Important: Access to the Private Key
8.3 Modifying Key Properties
You can modify properties of existing OpenPGP or SSH keys.
8.3.1 Editing OpenPGP Key Properties
The descriptions in this section apply to all OpenPGP keys.
1. Click Applications Utilities Passwords and Keys.
2. Double-click the PGP key you want to view or edit.
3. Use the options on the Owner tab to add a photo to the key or to change the passphrase associated with the key.
Photo IDs allow a key owner to embed one or more pictures of themselves in a key. These identities can be signed like normal user IDs. A photo ID must be in JPEG format. The recommended size is 120×150 pixels.
56 Modifying Key Properties SLES 12 SP4
If the chosen image does not meet the required le type or size, Passwords and Keys can resize and convert it on the y from any image format supported by the GDK library.
4. Click the Names and Signatures tab to add a user ID to a key.
See Section 8.3.1.1, “Adding a User ID” for more information.
5. Click the Details tab, which contains the following properties:
Key ID: The Key ID is similar to the Fingerprint, but the Key ID contains only the last eight characters of the ngerprint. It is generally possible to identify a key with only the Key ID, but sometimes two keys might have the same Key ID.
Type: Species the encryption algorithm used to generate a key. DSA keys can only sign.
ElGamal keys are used to encrypt.
Strength: Species the length, in bits, of the key. The longer the key, the more security it provides. However, a long key will not compensate for the use of a weak passphrase.
Fingerprint: A unique string of characters that exactly identies a key.
Created: The date the key was created.
Expires: The date the key can no longer be used (a key can no longer be used to perform key operations after it has expired). Changing a key's expiration date to a point in the future re-enables it. A good general practice is to have a master key that never expires and multiple subkeys that do expire and are signed by the master key.
Override Owner Trust: Here you can set the level of trust in the owner of the key. Trust is an indication of how sure you are of a person's ability to correctly extend the Web of trust. When there is a key that you have not signed, the validity of the key is determined from its signatures and how much you trust the people who made those signatures.
Export Secret Key: Exports the key to a le.
Subkeys: See Section 8.3.1.2, “Editing OpenPGP Subkey Properties” for more information.
57 Editing OpenPGP Key Properties SLES 12 SP4
6. Click Close.
8.3.1.1 Adding a User ID
User IDs allow multiple identities and e-mail addresses to be used with the same key. Adding a user ID is useful, for example, when you want to have an identity for your job and one for your friends. They take the following form:
Name (COMMENT) <E-MAIL>
1. Click Applications Utilities Passwords and Keys.
2. Double-click the PGP key you want to view or edit.
3. Click the Names and Signatures tab, then click Add Name.
4. Specify a name in the Full Name eld.
You must enter at least ve characters in this eld.
5. Specify an e-mail address in the E-Mail Address eld.
Your e-mail address is how most people will locate your key on a key server or other key provider. Make sure it is correct before continuing.
6. In the Key Comment eld, specify additional information that will display in the name of your new ID.
This information can be searched for on key servers.
58 Editing OpenPGP Key Properties SLES 12 SP4
7. Conrm your changes and enter the passphrase when prompted for it.
8.3.1.2 Editing OpenPGP Subkey Properties
Each OpenPGP key has a single master key used to sign only. Subkeys are used to encrypt and to sign as well. In this way, if your subkey is compromised, you do not need to revoke your master key.
1. Click Applications Utilities Passwords and Keys.
2. Double-click the PGP key you want to edit.
3. Click the Details tab, then click to show the Subkeys category.
4. Use the buttons on the left of the dialog to add, delete, expire, or revoke subkeys.
59 Editing OpenPGP Key Properties SLES 12 SP4
Each subkey has the following information:
ID: The identier of the subkey.
Type: Species the encryption algorithm used to generate a subkey. DSA keys can only sign, ElGamal keys are used to encrypt, and RSA keys are used to sign or to encrypt.
Usage: Shows if the key can be used to sign, to certify, or also to encrypt.
Created: Species the date the key was created.
Expires: Species the date the key can no longer be used.
Status: Species the status of the key.
Strength: Species the length, in bits, of the key. The longer the key, the more security it provides. However, a long key will not compensate for the use of a weak passphrase.
5. Click Close.
8.3.2 Editing Secure Shell Key Properties
The descriptions in this section apply to all SSH keys.
1. Click Applications Utilities Passwords and Keys.
2. Double-click the Secure Shell key you want to view or edit.
3. Use the options on the Key tab to change the name of the key or the passphrase associated with the key.
4. Click the Details tab, which contains the following properties:
Algorithm: Species the encryption algorithm used to generate a key.
Strength: Indicates the length in bits of a key. The longer the key, the more security it provides. However, a long key does not make up for the use of a weak passphrase.
Location: The location where the private key has been stored.
Fingerprint: A unique string of characters that exactly identies a key.
60 Editing Secure Shell Key Properties SLES 12 SP4
Export Complete Key: Exports the key to a le.
5. Click Close.