| | 119 | |
| | 120 | == Generating the encryption subkey == |
| | 121 | |
| | 122 | The next step is to create an encryption subkey. I chose to generate the encryption key using GnuPG, rather than with the Yubikey because private keys that are generated on the Yubikey cannot be removed from the Yubikey. This has a benefit that the private key is never physically on the computer, but it also has the disadvantage that access to all encrypted data is lost if the Yubikey is ever stolen or lost or a new key is generated. |
| | 123 | |
| | 124 | {{{ |
| | 125 | gpg2 --edit-key 94D49EC738E0D9519BCDE7D9C2D3C98C511F9CF8 |
| | 126 | gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. |
| | 127 | This is free software: you are free to change and redistribute it. |
| | 128 | There is NO WARRANTY, to the extent permitted by law. |
| | 129 | |
| | 130 | Secret key is available. |
| | 131 | |
| | 132 | sec rsa3072/C2D3C98C511F9CF8 |
| | 133 | created: 2017-07-24 expires: 2018-07-24 usage: C |
| | 134 | trust: ultimate validity: ultimate |
| | 135 | [ultimate] (1). Jorrit Jorritsma <jsj@xs4all.nl> |
| | 136 | |
| | 137 | gpg> addkey |
| | 138 | Please select what kind of key you want: |
| | 139 | (3) DSA (sign only) |
| | 140 | (4) RSA (sign only) |
| | 141 | (5) Elgamal (encrypt only) |
| | 142 | (6) RSA (encrypt only) |
| | 143 | Your selection? 6 |
| | 144 | RSA keys may be between 1024 and 4096 bits long. |
| | 145 | What keysize do you want? (2048) |
| | 146 | Requested keysize is 2048 bits |
| | 147 | Please specify how long the key should be valid. |
| | 148 | 0 = key does not expire |
| | 149 | <n> = key expires in n days |
| | 150 | <n>w = key expires in n weeks |
| | 151 | <n>m = key expires in n months |
| | 152 | <n>y = key expires in n years |
| | 153 | Key is valid for? (0) 1y |
| | 154 | Key expires at di 24 jul 2018 23:15:08 CEST |
| | 155 | Is this correct? (y/N) y |
| | 156 | Really create? (y/N) y |
| | 157 | Please enter the passphrase to unlock the OpenPGP secret key: |
| | 158 | "Jorrit Jorritsma <jsj@xs4all.nl>" |
| | 159 | 3072-bit RSA key, ID C2D3C98C511F9CF8, |
| | 160 | created 2017-07-24. |
| | 161 | |
| | 162 | Passphrase: |
| | 163 | We need to generate a lot of random bytes. It is a good idea to perform |
| | 164 | some other action (type on the keyboard, move the mouse, utilize the |
| | 165 | disks) during the prime generation; this gives the random number |
| | 166 | generator a better chance to gain enough entropy. |
| | 167 | |
| | 168 | sec rsa3072/C2D3C98C511F9CF8 |
| | 169 | created: 2017-07-24 expires: 2018-07-24 usage: C |
| | 170 | trust: ultimate validity: ultimate |
| | 171 | ssb rsa2048/ED815E1D36A718D2 |
| | 172 | created: 2017-07-24 expires: 2018-07-24 usage: E |
| | 173 | [ultimate] (1). Jorrit Jorritsma <jsj@xs4all.nl> |
| | 174 | |
| | 175 | gpg> save |
| | 176 | }}} |
