You are viewing a plain text version of this content. The canonical link for it is here.
Posted to community@apache.org by Robert Burrell Donkin <rd...@apache.org> on 2009/10/14 21:50:10 UTC

Re: [OpenPGP] Key Transition

Grant Ingersoll wrote:
> I'm trying to follow the instructions at:
> http://www.apache.org/dev/openpgp.html#generate-key
> 
> And am getting [1] below.  I think I have a public keyring (I've signed
> releases in the past so I thought it should just work).  I'm using GPG
> 2.0.12 on OS X (10.6).  I have a .gnupg directory and it contains a
> bunch of stuff, but I admit I've always just followed the instructions
> on this stuff and not understood the why behind it.

the home directory is used by GnuPG to store private keys and
configuration information. it's .gnupg by default but a useful trick is
setting this to some other location to get a clean configuration to
practice on or generate keys into.
http://www.apache.org/dev/openpgp.html#home should have some more details.


> [1]
>>gpg2 --gen-key
> gpg (GnuPG/MacGPG2) 2.0.12; Copyright (C) 2009 Free Software Foundation,
> Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Please select what kind of key you want:
>    (1) RSA and RSA (default)
>    (2) DSA and Elgamal
>    (3) DSA (sign only)
>    (4) RSA (sign only)
> Your selection? 1
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048) 4096
> Requested keysize is 4096 bits
> Please specify how long the key should be valid.
>          0 = key does not expire
>       <n>  = key expires in n days
>       <n>w = key expires in n weeks
>       <n>m = key expires in n months
>       <n>y = key expires in n years
> Key is valid for? (0) 0
> Key does not expire at all
> Is this correct? (y/N) y
> 
> GnuPG needs to construct a user ID to identify your key.
> 
> ...
> 
> gpg: no writable public keyring found: Unknown system error
> Key generation failed: Unknown system error

my best guess is either a permissions issue or a version conflict.
either way, the best approach is just to use another home for
generation. hopefully this should be covered in
http://www.apache.org/dev/openpgp.html#home.

i usually generate my keys in a new directory on an encrypted USB stick.
that way, if anything goes wrong my active keyrings are not effected.
maybe this should be added as a tip.

- robert


---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org