Security

Howto: Install GPG on Jolla Sailfish OS

Leave a comment

A Finnish start-up, Jolla, announced at the end of 2013 that it was producing a free and open source Sailfish OS, with an open hardware smart phone.

Here is a quick three-step guide to getting GPG installed.

STEP 1) install pinentry

You have three options:

  1. compile from source
  2. install pinentry-0.8.3-1.armv7hl.rpm
  3. use warehouse app to search for “pinentry” in OpenRepos, add “veskuh” repository and install gnupg-pinentry

STEP 2) open the terminal and install the GnuPG software

[nemo@Jolla ~]$ pkcon install gnupg2

Currently this installs version 2.0.4 with a home of ~/.gnupg

Supported algorithms:

    Pubkey: RSA, ELG, DSA
    Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
    Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512, SHA224
    Compression: ZIP, ZLIB, BZIP2

STEP 3) use the terminal to create a key

[nemo@Jolla ~]$ gpg2 –gen-key

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? [Enter]
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) [Enter]
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) [Enter]
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the 
user ID from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) "
Real name: Davi Ottenheimer
Email address: davi@flyingpenguin.com
Comment:[Enter]
You selected this USER-ID:
    "Davi Ottenheimer davi@flyingpenguin.com"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Enter passphrase                            x
x                                             x
x                                             x
x Passphrase _***********_____________________x
x                                             x
x       OK           Cancel                   x
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

gpg: key XXXXXXXX marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/XXXXXXXX 2015-07-29
Key fingerprint = XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
uid Davi Ottenheimer davi@flyingpenguin.com
sub 2048g/YYYYYYYY 2015-07-29

STEP 3.5) verify key

[nemo@Jolla ~]$ gpg2 -k

/home/nemo/.gnupg/pubring.gpg
-----------------------------
pub 1024D/XXXXXXXX 2015-07-29
uid Davi Ottenheimer davi@flyingpenguin.com
sub 2048g/YYYYYYYY 2015-07-29

NOTE: you may want to move and keep your secret key on a removable storage card

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.