------
 Committers - Making GPG Keys
 ------
 Apache Onami Documentation Team
 ------
 2012-11-16
 ------

~~
~~ Licensed to the Apache Software Foundation (ASF) under one
~~ or more contributor license agreements.  See the NOTICE file
~~ distributed with this work for additional information
~~ regarding copyright ownership.  The ASF licenses this file
~~ to you under the Apache License, Version 2.0 (the
~~ "License"); you may not use this file except in compliance
~~ with the License.  You may obtain a copy of the License at
~~
~~   http://www.apache.org/licenses/LICENSE-2.0
~~
~~ Unless required by applicable law or agreed to in writing,
~~ software distributed under the License is distributed on an
~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~~ KIND, either express or implied.  See the License for the
~~ specific language governing permissions and limitations
~~ under the License.
~~

Introduction

 You need to add your GPG keys in {{https://svn.apache.org/repos/asf/onami/committers/KEYS}} before a release. Here are some
 useful {{{http://www.gnupg.org/}GnuPG}} commands to generate your Keys.

* gpg --gen-key

+-----+
$ gpg --gen-key
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de"

Real name: Simone Tripodi
Email address: simonetripodi@apache.org
Comment: simonetripodi
You selected this USER-ID:
    "Simone Tripodi (simonetripodi) <simonetripodi@apache.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option "--edit-key".

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++.++++++++++..+++++++++++++++++++++++++++++++++++++++++++++++
+++.+++++++++++++++.++++++++++++++++++++..+++++++++++++++>++++++++++............
.........................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++++++++++++..++++++++++++++++++++....+++++.++++++++++.++++++++++.++++++++++
+++++.+++++++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++++++++++++>+
+++++++++>+++++>+++++......................................................>++++
+......<.+++++........................+++++^^^
gpg: /Users/simonetripodi/.gnupg/trustdb.gpg: trustdb
created
gpg: key 07DDB702 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/19FEA27D 2010-03-24
uid                  Simone Tripodi (simonetripodi) <simonetripodi@apache.org>
sub   4096g/C002CC79 2010-03-24
+-----+

* gpg --list-sigs

+-----+
>gpg --list-sigs 19FEA27D && gpg --armor --export 19FEA27D
pub   1024D/19FEA27D 2010-03-24
uid                  Simone Tripodi (simonetripodi) <simonetripodi@apache.org>
sub   4096g/C002CC79 2010-03-24

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (Darwin)

mQGiBEuqRGMRBACBis5psYJVe33ZtVEl8KbmdPWvZ02PZOgn4XxIDl4Gc/ShtuKr
0LYk7jOFeh00hwJWGROllsa18VxEfEZpDCLlOOX9Df0BONcq6ObUyZi1ila0oLpz
PdZ7bvhysgJReSKvOxlbV+wT6VkvcBwAZRi4gbu/LIeterad1aquPJA82wCg2AIi
wjgbSfKXmT5p191BnnyDcsED/jWivZhW6bz6IgMcJjJ1i3UUsQh8xYHr9j+lM9ML
4OwM7o2znonsrx8orypGK8/3sx4SPtaUSWsh7DOLmmb2xJQgnY4H4+75Hw4Pu5Uq
3hzHbmNKKrsF1xO5sfTRsN7KqS/JwNcb/iJC2YBvcClBHxLhZuOhe4k1o0LSQ3C1
A1+SA/943uYa1/XVTnSe7b8egDejtjpqJ7rPveansJfzQt0+3ZTJFSaYZlY69W2i
WafKKPvQkkQGYfWxOSk1s4lzBDvFBqQKpFY2E/JVFgymrEy0F7iSpG//A85/QWJg
5rHxD2E5ftEyQ20wTX51B0tVQ8VWiwuT0F/t349OAbcxIYXQFrQ5U2ltb25lIFRy
aXBvZGkgKHNpbW9uZXRyaXBvZGkpIDxzaW1vbmV0cmlwb2RpQGFwYWNoZS5vcmc+
iGAEExECACAFAkuqRGMCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDK9exZ
Gf6ifQjuAJ4wEmGExNReb2ppL3iMWitxdf8aAwCaA65zG5hiWqkl/dlYN2TYy08R
Q9y5BA0ES6pEYxAQAJ/yi70fJ2hQNMuvzFGgAA0t/XnQmabPnGY9X2VA6Wvrvh79
jvtZKFzz9CNAANc1wjrWyLSXl/BzGL3Qnz2C4ECqdb5jTsU4JdN8rNqU8ABwQpQg
65hEyczEbfZu77Phau7JgXJ59AgesrTEZ97QJsOn/AD9in6rdvGWkmjL/3KuDEKv
WSeZ63TkjAVYb+s2iJ7tUUXma4Yy6vy0P4K05PEQU4A0XxkfXqWKYdm1kAOzmfH+
7FSWirKdgfdaisHOra2Nyh8L7hlGe8NmgsIhWvA18i5kAxDTgurr90FiFX0/rWae
yw03ltDQkIJDABlL4pabxR46W/XCD5ET7jpiYkxIxYgCjpvSNh8utfvb+/gbpMd+
dU6u1wNhGVKZVtU0OVzV7cp79gD4cW276Qw3z00uyGj+QEGgQGXaj/9E6ofDnlOw
mZqGPnDqotGq62ry0dHNpMx2tmBAmuUts9lB34/7tsYx0LvbSc/j34rZQWoorUX5
8ewVwJd7CFHEkTL3dsJYrshW0yhq84nmhtpJM99zPPXdw5tc5o3a8EHIM/u1zmWU
DNgZQahdvfLXX5VSlbiT5gOx8e8KafBvIF5GhdFTl/3zspHXB7jPlhF6HDrFa49b
xZAtQDVhfG2ewr6oOv0g6I/uFVUDlTr6Aeaju/HSxbZCewJGM2WwQAwWAdbHAAMF
D/9p5TRPn5gfY4ZP9eYbYf1XqmzN8ExOsWAKIr0DooNXIsZqUkSGEKYTU9a8F4cc
Ehzi4fFmI9mm6FWTOM+nOIW3pghy9kiKbNTbJim+p1sphriEoDhrM2bsjNtEpvmB
1W+6KtnjgiVj5DFy9R/fGdZyY9GHcpt29Hf+fxesLrrqxe5EDqV8Lrs1IYVPDqqJ
fqzTM87HH7CLohs79gvKARNWyKJXdZnI3bvdpBI4oED8pyKpS57iqew6lVvRbxli
EtqYotcKnU8s8JNWj8y1jaoaoBP2jVro3EnZ/CCz7JtRz8Iyqg8U8MneMpxFxqpP
LnRbytX6/sHbL4859GujSUb5zhXM3GfWaIcfBStCXBICoPyQcJC9xEiDxHOKNuDd
0rB2K9Si1JKs9D7mwUURw7c0OH0U7WKHRIjdEQ9wruvIsG1DKf272ABlR1vc3wBQ
u+karL6ZVwDFpTOhI0rxupwXeFbrFNXw65zrvs9je7BnPS5P/jh+UK2fuX/2cpBn
uZD3ZRUDxOla07lsU69yUAVs+LUpk6GJ85oz4usDk/QVrd4tqbKOCLbIP+c8AaTH
bnx1XBeZosJmn+cjAXUZ0gredlbRqwR5HrAUMsSUswfHVEw/a5dm4xWDlOxpSkH1
niquivoyoZQAFOlEA9Sm/q9ckHspvApUvGXiBTNt+rVUOYhJBBgRAgAJBQJLqkRj
AhsMAAoJEMr17FkZ/qJ9vzwAn0vGmShhBzWDSkLjTQ+qW8VXLee2AKCCqsqCN9eL
dcC0KEtNPufKywDTzA==
=vtxx
-----END PGP PUBLIC KEY BLOCK-----
+-----+

 You need to append this result to {{https://svn.apache.org/repos/asf/onami/committers/KEYS}}.

 A quick way to append this result would be executing the command below:

+-----+
(gpg --list-sigs <your key> && gpg --armor --export <your key>) >> KEYS
+-----+

 You also need to upload your key to the public server: {{http://pgp.mit.edu/}}
 by copying the same you appended in the text field and submit.
 You can ensure by searching your email in key search engine.

 Finally you should follow the FAQ "Public key not found? Where does the checker look for keys?" at {{http://people.apache.org/~henkp/checker/faq.html}Checker FAQ}

 You can read more about {{{http://www.apache.org/dev/release-signing.html#faq}Checksums And Signatures}} and {{{https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven} How to Generate PGP Signatures With Maven}}