commit b03656fbbfdb56bae9778c5cea14a13ea92f2b11 Author: Georg Koppen gk@torproject.org Date: Fri Aug 28 10:55:29 2015 +0000
Bug 14625: Set expiration dates for TBB keys
We set an expiry date of 5 years in the future for the certification key and 2 years for subkeys. --- processes/KeyGeneration | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/processes/KeyGeneration b/processes/KeyGeneration index 4c65523..4c62c51 100644 --- a/processes/KeyGeneration +++ b/processes/KeyGeneration @@ -9,7 +9,7 @@ Preparations: 3) If not already done prepare the gpg.conf used for that device (See: https://help.riseup.net/en/security/message-security/openpgp/best-practices for help) -4) `exp rt nGNUPGHOME=/path/to/offline/storage/.gnupg` +4) `export GNUPGHOME=/path/to/offline/storage/.gnupg`
Key Creation Incantations and Instructions ------------------------------------------ @@ -20,7 +20,7 @@ Key Creation Incantations and Instructions 4) Choose "(E) Toggle the encrypt capability" 5) Choose "(Q) Finished" 6) Choose 4096 bit -7) Choose "0 = key does not expire" +7) Type "5y" 8) Choose "Tor Browser Developers" as real name 9) Choose "torbrowser@torproject.org" as email address 10) Choose "signing key" as comment @@ -28,7 +28,7 @@ Key Creation Incantations and Instructions 12) `gpg --edit-key YOURMASTERKEYID` 13) At the gpg> prompt enter: addkey 14) Choose "(4) RSA (sign only)" -15) Repeat step 6, 7, 13 and 14 as often as needed +15) Repeat step 6, 7 (with "2y" for subkeys), 13 and 14 as often as needed 16) At the gpg> prompt enter: save 16) Check whether the keys look good, e.g. with `hkt export-pubkeys YOURMASTERKEYID | hokey lint`