river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: Apache release signing on Solaris 10
Date Mon, 04 Jan 2010 00:04:07 GMT
Robert,

How do I verify the generated keys are strong enough?

Cheers,

Peter.


Peter Firmstone wrote:
> Thanks Robert,
>
> GnuPG 1.4.10 has no trouble creating 4096 bit keys and it compiles 
> cleanly on Solaris, I have a set generated, I just wasn't sure if 
> there was some reason I should be using the later version.  1.4.10 is 
> still being maintained, its recommended for servers and embedded, 
> while 2.0.14 is preferred for desktops.
>
> If no one objects, I'd be happy to use the keys to sign the AR2 release.
>
> Cheers,
>
> Peter.
>
>
> Robert Burrell Donkin wrote:
>> On Fri, Jan 1, 2010 at 7:59 AM, Peter Firmstone <jini@zeus.net.au> 
>> wrote:
>>  
>>> I've been attempting to compile and install GnuPG 2.0.14 as per
>>> http://www.apache.org/dev/openpgp.html#generate-key
>>>
>>> Unfortunately GnuPG 2.0.14 depends upon libassuan-1.0.5 which uses 
>>> funopen
>>> or fopencookie calls that don't exist on Solaris 10.  NB. I succeeded
>>> getting GNU PThreads library version 2.0.7 compiled and installed, 
>>> which
>>> incidentally requested I email the author, to included it the tested
>>> platforms (after passing all tests).
>>>
>>> Other libraries required that I compiled and installed were:
>>> libgcrypt
>>> libksba
>>> libgpg-error
>>>
>>> I have GnuPG 1.4.10 installed, it can generate 4096 bit RSA keys.
>>>
>>> Is there anything on Solaris 10 that is considered suitable for key
>>> generation for Apache?
>>>     
>>
>> IIRC 1.4.10 has the required changes backported from the 2.x
>> codestream but i haven't had time to verify that the keys are
>> correctly generated or that the configuration instructions work (i may
>> be able to find some time in Feb once my semester one exams are done).
>> it is possible - with sufficient knowledge - to create secure keys
>> using 1.4.9 or earlier but it's fiddly and error prone. i think - but
>> haven't checked - that you should be able to follow the *full*
>> instructions for 2.x using 1.4.10 and then verify that the signatures
>> created by the new key are strong enough.
>>
>> - robert
>>
>>   
>
>


Mime
View raw message