Geração das chaves de criptografia pública e privada

PostgreSQL no Raspberry Pi com FreeBSD 13

Usamos a ferramenta de encriptação e assinatura GnuPG (GNU Privacy Guard), que segue o padrão OpenPGP, para gerar as chaves pública e privada na máquina cliente, como mostrado abaixo:

halley@bsd:~ $ gpg --list-keys
halley@bsd:~ $ gpg --list-secret-keys
halley@bsd:~ $ gpg --quick-generate-key pguser
About to create a key for:
    "pguser"

Continue? (Y/n) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

            ┌──────────────────────────────────────────────────────┐
            │ Please enter the passphrase to                       │
            │ protect your new key                                 │
            │                                                      │
            │ Passphrase: ****************________________________ │
            │                                                      │
            │       <OK>                              <Cancel>     │
            └──────────────────────────────────────────────────────┘

            ┌──────────────────────────────────────────────────────┐
            │ Please re-enter this passphrase                      │
            │                                                      │
            │ Passphrase: ****************________________________ │
            │                                                      │
            │       <OK>                              <Cancel>     │
            └──────────────────────────────────────────────────────┘

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 7E22A76CEE687C1A marked as ultimately trusted
gpg: revocation certificate stored as '/home/halley/.gnupg/openpgp-revocs.d/9E2009DF5F471BF9BC4E020B7E22A76CEE687C1A.rev'
public and secret key created and signed.

pub   rsa3072 2021-06-13 [SC] [expires: 2023-06-13]
      9E2009DF5F471BF9BC4E020B7E22A76CEE687C1A
uid                      pguser
sub   rsa3072 2021-06-13 [E]

Listar as chaves pública e privada

halley@bsd:~ $ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-06-13
/home/halley/.gnupg/pubring.kbx
-------------------------------
pub   rsa3072 2021-06-13 [SC] [expires: 2023-06-13]
      9E2009DF5F471BF9BC4E020B7E22A76CEE687C1A
uid           [ultimate] pguser
sub   rsa3072 2021-06-13 [E]

halley@bsd:~ $ gpg --list-secret-keys
/home/halley/.gnupg/pubring.kbx
-------------------------------
sec   rsa3072 2021-06-13 [SC] [expires: 2023-06-13]
      9E2009DF5F471BF9BC4E020B7E22A76CEE687C1A
uid           [ultimate] pguser
ssb   rsa3072 2021-06-13 [E]

Exportar as chaves pública e privada

As chaves pública e privada criadas devem ser exportadas para arquivos em disco para serem usadas no PostgreSQL. É necessário informar a senha para exportar a chave privada.

halley@bsd:~ $ mkdir pgp
halley@bsd:~ $ gpg --armor --export "pguser" > ~/pgp/pguser_chave_publica
halley@bsd:~ $ gpg --armor --export-secret-keys "pguser" > ~/pgp/pguser_chave_privada

       ┌───────────────────────────────────────────────────────────────┐
       │ Please enter the passphrase to export the OpenPGP secret key: │
       │ "pguser"                                                      │
       │ 3072-bit RSA key, ID 7E22A76CEE687C1A,                        │
       │ created 2021-06-13.                                           │
       │                                                               │
       │                                                               │
       │ Passphrase: ****************_________________________________ │
       │                                                               │
       │         <OK>                                   <Cancel>       │
       └───────────────────────────────────────────────────────────────┘