|
After reading Kees Leune‘s guide to setting up a CA here, I thought it’d be handy to script a lot of the legwork involved. The end result after a day or two’s hacking about is ca-mgmt. Bug reports, feature requests, etc. are more than welcome to the usual address, or to the Github Issues page. (Note: This was originally posted on my previous blog, but I’ve noticed that it’s being linked to, so I’ve reposted it here) I’m not a mathematician (or a cryptographer) so I’m happy to take this post‘s word for it about a recent attack against SHA-1 (short PDF here). The post goes into detail about changing the preferred digests on a key, and is well worth a read. The post also talks about using 2048-bit RSA keys, instead of the DSA/Elgamal default (which has a maximum size of 1024 bits). It goes into detail about how to migrate to an RSA key – if you’re going to migrate, I definitely recommend reading it. However, I thought it would be nice to write a (very) quick guide on generating RSA private keys with GnuPG, as there are a few extra steps involved – but nothing complicated! |
 
|
Wednesday, 21st of March 2012 at 12:39:41 AM