporary directory.

rm -r tmp_home





9) Result.

We have generated a key, or rather a keypair (a private key and a public key), which has been stored in two text files.

Note: A worked example with included output is available in the article GPG 1.4.10 Stateless Operations, in the section GPG 1.4.10 Stateless Operations With Example Output, in the part "1) Create keypair and store it in keyfiles".