From 072c2a6a0693d53de16d8cc6311b82905c58bf46 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 31 Jul 2012 09:56:23 +0300 Subject: [PATCH 1/6] GPG guide: add setting of preferred keyserver. --- articles/guides/GPG/GPG.html | 10 ++++++++++ articles/guides/GPG/GPG.html.md | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/articles/guides/GPG/GPG.html b/articles/guides/GPG/GPG.html index eb502e7..46d36b6 100644 --- a/articles/guides/GPG/GPG.html +++ b/articles/guides/GPG/GPG.html @@ -73,6 +73,16 @@ sub 4096R/A4271AC5 2012-03-27

y

+
Setting preferred keyserver of the key.
+

Preferred keyserver is where the key is refreshed when someone runs "gpg2 --refresh-keys".

+

To set it run

+
+

gpg2 --edit-key KEYID

+
+
+

keyserver

+
+

and enter the keyserver address, for example hkp://pool.sks-keyservers.net (I recommend this keyserver).

Step 1: Importing old key

You can import your old private key same way as you import public keys. This means:

diff --git a/articles/guides/GPG/GPG.html.md b/articles/guides/GPG/GPG.html.md index 5022ba0..211ad1b 100644 --- a/articles/guides/GPG/GPG.html.md +++ b/articles/guides/GPG/GPG.html.md @@ -107,6 +107,18 @@ and confirm to save changes with > y +###### Setting preferred keyserver of the key. + +Preferred keyserver is where the key is refreshed when someone runs "gpg2 --refresh-keys". + +To set it run + +> gpg2 --edit-key KEYID + +> keyserver + +and enter the keyserver address, for example hkp://pool.sks-keyservers.net (I recommend this keyserver). + #### Step 1: Importing old key You can import your old private key same way as you import public keys. This means: From ab6d8384c295a1559c0fe052538b5a28dc4b6d7b Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 31 Jul 2012 09:57:59 +0300 Subject: [PATCH 2/6] GPG guide: add my name to copyright. --- articles/guides/GPG/GPG.html | 2 +- articles/guides/GPG/GPG.html.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/articles/guides/GPG/GPG.html b/articles/guides/GPG/GPG.html index 46d36b6..115243d 100644 --- a/articles/guides/GPG/GPG.html +++ b/articles/guides/GPG/GPG.html @@ -102,7 +102,7 @@ sub 4096R/A4271AC5 2012-03-27

Step 3: Configuring gpg(2)

The configuring of gpg happens in gpg configuration directory. In Linux and Mac this is ~/.gnupg/gpg.conf.

I recommend you to add following lines to it. I'll try to explain them with my best ability.

-

# Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. License information so I won't break license of the default config file, which I have appended.

+

# Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2012— Mika Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. License information so I won't break license of the default config file, which I have appended.

default-key KEYID

diff --git a/articles/guides/GPG/GPG.html.md b/articles/guides/GPG/GPG.html.md index 211ad1b..25b57d4 100644 --- a/articles/guides/GPG/GPG.html.md +++ b/articles/guides/GPG/GPG.html.md @@ -148,6 +148,7 @@ I recommend you to add following lines to it. I'll try to explain them with my b ``` # Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, +# 2012— Mika Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives From 759855c250f0a8de18e60d5426cfbf87bc653470 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 31 Jul 2012 10:00:27 +0300 Subject: [PATCH 3/6] GPG guide: add mentioning of import-clean. --- articles/guides/GPG/GPG.html | 8 ++++++-- articles/guides/GPG/GPG.html.md | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/articles/guides/GPG/GPG.html b/articles/guides/GPG/GPG.html index 115243d..6d636c4 100644 --- a/articles/guides/GPG/GPG.html +++ b/articles/guides/GPG/GPG.html @@ -111,12 +111,16 @@ sub 4096R/A4271AC5 2012-03-27 encrypt-to KEYID

So everything what you encrypt is also encrypted to you.

+

keyid-format 0xLONG

+
+

So keyids are shown in the longest format, including 0x prefix, which marks them as hexadecimanls.

+

charset UTF-8

So UTF-8 is used as default character set and most of characters can be used.

keyserver hkp://pool.sks-keyservers.net
-keyserver-options auto-key-retrieve no-include-revoked verbose
-

So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used.

+keyserver-options auto-key-retrieve no-include-revoked verbose import-clean +

So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used and signatures by unknown keys are automatically removed.

By the way, you can find my gpg.conf here.

Group lines

Group lines are a way to write email to one recepient and have it encrypted to multiple keys automatically.

diff --git a/articles/guides/GPG/GPG.html.md b/articles/guides/GPG/GPG.html.md index 25b57d4..7729f74 100644 --- a/articles/guides/GPG/GPG.html.md +++ b/articles/guides/GPG/GPG.html.md @@ -172,16 +172,20 @@ encrypt-to KEYID So everything what you encrypt is also encrypted to you. +> keyid-format 0xLONG + +So keyids are shown in the longest format, including 0x prefix, which marks them as hexadecimanls. + > charset UTF-8 So UTF-8 is used as default character set and most of characters can be used. ``` keyserver hkp://pool.sks-keyservers.net -keyserver-options auto-key-retrieve no-include-revoked verbose +keyserver-options auto-key-retrieve no-include-revoked verbose import-clean ``` -So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used. +So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used and signatures by unknown keys are automatically removed. By the way, you can find my gpg.conf [here]. From 6a3770a4f4dda8e14e7e1c83043e71bf0559c02d Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 31 Jul 2012 10:01:27 +0300 Subject: [PATCH 4/6] GPG guide: Fix groupline example. It used format SHORT instead of 0xLONG. --- articles/guides/GPG/GPG.html | 4 +--- articles/guides/GPG/GPG.html.md | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/articles/guides/GPG/GPG.html b/articles/guides/GPG/GPG.html index 6d636c4..a15e74b 100644 --- a/articles/guides/GPG/GPG.html +++ b/articles/guides/GPG/GPG.html @@ -125,14 +125,12 @@ keyserver-options auto-key-retrieve no-include-revoked verbose import-cleanGroup lines

Group lines are a way to write email to one recepient and have it encrypted to multiple keys automatically.

Example group line:

-

group =82A46728 8449A12B 666CC0DD 4EC00206

-
+=0x4DB53CFE82A46728 0x0BD622288449A12B 0x729DF464666CC0DD 0xCACC5B094EC00206

With that line, when recepient is touchlay-server@googlegroups.com, then emails are encrypted to those 4 keys.

NOTE: I think that group lines require email addresses to be in format

diff --git a/articles/guides/GPG/GPG.html.md b/articles/guides/GPG/GPG.html.md index 7729f74..eb08540 100644 --- a/articles/guides/GPG/GPG.html.md +++ b/articles/guides/GPG/GPG.html.md @@ -197,7 +197,7 @@ Group lines are a way to write email to one recepient and have it encrypted to m Example group line: -> group =82A46728 8449A12B 666CC0DD 4EC00206 +group =0x4DB53CFE82A46728 0x0BD622288449A12B 0x729DF464666CC0DD 0xCACC5B094EC00206 With that line, when recepient is touchlay-server@googlegroups.com, then emails are encrypted to those 4 keys. From 1ec2933434f22e7ebc5184e90fe864c56f8d6452 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 31 Jul 2012 10:05:59 +0300 Subject: [PATCH 5/6] GPG guide: add example keyid with 0xLONG format. --- articles/guides/GPG/GPG.html | 2 ++ articles/guides/GPG/GPG.html.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/articles/guides/GPG/GPG.html b/articles/guides/GPG/GPG.html index a15e74b..f7b2b67 100644 --- a/articles/guides/GPG/GPG.html +++ b/articles/guides/GPG/GPG.html @@ -114,6 +114,8 @@ encrypt-to KEYID

keyid-format 0xLONG

So keyids are shown in the longest format, including 0x prefix, which marks them as hexadecimanls.

+

Example outputs from --list-keys and gpg --fingerprint after setting 0xLONG as keyid format.

+

After you set 0xLONG as keyid-format, keys appear like 0x4DB53CFE82A46728 instead of 82A46728.

charset UTF-8

diff --git a/articles/guides/GPG/GPG.html.md b/articles/guides/GPG/GPG.html.md index eb08540..81e0b18 100644 --- a/articles/guides/GPG/GPG.html.md +++ b/articles/guides/GPG/GPG.html.md @@ -176,6 +176,10 @@ So everything what you encrypt is also encrypted to you. So keyids are shown in the longest format, including 0x prefix, which marks them as hexadecimanls. +Example outputs from --list-keys and gpg --fingerprint after setting 0xLONG as keyid format. + +After you set 0xLONG as keyid-format, keys appear like 0x4DB53CFE82A46728 instead of 82A46728. + > charset UTF-8 So UTF-8 is used as default character set and most of characters can be used. From e0d95769d18310bf2a4c1bba56925a6878738110 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Tue, 31 Jul 2012 10:07:48 +0300 Subject: [PATCH 6/6] GPG guide: say that group lines should be in 0xLONG format. --- articles/guides/GPG/GPG.html | 4 +--- articles/guides/GPG/GPG.html.md | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/articles/guides/GPG/GPG.html b/articles/guides/GPG/GPG.html index f7b2b67..758d568 100644 --- a/articles/guides/GPG/GPG.html +++ b/articles/guides/GPG/GPG.html @@ -135,14 +135,12 @@ document.write(''+''+e+''+'<\/'+ =0x4DB53CFE82A46728 0x0BD622288449A12B 0x729DF464666CC0DD 0xCACC5B094EC00206

With that line, when recepient is touchlay-server@googlegroups.com, then emails are encrypted to those 4 keys.

NOTE: I think that group lines require email addresses to be in format

-
-

-

See also my Enigmail instructions about group lines.

Comments

GPG can automatically add comments to signed and encrypted content. They are usually hidden by email clients, which support GPG.

diff --git a/articles/guides/GPG/GPG.html.md b/articles/guides/GPG/GPG.html.md index 81e0b18..39572a3 100644 --- a/articles/guides/GPG/GPG.html.md +++ b/articles/guides/GPG/GPG.html.md @@ -207,6 +207,7 @@ With that line, when recepient is touchlay-server@googlegroups.com, then emails NOTE: I think that group lines require email addresses to be in format +NOTE: KEYIDs in group line should be in format 0xLONG. If you don't use that format by default, use "gpg2 --keyid-format 0xLONG --list-keys". > See also my [Enigmail] instructions about group lines.