2019-11-26 09:54:54 +01:00
|
|
|
---
|
|
|
|
layout: null
|
2022-04-03 17:50:12 +02:00
|
|
|
permalink: /n/gpg.html
|
2019-11-30 22:05:15 +01:00
|
|
|
redirect_from:
|
2022-04-03 17:50:12 +02:00
|
|
|
- /r/gpg.html
|
2019-11-30 22:05:15 +01:00
|
|
|
- /r/gnupg.html
|
|
|
|
- /r/clawsmail.html
|
|
|
|
- /r/claws-mail.html
|
2019-11-30 22:15:35 +01:00
|
|
|
- /r/wkd.html
|
2022-04-03 17:50:12 +02:00
|
|
|
- /n/gnupg.html
|
|
|
|
- /n/clawsmail.html
|
|
|
|
- /n/claws-mail.html
|
|
|
|
- /n/wkd.html
|
2023-03-09 11:18:49 +01:00
|
|
|
- n/keyoxide.html
|
|
|
|
- n/keybase.html
|
2022-04-03 17:50:12 +02:00
|
|
|
|
2023-01-23 07:55:47 +01:00
|
|
|
sitemap: false
|
2019-11-26 09:54:54 +01:00
|
|
|
---
|
|
|
|
|
2023-03-09 11:01:29 +01:00
|
|
|
# Quick GPG notes where I may find them
|
2019-11-26 09:54:54 +01:00
|
|
|
|
|
|
|
To create an Ed25519 key, or whatever will be the default version in the
|
|
|
|
future as defined by your GPG version:
|
|
|
|
|
|
|
|
```
|
2020-01-22 22:24:57 +01:00
|
|
|
gpg2 --quick-gen-key address@domain.example future-default
|
2019-11-26 09:54:54 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
Note the keyid and edit it
|
|
|
|
|
|
|
|
```
|
2020-01-22 22:24:57 +01:00
|
|
|
gpg2 --edit-key KEYID
|
2020-01-22 22:25:47 +01:00
|
|
|
adduid # here fill your name and details as asked no comments\*
|
2019-11-26 09:54:54 +01:00
|
|
|
1 # to select the uid the first command generated
|
|
|
|
deluid # to delete the uid which doesn't contain your name
|
|
|
|
save
|
|
|
|
```
|
|
|
|
|
2023-02-22 19:28:38 +01:00
|
|
|
\*\* Comments are considered harmful https://debian-administration.org/users/dkg/weblog/97
|
2020-01-22 22:25:47 +01:00
|
|
|
|
2019-11-26 09:54:54 +01:00
|
|
|
Then you are ready to publish the public key however you generally publish
|
|
|
|
it, preferably in multiple places from where some recognise revokation
|
|
|
|
certificates if the time ever comes.
|
|
|
|
|
|
|
|
NOTE: You can extend the expiry time of an expired gpg signature by issuing
|
|
|
|
the `expire` command in `--edit-key` and the key is valid again when the
|
|
|
|
update is reimported to gpg keyrings by other people.
|
|
|
|
|
|
|
|
Keybase note: To publish the key `keybase pgp select --multi` (where multi
|
2019-11-26 09:58:29 +01:00
|
|
|
is required for multiple PGP keys per account and to submit changes to it,
|
2019-11-26 09:54:54 +01:00
|
|
|
`keybase pgp update --all` (where --all is again necessary only if you have
|
|
|
|
multiple keys).
|
2019-11-30 22:05:15 +01:00
|
|
|
|
2023-02-22 19:28:38 +01:00
|
|
|
---
|
2019-11-30 22:05:15 +01:00
|
|
|
|
2023-03-09 11:01:29 +01:00
|
|
|
## Claws-mail note that is somewhat related.
|
2019-11-30 22:05:15 +01:00
|
|
|
|
|
|
|
Debian: `sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
|
|
|
|
|
|
|
|
Load plugins from Configuration (menu) --> Plugins --> Load, they are all
|
|
|
|
somewhere in `/usr/lib/x86_64-linux-gnu/claws-mail/plugins` or similar path.
|
|
|
|
|
|
|
|
It wants to read `~/.signature` which I have like:
|
|
|
|
|
|
|
|
```
|
2023-03-09 11:01:29 +01:00
|
|
|
Aminda Suomalainen
|
|
|
|
https://aminda.eu/
|
2019-11-30 22:05:15 +01:00
|
|
|
69FF 455A 869F 9031 A691 E0F1 9939 2F62 BAE3 0723
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
My other hats have like:
|
|
|
|
|
|
|
|
```
|
2023-03-09 11:01:29 +01:00
|
|
|
Aminda Suomalainen
|
2019-12-13 13:16:54 +01:00
|
|
|
position, where, wwwpage
|
|
|
|
email address
|
|
|
|
xxx xxx xxxx
|
2023-03-09 11:01:29 +01:00
|
|
|
xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
|
2019-11-30 22:05:15 +01:00
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
Note the empty line in the end, as PGP/INLINE is the way to sign emails,
|
|
|
|
it the PGP signature comes after it and in my opinion looks a bit cleaner
|
|
|
|
with the signature ending to an empty line.
|
|
|
|
|
2023-02-22 19:28:38 +01:00
|
|
|
---
|
2019-11-30 22:15:35 +01:00
|
|
|
|
2023-03-09 11:01:29 +01:00
|
|
|
## WKD
|
|
|
|
|
2019-11-30 22:15:35 +01:00
|
|
|
Setting up GPG WKD (Web Key Directory), mostly stripped/adjusted from
|
|
|
|
https://keyserver.mattrude.com/guides/web-key-directory/
|
|
|
|
|
|
|
|
Requires a control over domain/.well-known and email under that domain.
|
|
|
|
|
|
|
|
1. cd into site root
|
|
|
|
2. `mkdir -p .well-known/openpgpkey/hu`
|
|
|
|
3. `touch .well-known/openpgpkey/policy`
|
|
|
|
4. `gpg --list-keys --with-wkd <search-that-matches-your-key>`
|
|
|
|
5. `gpg --no-armor --export <YourKeyID> > .well-known/openpgpkey/hu/<YourWKD>`
|
|
|
|
6. repeat 5. for `+git` address and similar if applicable
|
|
|
|
7. in Jekyll `_config.yml` ensure existence of `include: [.well-known]` if
|
|
|
|
applicable.
|
|
|
|
8. deploy
|
|
|
|
9. test with `gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
|
|
|
|
|
|
|
|
NOTE: The empty `policy` goes to the `openpgpkey` directory, not `hu` (I
|
|
|
|
initially failed at this part)
|
|
|
|
|
|
|
|
NOTE: only one key/WKD/email.
|
2023-03-09 11:14:21 +01:00
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
## Keyoxide
|
|
|
|
|
|
|
|
Keyoxide can use PGP keys as profiles and looks at their notations. Useful
|
|
|
|
commands in `gpg --edit-key "key fingerprint here:
|
|
|
|
|
|
|
|
- Display notations: `showpref`
|
|
|
|
- Add notations: `notation`
|
|
|
|
- Remove notations: `notation` from `showpref` with a `-` in the beginning
|
|
|
|
|
|
|
|
Don't forget to `gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here" !
|
|
|
|
|
|
|
|
### Keyoxide docs
|
|
|
|
|
|
|
|
- [Generating a profile](https://docs.keyoxide.org/guides/openpgp-profile-gnupg/)
|
|
|
|
- [Available claims/proofs](https://docs.keyoxide.org/service-providers/)
|
|
|
|
- See bottom of the sidebar.
|