TranslateProject/sources/tech/20180202 How to Manage PGP and SSH Keys with Seahorse.md
2018-02-25 10:36:06 +08:00

8.6 KiB
Raw Blame History

Translating by qhwdw How to Manage PGP and SSH Keys with Seahorse

Seahorse Learn how to manage both PGP and SSH keys with the Seahorse GUI tool.Creative Commons Zero

Security is tantamount to peace of mind. After all, security is a big reason why so many users migrated to Linux in the first place. But why stop with merely adopting the platform, when you can also employ several techniques and technologies to help secure your desktop or server systems.

One such technology involves keys—in the form of PGP and SSH. PGP keys allow you to encrypt and decrypt emails and files, and SSH keys allow you to log into servers with an added layer of security.

Sure, you can manage these keys via the command-line interface (CLI), but what if youre working on a desktop with a resplendent GUI? Experienced Linux users may cringe at the idea of shrugging off the command line, but not all users have the same skill set and comfort level there. Thus, the GUI!

In this article, I will walk you through the process of managing both PGP and SSH keys through the Seahorse GUI tool. Seahorse has a pretty impressive feature set; it can:

  • Encrypt/decrypt/sign files and text.

  • Manage your keys and keyring.

  • Synchronize your keys and your keyring with remote key servers.

  • Sign and publish keys.

  • Cache your passphrase.

  • Backup both keys and keyring.

  • Add an image in any GDK supported format as a OpenPGP photo ID.

  • Create, configure, and cache SSH keys.

For those that dont know, Seahorse is a GNOME application for managing both encryption keys and passwords within the GNOME keyring. But fear not, Seahorse is available for installation on numerous desktops. And since Seahorse is found in the standard repositories, you can open up your desktops app store (such as Ubuntu Software or Elementary OS AppCenter) and install. To do this, locate Seahorse in your distributions application store and click to install. Once you have Seahorse installed, youre ready to start making use of a very handy tool.

Lets do just that.

PGP Keys

The first thing were going to do is create a new PGP key. As I said earlier, PGP keys can be used to encrypt email (with tools like ThunderbirdEnigmail or the built-in encryption function with Evolution). A PGP key also allows you to encrypt files. Anyone with your public key will be able to decrypt those emails or files. Without a PGP key, no can do.

Creating a new PGP key pair is incredibly simple with Seahorse. Heres what you do:

  1. Open the Seahorse app

  2. Click the + button in the upper left corner of the main pane

  3. Select PGP Key (Figure 1)

  4. Click Continue

  5. When prompted, type a full name and email address

  6. Click Create

Seahorse Figure 1: Creating a PGP key with Seahorse.Used with permission

While creating your PGP key, you can click to expand the Advanced key options section, where you can configure a comment for the key, encryption type, key strength, and expiration date (Figure 2).

PGP Figure 2: PGP key advanced options.Used with permission

The comment section is very handy to help you remember a keys purpose (or other informative bits). With your PGP created, double-click on it from the key listing. In the resulting window, click on the Names and Signatures tab. In this window, you can sign your key (to indicate you trust this key). Click the Sign button and then (in the resulting window) indicate how carefully youve checked this key and how others will see the signature (Figure 3).

Key signing Figure 3: Signing a key to indicate trust level.Used with permission

Signing keys is very important when youre dealing with other peoples keys, as a signed key will ensure your system (and you) youve done the work and can fully trust an imported key.

Speaking of imported keys, Seahorse allows you to easily import someones public key file (the file will end in .asc). Having someones public key on your system means you can decrypt emails and files sent to you from them. However, Seahorse has suffered a known bug for quite some time. The problem is that Seahorse imports using gpg version one, but displays with gpg version two. This means, until this long-standing bug is fixed, importing public keys will always fail. If you want to import a public PGP key into Seahorse, youre going to have to use the command line. So, if someone has sent you the file olivia.asc, and you want to import it so it can be used with Seahorse, you would issue the command gpg2 --import olivia.asc. That key would then appear in the GnuPG Keys listing. You can open the key, click the I trust signatures button, and then click the Sign this key button to indicate how carefully youve checked the key in question.

SSH Keys

Now we get to what I consider to be the most important aspect of Seahorse—SSH keys. Not only does Seahorse make it easy to generate an SSH key, it makes it easy to send that key to a server, so you can take advantage of SSH key authentication. Heres how you generate a new key and then export it to a remote server.

  1. Open up Seahorse

  2. Click the + button

  3. Select Secure Shell Key

  4. Click Continue

  5. Give the key a description

  6. Click Create and Set Up

  7. Type and verify a passphrase for the key

  8. Click OK

  9. Type the address of the remote server and a remote login name found on the server (Figure 4)

  10. Type the password for the remote user

  11. Click OK

SSH key Figure 4: Uploading an SSH key to a remote server.Used with permission

The new key will be uploaded to the remote server and is ready to use. If your server is set up for SSH key authentication, youre good to go.

Do note, during the creation of an SSH key, you can click to expand the Advanced key options and configure Encryption Type and Key Strength (Figure 5).

Advanced options Figure 5: Advanced SSH key options.Used with permission

A must-use for new Linux users

Any new-to-Linux user should get familiar with Seahorse. Even with its flaws, Seahorse is still an incredibly handy tool to have at the ready. At some point, you will likely want (or need) to encrypt or decrypt an email/file, or manage secure shell keys for SSH key authentication. If you want to do this, while avoiding the command line, Seahorse is the tool to use.

Learn more about Linux through the free "Introduction to Linux" course from The Linux Foundation and edX.


via: https://www.linux.com/learn/intro-to-linux/2018/2/how-manage-pgp-and-ssh-keys-seahorse

作者:JACK WALLEN 译者:译者ID 校对:校对者ID

本文由 LCTT 原创编译,Linux中国 荣誉推出