ItsDrike/itsdrike.com
1
0
Fork 0
mirror of https://github.com/ItsDrike/itsdrike.com.git synced 2024-09-19 17:59:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Mention -u option for key signing, fix formatting

Browse source
This commit is contained in:
ItsDrike 2023-12-31 00:04:36 +01:00
parent 5d4407b541
commit 863b170334
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
1 changed files with 18 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
content/posts/gnupg/index.md
View file

@ -3,9 +3,9 @@ title: Introduction to encryption with GnuPG
date: 2022-04-10
tags: [privacy, linux, encryption]
sources:
- "[GnuPG documentation](https://gnupg.org/documentation/index.html)"
- "[Arch Wiki on GnuPG](https://wiki.archlinux.org/title/GnuPG)"
- "[RedHat guide on GnuPG](https://www.redhat.com/sysadmin/getting-started-gpg)"
- "[GnuPG documentation](https://gnupg.org/documentation/index.html)"
- "[Arch Wiki on GnuPG](https://wiki.archlinux.org/title/GnuPG)"
- "[RedHat guide on GnuPG](https://www.redhat.com/sysadmin/getting-started-gpg)"
---
GnuPG (short for GNU Privacy Guard), also known as just GPG is a public-key cryptography implementation. This allows
@ -67,6 +67,7 @@ gpg --full-gen-key
```
This will ask a few questions, that will configure the key, most notably this will be:
- **Key type** - Which you will most likely want to keep at the default value (RSA and RSA)
- **Key size** - Where you should prefer the biggest possible size (probably 4096 bits), to make brute-force attacks
really hard
@ -81,7 +82,7 @@ This will ask a few questions, that will configure the key, most notably this wi
files and got the key, it wouldn't be useful without the passphrase. But having to enter a passphrase each time can
be annoying, ultimately you have to choose if you want convenience, or more security.
After this, GPG will generate the actual keys, containing the configuration you entered using *entropy*. Entropy
After this, GPG will generate the actual keys, containing the configuration you entered using _entropy_. Entropy
describes the amount of unpredictability that exists in your system. This is used to securely generate a random value
(the key), which couldn't easily be reconstructed (computers are generally bad at creating truly random values).
@ -179,6 +180,9 @@ gpg --sign-key [key-id]
Where, once again, `[key-id]` can be replaced by the received key's email address, or the ID.
Note: You can specify `--local-user [key-id]`/`-u [key-id]` to select which key to sign with, if you don't wish to use
your default key. You can also sign with multiple keys by chaining the option
After you've signed the key, you should help the key's issuer to take the advantage of your signing and send them that
signed version, so that when they're distributing their key to someone else, if that someone already has your key
imported and they trust you, they can find out that you've trusted this key in that it's information (name, email) is
@ -373,6 +377,7 @@ messages to your friends.
However I wanted to talk a bit more about many different places where GPG is often used, and maybe where you can use
it:
- A very common use-case, which I've already mentioned a bit about is the use in package managers. This is because with
package managers, it's hard for the owners of these to set up world-wide mirror servers across the entire world and
maintain each and every one of them, so instead, they rely on other people to set their own mirrors and make them