== Generate KSM Key ==

Import of key material to an YK-KSM is typically always done via the
OpenPGP encrypted/signed KeyProvisioningFormat format.  This setup
assumes that each YK-KSM system has a private key.

Below is a walk-through of a typical key generation session for a host
called 'crater'.  As you can see at the end, it generated a key with a
key id of '8B88A11B'.

After this step you may want to generate AES keys for your YubiKeys,
see [[GenerateKeys]], and then import them to your KSM, see
[[ImportKeysToKSM]].

 
 user@crater:~$ gpg --gen-key
 gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.
 
 Please select what kind of key you want:
    (1) DSA and Elgamal (default)
    (2) DSA (sign only)
    (5) RSA (sign only)
 Your selection? 1
 DSA keypair will have 1024 bits.
 ELG-E keys may be between 1024 and 4096 bits long.
 What keysize do you want? (2048) 
 Requested keysize is 2048 bits
 Please specify how long the key should be valid.
          0 = key does not expire
       <n>  = key expires in n days
       <n>w = key expires in n weeks
       <n>m = key expires in n months
       <n>y = key expires in n years
 Key is valid for? (0) 
 Key does not expire at all
 Is this correct? (y/N) y
 
 You need a user ID to identify your key; the software constructs the user ID
 from the Real Name, Comment and Email Address in this form:
     "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
 
 Real name: YK-KSM crater Import Key
 Email address: 
 Comment: 
 You selected this USER-ID:
     "YK-KSM crater Import Key"
 
 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
 You need a Passphrase to protect your secret key.
 
 We need to generate a lot of random bytes. It is a good idea to perform
 some other action (type on the keyboard, move the mouse, utilize the
 disks) during the prime generation; this gives the random number
 generator a better chance to gain enough entropy.
 .+++++++++++++++++++++++++..+++++.+++++++++++++++++++++++++...+++++++++++++++.++++++++++.++++++++++++++++++++++++++++++++++++++++.++++++++++>++++++++++......++++++++++..++++++++++++++++++++..++++++++++++++++++++++++++++++++++++++++....+++++.+++++...+++++.++++++++++.+++++++++++++++.+++++..+++++.++++++++++.+++++++++++++++..+++++>++++++++++>+++++.................................>+++++..............+++++^^^
 gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
 gpg: key 8B88A11B marked as ultimately trusted
 public and secret key created and signed.
 
 gpg: checking the trustdb
 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
 gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
 pub   1024D/8B88A11B 2009-12-14
       Key fingerprint = 9B18 20A2 F02E 3C3B 84E3  44F5 AE72 7967 8B88 A11B
 uid                  YK-KSM crater Import Key
 sub   2048g/140A17F1 2009-12-14
 
 user@crater:~$