「DeveloperWiki:パッケージの署名」の版間の差分
ナビゲーションに移動
検索に移動
(セクション見出しの訳出) |
|||
| 1行目: | 1行目: | ||
| − | [[Category:DeveloperWiki]] |
+ | [[Category:DeveloperWiki]] |
| + | [[en:DeveloperWiki:Signing Packages]] |
||
| + | __NOTOC__ |
||
| − | == |
+ | ==UID を選ぶ== |
* Use a valid e-mail address: no obfuscation. |
* Use a valid e-mail address: no obfuscation. |
||
* The e-mail address should be reliable (do not use one you got from your ISP or a random free service). |
* The e-mail address should be reliable (do not use one you got from your ISP or a random free service). |
||
| 9行目: | 11行目: | ||
* We strongly advise you use your real name. It has to be exactly that found on official documents (passport, driver's license, etc.); see [http://wiki.cacert.org/PracticeOnNames CAcert's practice on names]. |
* We strongly advise you use your real name. It has to be exactly that found on official documents (passport, driver's license, etc.); see [http://wiki.cacert.org/PracticeOnNames CAcert's practice on names]. |
||
| + | ==キーペアを作る== |
||
| − | ==Create a key pair== |
||
# Install <code>gnupg</code>. |
# Install <code>gnupg</code>. |
||
# Run: <code>gpg --gen-key</code> |
# Run: <code>gpg --gen-key</code> |
||
| 18行目: | 20行目: | ||
# Backup your private key: <code>gpg --export-secret-keys pierre@archlinux.de > pierre@archlinux.de-private.asc</code> |
# Backup your private key: <code>gpg --export-secret-keys pierre@archlinux.de > pierre@archlinux.de-private.asc</code> |
||
| + | ==推奨: キーを CAcert にサインしてもらう== |
||
| − | ==Recommended: Get your key signed by CAcert== |
||
# [https://www.cacert.org/index.php?id=1 Create an account on CAcert.] |
# [https://www.cacert.org/index.php?id=1 Create an account on CAcert.] |
||
# Meet CAcert assurers and have them verify your official identification documents; see [http://www.cacert.org/policy/AssurancePolicy.php CAcert's assurance policy]. |
# Meet CAcert assurers and have them verify your official identification documents; see [http://www.cacert.org/policy/AssurancePolicy.php CAcert's assurance policy]. |
||
| 26行目: | 28行目: | ||
## Save the signed key from the CAcert website and import it: <code>gpg --import <filename></code> |
## Save the signed key from the CAcert website and import it: <code>gpg --import <filename></code> |
||
| + | ==推奨: キーを他の開発者にサインしてもらう== |
||
| − | ==Recommended: Get your key signed by other devs== |
||
# When ever you meet with another dev, sign each others' keys. |
# When ever you meet with another dev, sign each others' keys. |
||
# Take this seriously: never sign a key when you cannot verify the other person's identity. |
# Take this seriously: never sign a key when you cannot verify the other person's identity. |
||
# See [http://www.cacert.org/policy/AssurancePolicy.php CAcert's assurance policy] for good guidelines. |
# See [http://www.cacert.org/policy/AssurancePolicy.php CAcert's assurance policy] for good guidelines. |
||
| + | ==公開鍵を公開する== |
||
| − | ==Publish your public key== |
||
# Send your public key to a keyserver: |
# Send your public key to a keyserver: |
||
## Check your key id with: <code>gpg -k</code> |
## Check your key id with: <code>gpg -k</code> |
||
| 37行目: | 39行目: | ||
# Add your key fingerprint to your profile at https://www.archlinux.org/devel/profile/ |
# Add your key fingerprint to your profile at https://www.archlinux.org/devel/profile/ |
||
| − | == |
+ | ==安全に!== |
# Create a backup of your keys and be sure not to forget the passphrase! |
# Create a backup of your keys and be sure not to forget the passphrase! |
||
2020年5月22日 (金) 13:34時点における版
UID を選ぶ
- Use a valid e-mail address: no obfuscation.
- The e-mail address should be reliable (do not use one you got from your ISP or a random free service).
- When in doubt, you should prefer using your
@archlinux.orgaddress. - The UID also has to be the same as the
PACKAGERvariable you use to build packages. - A correct UID looks like this:
Pierre Schmitz <pierre@archlinux.de> - We strongly advise you use your real name. It has to be exactly that found on official documents (passport, driver's license, etc.); see CAcert's practice on names.
キーペアを作る
- Install
gnupg. - Run:
gpg --gen-key- You may use the default: a never expiring 2048-bit RSA key for encryption and signing.
- Create a revocation certificate, for use when/if your private key ever gets compromised:
- Run:
gpg -o ~/.gnupg/pierre@archlinux.de-revoke.asc --gen-revoke pierre@archlinux.de - Make sure to store this file in a secure location (and/or encrypt it with a passphrase); then delete the plaintext version.
- Run:
- Backup your private key:
gpg --export-secret-keys pierre@archlinux.de > pierre@archlinux.de-private.asc
推奨: キーを CAcert にサインしてもらう
- Create an account on CAcert.
- Meet CAcert assurers and have them verify your official identification documents; see CAcert's assurance policy.
- You will then be able to access a new part of the CAcert website and get your key signed:
- Export your public key:
gpg --export --armor pierre@archlinux.de > pierre@archlinux.de.asc - Paste the content of that file into the form on the CAcert website.
- Save the signed key from the CAcert website and import it:
gpg --import <filename>
- Export your public key:
推奨: キーを他の開発者にサインしてもらう
- When ever you meet with another dev, sign each others' keys.
- Take this seriously: never sign a key when you cannot verify the other person's identity.
- See CAcert's assurance policy for good guidelines.
公開鍵を公開する
- Send your public key to a keyserver:
- Check your key id with:
gpg -k - Run:
gpg --send-keys KEY-ID
- Check your key id with:
- Add your key fingerprint to your profile at https://www.archlinux.org/devel/profile/
安全に!
- Create a backup of your keys and be sure not to forget the passphrase!