[Discuss] [BLU/Officers] update instructions for key signing

[Bill Horne]

Bill,

I've got a question about GPG, or actually about PKI in general.

Since my browser now flags non-https sites as "Unsecure," I'd like to 
know how to generate a key to put in my Apache setup which will swing 
the padlocks shut. I know that it won't be "valid" unless I import the 
key into my browser, but that's a one-time effort and will stop the 
"unsecure" messages when I ask people to visit my websites.

Also, if possible, I'd like to be able to pass out keys for users to use 
in lieu of passwords to access secured areas.

Please tell me how to go about that, and thanks in advance.

Bill


On 9/16/2018 11:41 PM, Bill Ricker wrote:
>
> * We will NO LONGER sign RSA or DSA 1024b keys (or shorter). Obsolete.
> * We will NOT sign RSA 2048b keys without expiration dates orwith 
> expiration dates beyond 2020.
> * Use RSA 4096 or ed25519 for gpg2 --gen-key
>
> Notes
> * If concerned about well-capitalized massive factoring dictionaries,
> subtract a small multiple of 8 bits to get a size that is not standard
> and thus won't be dictionaried.
> * Alas the one trustworthy ECC curve,  ed25519, is supported only in
> GPG 2.1.7+ (gpg2), but if you have recent Ubuntu you you can use it now.
>   See https://nickhu.co.uk/posts/2016-09-03-curvy-gpg/ for instructions
> GPG2 gives a warning that it's not yet standardized so i'm considering 
> it still somewhat expriemental ... i'm going to try a 10y expiring on 
> this
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Announce mailing list
> Announce at blu.org <mailto:Announce at blu.org>
> http://lists.blu.org/mailman/listinfo/announce
>
>
> -- 
> Bill Ricker
> bill.n1vux at gmail.com <mailto:bill.n1vux at gmail.com>
> https://www.linkedin.com/in/n1vux
>
>
> _______________________________________________
> Officers mailing list
> Officers at blu.org
> http://lists.blu.org/mailman/listinfo/officers

-- 
Bill Horne
828-678-1548 (Cell)