ItsDrike/itsdrike.com
1
0
Fork 0
mirror of https://github.com/ItsDrike/itsdrike.com.git synced 2025-01-23 20:14:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Mention -u option for key signing, fix formatting

Browse source
This commit is contained in:
ItsDrike 2023-12-31 00:04:36 +01:00
parent 5d4407b541
commit 863b170334
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
1 changed files with 18 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
content/posts/gnupg/index.md
View file

@ -67,6 +67,7 @@ gpg --full-gen-key
``` ```
This will ask a few questions, that will configure the key, most notably this will be: This will ask a few questions, that will configure the key, most notably this will be:
- **Key type** - Which you will most likely want to keep at the default value (RSA and RSA) - **Key type** - Which you will most likely want to keep at the default value (RSA and RSA)
- **Key size** - Where you should prefer the biggest possible size (probably 4096 bits), to make brute-force attacks - **Key size** - Where you should prefer the biggest possible size (probably 4096 bits), to make brute-force attacks
really hard really hard
@ -81,7 +82,7 @@ This will ask a few questions, that will configure the key, most notably this wi
files and got the key, it wouldn't be useful without the passphrase. But having to enter a passphrase each time can files and got the key, it wouldn't be useful without the passphrase. But having to enter a passphrase each time can
be annoying, ultimately you have to choose if you want convenience, or more security. be annoying, ultimately you have to choose if you want convenience, or more security.
After this, GPG will generate the actual keys, containing the configuration you entered using *entropy*. Entropy After this, GPG will generate the actual keys, containing the configuration you entered using _entropy_. Entropy
describes the amount of unpredictability that exists in your system. This is used to securely generate a random value describes the amount of unpredictability that exists in your system. This is used to securely generate a random value
(the key), which couldn't easily be reconstructed (computers are generally bad at creating truly random values). (the key), which couldn't easily be reconstructed (computers are generally bad at creating truly random values).
@ -179,6 +180,9 @@ gpg --sign-key [key-id]
Where, once again, `[key-id]` can be replaced by the received key's email address, or the ID. Where, once again, `[key-id]` can be replaced by the received key's email address, or the ID.
Note: You can specify `--local-user [key-id]`/`-u [key-id]` to select which key to sign with, if you don't wish to use
your default key. You can also sign with multiple keys by chaining the option
After you've signed the key, you should help the key's issuer to take the advantage of your signing and send them that After you've signed the key, you should help the key's issuer to take the advantage of your signing and send them that
signed version, so that when they're distributing their key to someone else, if that someone already has your key signed version, so that when they're distributing their key to someone else, if that someone already has your key
imported and they trust you, they can find out that you've trusted this key in that it's information (name, email) is imported and they trust you, they can find out that you've trusted this key in that it's information (name, email) is
@ -373,6 +377,7 @@ messages to your friends.
However I wanted to talk a bit more about many different places where GPG is often used, and maybe where you can use However I wanted to talk a bit more about many different places where GPG is often used, and maybe where you can use
it: it:
- A very common use-case, which I've already mentioned a bit about is the use in package managers. This is because with - A very common use-case, which I've already mentioned a bit about is the use in package managers. This is because with
package managers, it's hard for the owners of these to set up world-wide mirror servers across the entire world and package managers, it's hard for the owners of these to set up world-wide mirror servers across the entire world and
maintain each and every one of them, so instead, they rely on other people to set their own mirrors and make them maintain each and every one of them, so instead, they rely on other people to set their own mirrors and make them