mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2025-02-23 17:00:40 +01:00
artices/guides/GPG/*: use tyyli.css
This commit is contained in:
Mikaela Suomalainen
parent
9148cf0ac6
commit
f0736cbaaf
@ -1,59 +1,123 @@
|
|||||||
<!DOCTYPE html>
|
<!DOCTYPE html><html>
|
||||||
<html>
|
<head><meta name="description" content="Enigmail guide" /> <meta name="keywords" content="Thunderbird,Icedove, Enigmail,GnuPG,gpg" /> <meta name="author" content="Mika Suomalainen" /> <meta charset="UTF-8" /> <link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/Enigmail.html"> <title>Enigmail guide</title> <link rel="stylesheet" type="text/css" href="../../../tyyli.css" /></head>
|
||||||
<head>
|
<h1 id="quick-enigmail-guide."
|
||||||
<meta name="description" content="Enigmail guide" /> <meta name="keywords" content="Thunderbird,Icedove, Enigmail,GnuPG,gpg" /> <meta name="author" content="Mika Suomalainen" /> <meta charset="UTF-8" /> <link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/Enigmail.html">
|
>Quick Enigmail guide.</h1
|
||||||
<title>
|
><h1 id="what-do-you-need"
|
||||||
Enigmail guide
|
>What do you need</h1
|
||||||
</title>
|
><p
|
||||||
</head>
|
>This depends on your OS. You should also read my previous guides about <a href="GPG.html"
|
||||||
|
>GPG</a
|
||||||
<h1 id="quick-enigmail-guide.">Quick Enigmail guide.</h1>
|
> and <a href="../Thunderbird-Icedove.html"
|
||||||
<h1 id="what-do-you-need">What do you need</h1>
|
>Icedove / Thunderbird</a
|
||||||
<p>This depends on your OS. You should also read my previous guides about <a href="GPG.html">GPG</a> and <a href="../Thunderbird-Icedove.html">Icedove / Thunderbird</a>.</p>
|
>.</p
|
||||||
<h2 id="debian-based-distributins">Debian based distributins</h2>
|
><h2 id="debian-based-distributins"
|
||||||
<p>You need at least packages icedove or thunderbird and enigmail, but I recommend you to install gnupg2 and pinentry packages too.</p>
|
>Debian based distributins</h2
|
||||||
<blockquote>
|
><p
|
||||||
<p>aptitude install thunderbird enigmail gnupg2 pinentry-curses pinentry-gtk2 pinentry-qt4</p>
|
>You need at least packages icedove or thunderbird and enigmail, but I recommend you to install gnupg2 and pinentry packages too.</p
|
||||||
</blockquote>
|
><blockquote
|
||||||
<p>NOTE: In Debian Thunderbird is called Icedove and the package is icedove.</p>
|
><p
|
||||||
<h2 id="mac-os-x">Mac OS X</h2>
|
>aptitude install thunderbird enigmail gnupg2 pinentry-curses pinentry-gtk2 pinentry-qt4</p
|
||||||
<p>You need <a href="http://www.gpgtools.org/">GPG-tools</a>, <a href="https://www.mozilla.org/en-US/thunderbird/">Thunderbird</a> and <a href="http://enigmail.mozdev.org/home/index.php.html">Enigmail</a></p>
|
></blockquote
|
||||||
<h2 id="windows">Windows</h2>
|
><p
|
||||||
<p>You need <a href="http://www.gpg4win.org/">GPG4Win</a>, <a href="https://www.mozilla.org/en-US/thunderbird/">Thunderbird</a> and <a href="http://enigmail.mozdev.org/home/index.php.html">Enigmail</a>.</p>
|
>NOTE: In Debian Thunderbird is called Icedove and the package is icedove.</p
|
||||||
<h1 id="running-the-enigmail-wizard.">Running the Enigmail wizard.</h1>
|
><h2 id="mac-os-x"
|
||||||
<p>If Enigmail wizard doesn't appear by itself, open it manually from OpenPGP (menu) --> Enigmail wizard.</p>
|
>Mac OS X</h2
|
||||||
<p>NOTE: Allow wizard to do changes, which it wants.</p>
|
><p
|
||||||
<h2 id="enable-viewing-messages-in-original-html.">Enable viewing messages in original HTML.</h2>
|
>You need <a href="http://www.gpgtools.org/"
|
||||||
<p>You probably want to see the HTML in case the message has been sent using HTML.</p>
|
>GPG-tools</a
|
||||||
<p>You can see the messages in original HTML easily. Open View (menu) --> Message body as --> Original HTML.</p>
|
>, <a href="https://www.mozilla.org/en-US/thunderbird/"
|
||||||
<h2 id="if-the-wizard-fails">If the wizard fails</h2>
|
>Thunderbird</a
|
||||||
<h3 id="sending-plaintext">Sending plaintext</h3>
|
> and <a href="http://enigmail.mozdev.org/home/index.php.html"
|
||||||
<p>This is documented in my <a href="../Thunderbird-Icedove.html#sending-utf-8">Icedove / Thunderbird guide</a>.</p>
|
>Enigmail</a
|
||||||
<h3 id="signing-by-default.">Signing by default.</h3>
|
></p
|
||||||
<p>Open Edit --> Account Settings --> OpenPGP security and select "Enable OpenPG support (Enigmail) with this user information". Then select "Use specific OpenPGP key" and press the "select key" button. Now just select your private key.</p>
|
><h2 id="windows"
|
||||||
<p>After you have selected the key, I recommend you to select the first and the second boxes, which are about signing.</p>
|
>Windows</h2
|
||||||
<p>Remember to do this for multiple identities. Select the account and then click the "manage identities" button.</p>
|
><p
|
||||||
<h2 id="sending-utf-8">Sending UTF-8</h2>
|
>You need <a href="http://www.gpg4win.org/"
|
||||||
<p>I have documented this in my <a href="../Thunderbird-Icedove.html#sending-utf-8">Icedove / Thunderbird guide</a>.</p>
|
>GPG4Win</a
|
||||||
<p>This only changes the charset line to UTF-8 or removes the mentioning of charset in signature.</p>
|
>, <a href="https://www.mozilla.org/en-US/thunderbird/"
|
||||||
<h1 id="testing-that-everything-works">Testing that everything works</h1>
|
>Thunderbird</a
|
||||||
<p>Adele is PGP email bot. You can send email to it and it will tell you if it can decrypt your email or is it signed.</p>
|
> and <a href="http://enigmail.mozdev.org/home/index.php.html"
|
||||||
<p>You can get the PGP key of Adele by running</p>
|
>Enigmail</a
|
||||||
<blockquote>
|
>.</p
|
||||||
<p>gpg2 --keyserver pool.sks-keyservers.net --recv-keys 92AB3FF7</p>
|
><h1 id="running-the-enigmail-wizard."
|
||||||
</blockquote>
|
>Running the Enigmail wizard.</h1
|
||||||
<p>Just send your email to adele-en@gnupp.de and it will reply shortly.</p>
|
><p
|
||||||
<h1 id="sending-pgpmime-instead-of-pgpinline">Sending PGP/MIME instead of PGP/INLINE</h1>
|
>If Enigmail wizard doesn't appear by itself, open it manually from OpenPGP (menu) --> Enigmail wizard.</p
|
||||||
<p>PGP/MIME puts the signature to signature.asc ataachment and PGP/INLINE into "mess" in the bottom of email.</p>
|
><p
|
||||||
<p>WARNING: This might not work with some mailing lists (for example Ubuntu, Mozdev and GnuPG mailing lists)!</p>
|
>NOTE: Allow wizard to do changes, which it wants.</p
|
||||||
<p>There is open bug report about PGP/MIME not working on Ubuntu MLs at LaunchPad, <a href="https://bugs.launchpad.net/ubuntu/+bug/996581">996581</a></p>
|
><h2 id="enable-viewing-messages-in-original-html."
|
||||||
<p>NOTE: If you want to sign emails and use HTML at the same time, you <em>must</em> use PGP/MIME or otherwise your signature cannot be verified!</p>
|
>Enable viewing messages in original HTML.</h2
|
||||||
<p>To send PGP/MIME by default, open Edit --> Account Settings --> OpenPGP security and check "Use always PGP/MIME".</p>
|
><p
|
||||||
<p>Remember to check to do this for your all identities in case you have more than one of them. Edit --> Account Settings --> "Manage Identities..." button and after selecting identity, you can find OpenPGP security tab.</p>
|
>You probably want to see the HTML in case the message has been sent using HTML.</p
|
||||||
<h1 id="openpgp-headers.">OpenPGP headers.</h1>
|
><p
|
||||||
<p>To enable sending OpenPGP headers, return to OpenPGP settings (mentioned above) and click "advanced".</p>
|
>You can see the messages in original HTML easily. Open View (menu) --> Message body as --> Original HTML.</p
|
||||||
<p>Select the both checkboxes and write URL where your key is located. If you don't have homepage, you can link to webui of your preferred keyserver.</p>
|
><h2 id="if-the-wizard-fails"
|
||||||
<p>These headers appear in email source like this:</p>
|
>If the wizard fails</h2
|
||||||
<pre><code>OpenPGP: id=82A46728;
|
><h3 id="sending-plaintext"
|
||||||
url=http://mkaysi.github.com/PGP/key.txt</code></pre>
|
>Sending plaintext</h3
|
||||||
<p><a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">Enigmail guide</span> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.<br />Based on a work at <a xmlns:dct="http://purl.org/dc/terms/" href="http://mkaysi.github.com/articles/guides/GPG/Enigmail.html" rel="dct:source">mkaysi.github.com</a>.</p>
|
><p
|
||||||
|
>This is documented in my <a href="../Thunderbird-Icedove.html#sending-utf-8"
|
||||||
|
>Icedove / Thunderbird guide</a
|
||||||
|
>.</p
|
||||||
|
><h3 id="signing-by-default."
|
||||||
|
>Signing by default.</h3
|
||||||
|
><p
|
||||||
|
>Open Edit --> Account Settings --> OpenPGP security and select "Enable OpenPG support (Enigmail) with this user information". Then select "Use specific OpenPGP key" and press the "select key" button. Now just select your private key.</p
|
||||||
|
><p
|
||||||
|
>After you have selected the key, I recommend you to select the first and the second boxes, which are about signing.</p
|
||||||
|
><p
|
||||||
|
>Remember to do this for multiple identities. Select the account and then click the "manage identities" button.</p
|
||||||
|
><h2 id="sending-utf-8"
|
||||||
|
>Sending UTF-8</h2
|
||||||
|
><p
|
||||||
|
>I have documented this in my <a href="../Thunderbird-Icedove.html#sending-utf-8"
|
||||||
|
>Icedove / Thunderbird guide</a
|
||||||
|
>.</p
|
||||||
|
><p
|
||||||
|
>This only changes the charset line to UTF-8 or removes the mentioning of charset in signature.</p
|
||||||
|
><h1 id="testing-that-everything-works"
|
||||||
|
>Testing that everything works</h1
|
||||||
|
><p
|
||||||
|
>Adele is PGP email bot. You can send email to it and it will tell you if it can decrypt your email or is it signed.</p
|
||||||
|
><p
|
||||||
|
>You can get the PGP key of Adele by running</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --keyserver pool.sks-keyservers.net --recv-keys 92AB3FF7</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>Just send your email to adele-en@gnupp.de and it will reply shortly.</p
|
||||||
|
><h1 id="sending-pgpmime-instead-of-pgpinline"
|
||||||
|
>Sending PGP/MIME instead of PGP/INLINE</h1
|
||||||
|
><p
|
||||||
|
>PGP/MIME puts the signature to signature.asc ataachment and PGP/INLINE into "mess" in the bottom of email.</p
|
||||||
|
><p
|
||||||
|
>WARNING: This might not work with some mailing lists (for example Ubuntu, Mozdev and GnuPG mailing lists)!</p
|
||||||
|
><p
|
||||||
|
>There is open bug report about PGP/MIME not working on Ubuntu MLs at LaunchPad, <a href="https://bugs.launchpad.net/ubuntu/+bug/996581"
|
||||||
|
>996581</a
|
||||||
|
></p
|
||||||
|
><p
|
||||||
|
>NOTE: If you want to sign emails and use HTML at the same time, you <em
|
||||||
|
>must</em
|
||||||
|
> use PGP/MIME or otherwise your signature cannot be verified!</p
|
||||||
|
><p
|
||||||
|
>To send PGP/MIME by default, open Edit --> Account Settings --> OpenPGP security and check "Use always PGP/MIME".</p
|
||||||
|
><p
|
||||||
|
>Remember to check to do this for your all identities in case you have more than one of them. Edit --> Account Settings --> "Manage Identities..." button and after selecting identity, you can find OpenPGP security tab.</p
|
||||||
|
><h1 id="openpgp-headers."
|
||||||
|
>OpenPGP headers.</h1
|
||||||
|
><p
|
||||||
|
>To enable sending OpenPGP headers, return to OpenPGP settings (mentioned above) and click "advanced".</p
|
||||||
|
><p
|
||||||
|
>Select the both checkboxes and write URL where your key is located. If you don't have homepage, you can link to webui of your preferred keyserver.</p
|
||||||
|
><p
|
||||||
|
>These headers appear in email source like this:</p
|
||||||
|
><p
|
||||||
|
><code
|
||||||
|
>OpenPGP: id=82A46728; url=http://mkaysi.github.com/PGP/key.txt</code
|
||||||
|
></p
|
||||||
|
><p
|
||||||
|
><a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">Enigmail guide</span> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.<br />Based on a work at <a xmlns:dct="http://purl.org/dc/terms/" href="http://mkaysi.github.com/articles/guides/GPG/Enigmail.html" rel="dct:source">mkaysi.github.com</a>.</p
|
||||||
|
>
|
||||||
|
|||||||
@ -7,6 +7,7 @@
|
|||||||
<meta charset="UTF-8" />
|
<meta charset="UTF-8" />
|
||||||
<link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/Enigmail.html">
|
<link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/Enigmail.html">
|
||||||
<title>Enigmail guide</title>
|
<title>Enigmail guide</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../../../tyyli.css" />
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
# Quick Enigmail guide.
|
# Quick Enigmail guide.
|
||||||
|
|||||||
@ -1,342 +1,515 @@
|
|||||||
<!DOCTYPE html>
|
<!DOCTYPE html><html>
|
||||||
<html>
|
<head><meta name="description" content="GnuPG guide" /> <meta name="keywords" content="gpg,gnupg,terminal" /> <meta name="author" content="Mika Suomalainen" /> <meta charset="UTF-8" /> <link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/GPG.html"> <link rel="stylesheet" type="text/css" href="../../../tyyli.css" /> <title>GPG guide</title></head>
|
||||||
<head>
|
<h1 id="quick-gpg-guide"
|
||||||
<meta name="description" content="GnuPG guide" /> <meta name="keywords" content="gpg,gnupg,terminal" /> <meta name="author" content="Mika Suomalainen" /> <meta charset="UTF-8" /> <link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/GPG.html">
|
>Quick GPG guide</h1
|
||||||
<title>
|
><p
|
||||||
GPG guide
|
>Note: If gpg2 gives you error about invalid/unknown/etc. command, use gpg instead.</p
|
||||||
</title>
|
><h2 id="what-do-you-need"
|
||||||
</head>
|
>What do you need:?</h2
|
||||||
|
><h3 id="linux-debian-based-distributions"
|
||||||
<h1 id="quick-gpg-guide">Quick GPG guide</h1>
|
>Linux (Debian based distributions)</h3
|
||||||
<p>Note: If gpg2 gives you error about invalid/unknown/etc. command, use gpg instead.</p>
|
><p
|
||||||
<h2 id="what-do-you-need">What do you need:?</h2>
|
>You need at least package gnupg, but I recommend installing packages icedove enigmail pinentry pinentry-curses pinentry-gtk2 pinentry-qt4 signing-party and gnupg2.</p
|
||||||
<h3 id="linux-debian-based-distributions">Linux (Debian based distributions)</h3>
|
><blockquote
|
||||||
<p>You need at least package gnupg, but I recommend installing packages icedove enigmail pinentry pinentry-curses pinentry-gtk2 pinentry-qt4 signing-party and gnupg2.</p>
|
><h1
|
||||||
<blockquote>
|
>aptitude install gnupg gnupg2 icedove enigmail pinentry-curses pinentry-gtk2 pinentry-qt4 signing-party gnupg2</h1
|
||||||
<h1>aptitude install gnupg gnupg2 icedove enigmail pinentry-curses pinentry-gtk2 pinentry-qt4 signing-party gnupg2</h1>
|
></blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>NOTE: If you aren't using Debian, install package "thunderbird" instead of "icedove".</p>
|
>NOTE: If you aren't using Debian, install package "thunderbird" instead of "icedove".</p
|
||||||
<h3 id="mac-os-x">Mac OS X</h3>
|
><h3 id="mac-os-x"
|
||||||
<p>You need at least <a href="http://www.gpgtools.org/">GPG-tools</a>, but I also recommend you to install <a href="https://www.mozilla.org/en-US/thunderbird/">Thunderbird</a> and <a href="Enigmail.html">Enigmail</a>.</p>
|
>Mac OS X</h3
|
||||||
<h3 id="windows">Windows</h3>
|
><p
|
||||||
<p>You need at least <a href="http://www.gpg4win.org/">GPG4Win</a>, but I recommend installing <a href="https://www.mozilla.org/en-US/thunderbird/">Thunderbird</a> and <a href="Enigmail.html">Enigmail</a> too.</p>
|
>You need at least <a href="http://www.gpgtools.org/"
|
||||||
<h3 id="step-1">Step 1</h3>
|
>GPG-tools</a
|
||||||
<p>This depends are you generating a new key or importing old key.</p>
|
>, but I also recommend you to install <a href="https://www.mozilla.org/en-US/thunderbird/"
|
||||||
<h4 id="step-1-generating-a-new-key">Step 1: Generating a new key</h4>
|
>Thunderbird</a
|
||||||
<p>Open terminal (or cmd.exe if you are using Windows) and run</p>
|
> and <a href="Enigmail.html"
|
||||||
<blockquote>
|
>Enigmail</a
|
||||||
<p>gpg2 --gen-key</p>
|
>.</p
|
||||||
</blockquote>
|
><h3 id="windows"
|
||||||
<p>Notes:</p>
|
>Windows</h3
|
||||||
<ol class="incremental" style="list-style-type: decimal">
|
><p
|
||||||
<li><p>When you are asked for key size, enter the maximum size.</p></li>
|
>You need at least <a href="http://www.gpg4win.org/"
|
||||||
<li><p>When you are asked for email address, leave it empty. We will add it later.</p></li>
|
>GPG4Win</a
|
||||||
</ol>
|
>, but I recommend installing <a href="https://www.mozilla.org/en-US/thunderbird/"
|
||||||
<h5 id="adding-new-uids-user-identities">Adding new UIDs (User IDentities)</h5>
|
>Thunderbird</a
|
||||||
<p>First you need to find out the ID of the key, which you just created. You can see it with two commands.</p>
|
> and <a href="Enigmail.html"
|
||||||
<blockquote>
|
>Enigmail</a
|
||||||
<p>gpg2 --list-keys</p>
|
> too.</p
|
||||||
</blockquote>
|
><h3 id="step-1"
|
||||||
<p>Example output:</p>
|
>Step 1</h3
|
||||||
<pre><code>% gpg --list-keys
|
><p
|
||||||
pub 4096R/82A46728 2012-03-27
|
>This depends are you generating a new key or importing old key.</p
|
||||||
uid Mika Suomalainen
|
><h4 id="step-1-generating-a-new-key"
|
||||||
sub 4096R/A4271AC5 2012-03-27</code></pre>
|
>Step 1: Generating a new key</h4
|
||||||
<p>or</p>
|
><p
|
||||||
<blockquote>
|
>Open terminal (or cmd.exe if you are using Windows) and run</p
|
||||||
<p>gpg2 --fingerprint</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>Example output:</p>
|
>gpg2 --gen-key</p
|
||||||
<pre><code>% gpg2 --fingerprint
|
></blockquote
|
||||||
pub 4096R/82A46728 2012-03-27
|
><p
|
||||||
Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
|
>Notes:</p
|
||||||
uid Mika Suomalainen
|
><ol class="incremental" style="list-style-type: decimal"
|
||||||
sub 4096R/A4271AC5 2012-03-27</code></pre>
|
><li
|
||||||
<p>The second command also shows the key fingerprint which is usually used to identify the key. Note that you can see both keyid formats in fingerprint. The last eght characters in keyid are the short format and the last sixteen characters are the long format. If you want to see the long keyid, run</p>
|
><p
|
||||||
<blockquote>
|
>When you are asked for key size, enter the maximum size.</p
|
||||||
<p>gpg2 --list-keys --keyid-format long</p>
|
></li
|
||||||
</blockquote>
|
><li
|
||||||
<p>Now add the uid with the following commands:</p>
|
><p
|
||||||
<blockquote>
|
>When you are asked for email address, leave it empty. We will add it later.</p
|
||||||
<p>gpg2 --edit-key KEYID</p>
|
></li
|
||||||
</blockquote>
|
></ol
|
||||||
<p>and enter command:</p>
|
><h5 id="adding-new-uids-user-identities"
|
||||||
<blockquote>
|
>Adding new UIDs (User IDentities)</h5
|
||||||
<p>adduid</p>
|
><p
|
||||||
</blockquote>
|
>First you need to find out the ID of the key, which you just created. You can see it with two commands.</p
|
||||||
<p>and you are asked for name and email address again. This time you can give them both.</p>
|
><blockquote
|
||||||
<p>If that UID which has only your first name isn't the first UID, select it by giving command, which is the number of the UID, for example:</p>
|
><p
|
||||||
<blockquote>
|
>gpg2 --list-keys</p
|
||||||
<p>2</p>
|
></blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>and * appears to that UID to tell you that that UID is selected. Now give command</p>
|
>Example output:</p
|
||||||
<blockquote>
|
><p
|
||||||
<p>primary</p>
|
><code
|
||||||
</blockquote>
|
>% gpg --list-keys pub 4096R/82A46728 2012-03-27 uid Mika Suomalainen sub 4096R/A4271AC5 2012-03-27</code
|
||||||
<p>to make it the primary UID again.</p>
|
></p
|
||||||
<p>Now you can exit from GPG with</p>
|
><p
|
||||||
<blockquote>
|
>or</p
|
||||||
<p>quit</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>and confirm to save changes with</p>
|
>gpg2 --fingerprint</p
|
||||||
<blockquote>
|
></blockquote
|
||||||
<p>y</p>
|
><p
|
||||||
</blockquote>
|
>Example output:</p
|
||||||
<h6 id="setting-preferred-keyserver-of-the-key.">Setting preferred keyserver of the key.</h6>
|
><p
|
||||||
<p>Preferred keyserver is where the key is refreshed when someone runs "gpg2 --refresh-keys".</p>
|
><code
|
||||||
<p>To set it run</p>
|
>% gpg2 --fingerprint pub 4096R/82A46728 2012-03-27 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 uid Mika Suomalainen sub 4096R/A4271AC5 2012-03-27</code
|
||||||
<blockquote>
|
></p
|
||||||
<p>gpg2 --edit-key KEYID</p>
|
><p
|
||||||
</blockquote>
|
>The second command also shows the key fingerprint which is usually used to identify the key. Note that you can see both keyid formats in fingerprint. The last eght characters in keyid are the short format and the last sixteen characters are the long format. If you want to see the long keyid, run</p
|
||||||
<blockquote>
|
><blockquote
|
||||||
<p>keyserver</p>
|
><p
|
||||||
</blockquote>
|
>gpg2 --list-keys --keyid-format long</p
|
||||||
<p>and enter the keyserver address, for example hkp://pool.sks-keyservers.net (I recommend this keyserver).</p>
|
></blockquote
|
||||||
<h4 id="step-1-importing-old-key">Step 1: Importing old key</h4>
|
><p
|
||||||
<p>You can import your old private key same way as you import public keys. This means:</p>
|
>Now add the uid with the following commands:</p
|
||||||
<blockquote>
|
><blockquote
|
||||||
<p>gpg2 --import key.asc</p>
|
><p
|
||||||
</blockquote>
|
>gpg2 --edit-key KEYID</p
|
||||||
<p>Where key.asc is the file, which contains the (private) key(s)</p>
|
></blockquote
|
||||||
<h3 id="step-2-backing-up-the-key">Step 2: backing up the key</h3>
|
><p
|
||||||
<p>You need to know your keyid. I told you how to get it in "Adding new uids". To back up your private key, run</p>
|
>and enter command:</p
|
||||||
<blockquote>
|
><blockquote
|
||||||
<p>gpg2 --export-secret-keys -a KEYID</p>
|
><p
|
||||||
</blockquote>
|
>adduid</p
|
||||||
<p>and save the output of that command to file. If you are on Linux or Mac OS X, you can forward the output directly to file, with</p>
|
></blockquote
|
||||||
<blockquote>
|
><p
|
||||||
<p>gpg2 --export-secret-keys -a KEYID > privatekey.asc</p>
|
>and you are asked for name and email address again. This time you can give them both.</p
|
||||||
</blockquote>
|
><p
|
||||||
<p>The previous command creates a file called "privatekey.asc", which contains the output of the first command.</p>
|
>If that UID which has only your first name isn't the first UID, select it by giving command, which is the number of the UID, for example:</p
|
||||||
<h3 id="step-3-configuring-gpg2">Step 3: Configuring gpg(2)</h3>
|
><blockquote
|
||||||
<p>The configuring of gpg happens in gpg configuration directory. In Linux and Mac this is ~/.gnupg/gpg.conf.</p>
|
><p
|
||||||
<p>I recommend you to add following lines to it. I'll try to explain them with my best ability.</p>
|
>2</p
|
||||||
<p><code># Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2012— Mika Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.</code> License information so I won't break license of the default config file, which I have appended.</p>
|
></blockquote
|
||||||
<blockquote>
|
><p
|
||||||
<p>default-key KEYID</p>
|
>and * appears to that UID to tell you that that UID is selected. Now give command</p
|
||||||
</blockquote>
|
><blockquote
|
||||||
<p>So KEYID is used by default if there are multiple secret keys.</p>
|
><p
|
||||||
<pre><code>default-recipient-self
|
>primary</p
|
||||||
encrypt-to KEYID</code></pre>
|
></blockquote
|
||||||
<p>So everything what you encrypt is also encrypted to you.</p>
|
><p
|
||||||
<blockquote>
|
>to make it the primary UID again.</p
|
||||||
<p>keyid-format 0xLONG</p>
|
><p
|
||||||
</blockquote>
|
>Now you can exit from GPG with</p
|
||||||
<p>So keyids are shown in the longest format, including 0x prefix, which marks them as hexadecimanls.</p>
|
><blockquote
|
||||||
<p>Example outputs from --list-keys and gpg --fingerprint after setting 0xLONG as keyid format.</p>
|
><p
|
||||||
<p>After you set 0xLONG as keyid-format, keys appear like 0x4DB53CFE82A46728 instead of 82A46728.</p>
|
>quit</p
|
||||||
<blockquote>
|
></blockquote
|
||||||
<p>charset UTF-8</p>
|
><p
|
||||||
</blockquote>
|
>and confirm to save changes with</p
|
||||||
<p>So UTF-8 is used as default character set and most of characters can be used.</p>
|
><blockquote
|
||||||
<blockquote>
|
><p
|
||||||
<p>armor</p>
|
>y</p
|
||||||
</blockquote>
|
></blockquote
|
||||||
<p>So you don't need to specify -a to get ASCII armoured text.</p>
|
><h6 id="setting-preferred-keyserver-of-the-key."
|
||||||
<pre><code>keyserver hkp://pool.sks-keyservers.net
|
>Setting preferred keyserver of the key.</h6
|
||||||
keyserver-options auto-key-retrieve no-include-revoked verbose import-clean</code></pre>
|
><p
|
||||||
<p>So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used and signatures by unknown keys are automatically removed.</p>
|
>Preferred keyserver is where the key is refreshed when someone runs "gpg2 --refresh-keys".</p
|
||||||
<p>By the way, you can find my gpg.conf <a href="https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf">here</a>.</p>
|
><p
|
||||||
<h4 id="group-lines">Group lines</h4>
|
>To set it run</p
|
||||||
<p>Group lines are a way to write email to one recepient and have it encrypted to multiple keys automatically.</p>
|
><blockquote
|
||||||
<p>Example group line:</p>
|
><p
|
||||||
<p>group touchlay-server@googlegroups.com=0x4DB53CFE82A46728 0x0BD622288449A12B 0x729DF464666CC0DD 0xCACC5B094EC00206</p>
|
>gpg2 --edit-key KEYID</p
|
||||||
<p>With that line, when recepient is touchlay-server@googlegroups.com, then emails are encrypted to those 4 keys.</p>
|
></blockquote
|
||||||
<p>NOTE: KEYIDs in group line should be in format 0xLONG. If you don't use that format by default, use "gpg2 --keyid-format 0xLONG --list-keys".</p>
|
><blockquote
|
||||||
<p>See also my <a href="Enigmail.html">Enigmail</a> instructions about group lines.</p>
|
><p
|
||||||
<h3 id="comments">Comments</h3>
|
>keyserver</p
|
||||||
<p>GPG can automatically add comments to signed and encrypted content. They are usually hidden by email clients, which support GPG.</p>
|
></blockquote
|
||||||
<p>Example comment:</p>
|
><p
|
||||||
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----
|
>and enter the keyserver address, for example hkp://pool.sks-keyservers.net (I recommend this keyserver).</p
|
||||||
Hash: SHA1
|
><h4 id="step-1-importing-old-key"
|
||||||
|
>Step 1: Importing old key</h4
|
||||||
Signed content.
|
><p
|
||||||
-----BEGIN PGP SIGNATURE-----
|
>You can import your old private key same way as you import public keys. This means:</p
|
||||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
><blockquote
|
||||||
Comment: This is a comment.
|
><p
|
||||||
|
>gpg2 --import key.asc</p
|
||||||
iQIcBAEBAgAGBQJP0ypzAAoJEE21PP6CpGcojpsP/jV8o398xaCOCtdk5gyZtSZG
|
></blockquote
|
||||||
KYDbyV8dNk1jxyNb7yPuEHGdm2BNXuKDHoG1vOli1yfavDvZ7Ir6i6HqDINRt6QF
|
><p
|
||||||
TFcWQgurMtXEJ4zCbMwBHM5OCpRL0gtuK/ERZFWeA+zDuM/pDKWLcX9REriT5CaG
|
>Where key.asc is the file, which contains the (private) key(s)</p
|
||||||
CWBBvCIf/C2imGqe3+KBKSy13pis7MXARCTHesTOV/z04vKfsVqh7+M60ss/sc48
|
><h3 id="step-2-backing-up-the-key"
|
||||||
kkL7CR/RiovomeoDhWuwS63oDE49eG+hlMDswgehnx71bvYr2NBZ3qfls4utx3fj
|
>Step 2: backing up the key</h3
|
||||||
ro4ubRGW52tY9wIC1tZoNiqa/n9Z6jOIq76Vn5DaJQ1dKWn3MnA5Sv2ztV4GlaIO
|
><p
|
||||||
iTLkvavAe7KHVxDCKcHpI7vnj9JlahF1u8+JDHXbTePDE3MiQvK1uEK91EQP9kYT
|
>You need to know your keyid. I told you how to get it in "Adding new uids". To back up your private key, run</p
|
||||||
EYQwuClDfVGNBgqORTzZUpszYrT1dCdLte+29RdkHzsC+32x540xLvkDFvkZ+92Y
|
><blockquote
|
||||||
7LxCX83aKzIdAZmehNmSrzQAL+NCfMW3YjkvWOYoFFMd//nSVifCbxvRLsyv7npr
|
><p
|
||||||
Fowb/UnnZW3ScT/sFNJWH/xY5skDS8WZd3H6O7MJ8gHUeOR9YQepQX56kvSRVtbj
|
>gpg2 --export-secret-keys -a KEYID</p
|
||||||
ncnVEtqLjlbMpHEFy9ykKgM6rzuRTzLRct7Tf787Ww4hgSN92lhetPZmi6BGcS1z
|
></blockquote
|
||||||
ZRzFq367A+HsVMlihBjd
|
><p
|
||||||
=HKS4
|
>and save the output of that command to file. If you are on Linux or Mac OS X, you can forward the output directly to file, with</p
|
||||||
-----END PGP SIGNATURE-----</code></pre>
|
><blockquote
|
||||||
<p>To add comments, use "--comment" flag or add "comment" lines to gpg.conf:</p>
|
><p
|
||||||
<p>For example:</p>
|
>gpg2 --export-secret-keys -a KEYID > privatekey.asc</p
|
||||||
<blockquote>
|
></blockquote
|
||||||
<p>comment "Something"</p>
|
><p
|
||||||
</blockquote>
|
>The previous command creates a file called "privatekey.asc", which contains the output of the first command.</p
|
||||||
<p>Appears as</p>
|
><h3 id="step-3-configuring-gpg2"
|
||||||
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----
|
>Step 3: Configuring gpg(2)</h3
|
||||||
Hash: SHA1
|
><p
|
||||||
|
>The configuring of gpg happens in gpg configuration directory. In Linux and Mac this is ~/.gnupg/gpg.conf.</p
|
||||||
|
><p
|
||||||
This is signed content, which has comment, which reads "Something".
|
>I recommend you to add following lines to it. I'll try to explain them with my best ability.</p
|
||||||
|
><p
|
||||||
-----BEGIN PGP SIGNATURE-----
|
><code
|
||||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
># Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2012— Mika Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.</code
|
||||||
Comment: Something
|
> License information so I won't break license of the default config file, which I have appended.</p
|
||||||
|
><blockquote
|
||||||
iQIcBAEBAgAGBQJP0yt8AAoJEE21PP6CpGcoHskP/jLift0y8tA7VnmbIyFfOr2J
|
><p
|
||||||
RVJfcc/cl8xvbnhSKIOa5rS47Z9MgVqf8KDY373E1CZMvOsdx4yPINMJb4901iBQ
|
>default-key KEYID</p
|
||||||
71RCRcg45YUI+yWRlZ2+ZsE7NBgUWm2cdSbwfaWrxH2eL8zRN+G5c3qiAQu0pXY5
|
></blockquote
|
||||||
Mc1MG6ZQQzz3v+SrYPB6aZn8R8uNQR6U1YfbhtG1daxIfzdbXQNqMi/pIDV+M5GY
|
><p
|
||||||
IS3Wbbp57pvJ8R3EjvqMsDKv76L/ZFySlrAugQaZIj4lQVUzXhivBwzkaHslj6dP
|
>So KEYID is used by default if there are multiple secret keys.</p
|
||||||
HSGamz3C4yX5GPe/QBJ8jgANAtmdx2+1IpoRRqiLrOOT48vRkCFM40VwjMVO4W+B
|
><p
|
||||||
wNg9BQUpB53/QBtpQ5kDHrpPA+6bS4QkzUIzMsMuSvF9w15vG+Ae7qozD/YTLeD/
|
><code
|
||||||
IBaRlqPIRI/CrOEfUfn0DE6bFKTMgf4WE5M8IZ2kBVAE/mBqicJ9QKI53it8Ru4M
|
>default-recipient-self encrypt-to KEYID</code
|
||||||
hznPzwtmQTHf02yaj06LjB1P0SYU3gjwioRN+3RVoCRC92rjW5gN4MBYR0jKydp6
|
></p
|
||||||
MHf2Mg+ped1BegBDEVD4FyDPw/LNmveZb5O8/KIpjdb9dMgP5uqDpvJEzS64OQf0
|
><p
|
||||||
vtzYEnCrJW+/1ABuGoF2aKG7+i24gLt9re+jOb02dj5NxRc1tWmhVNVM/acwReVr
|
>So everything what you encrypt is also encrypted to you.</p
|
||||||
1ELecm6kOS0qlPF//OnU
|
><blockquote
|
||||||
=Ilhi
|
><p
|
||||||
-----END PGP SIGNATURE-----</code></pre>
|
>keyid-format 0xLONG</p
|
||||||
<p>Comments can be whatever you want. For example they can have link to your homepage or command to receive your key from keyserver etc.</p>
|
></blockquote
|
||||||
<h3 id="step-4-sharing-your-public-key">Step 4: Sharing your public key</h3>
|
><p
|
||||||
<p>There are two ways to share your key. I personally use and recommend them both.</p>
|
>So keyids are shown in the longest format, including 0x prefix, which marks them as hexadecimanls.</p
|
||||||
<h4 id="without-keyservers">Without keyservers</h4>
|
><p
|
||||||
<p>If you have homepage, it's recommended that you put your key there. My key can be found at <a href="../../PGP/key.txt">PGP/key.txt</a></p>
|
>Example outputs from --list-keys and gpg --fingerprint after setting 0xLONG as keyid format.</p
|
||||||
<p>You can get your public key with command</p>
|
><p
|
||||||
<blockquote>
|
>After you set 0xLONG as keyid-format, keys appear like 0x4DB53CFE82A46728 instead of 82A46728.</p
|
||||||
<p>gpg2 --export -a KEYID</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>or if you use Linux and have installed package signing-party, you can use</p>
|
>charset UTF-8</p
|
||||||
<blockquote>
|
></blockquote
|
||||||
<p>pgp-clean KEYID</p>
|
><p
|
||||||
</blockquote>
|
>So UTF-8 is used as default character set and most of characters can be used.</p
|
||||||
<p>to get your public key without signatures (I will explain them later). WARNING: pgp-clean seems to also remove encryption subkey.</p>
|
><blockquote
|
||||||
<h4 id="with-keyservers">With keyservers</h4>
|
><p
|
||||||
<p>If you followed my configuration, you are usng pool.sks-keyservers.net as your keyserver and you are automatically receiving unknown keys from t, whenever you try to verify something, what is signed with unknown key.</p>
|
>armor</p
|
||||||
<p>To send your public key to keyserver, run</p>
|
></blockquote
|
||||||
<blockquote>
|
><p
|
||||||
<p>gpg2 --send-keys KEYID</p>
|
>So you don't need to specify -a to get ASCII armoured text.</p
|
||||||
</blockquote>
|
><p
|
||||||
<p>To receive key from keyserver, run</p>
|
><code
|
||||||
<blockquote>
|
>keyserver hkp://pool.sks-keyservers.net keyserver-options auto-key-retrieve no-include-revoked verbose import-clean</code
|
||||||
<p>gpg2 --recv-keys KEYID</p>
|
></p
|
||||||
</blockquote>
|
><p
|
||||||
<p>To search keys from keyserver, use</p>
|
>So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used and signatures by unknown keys are automatically removed.</p
|
||||||
<blockquote>
|
><p
|
||||||
<p>gpg2 --search-keys QUERY WORDS</p>
|
>By the way, you can find my gpg.conf <a href="https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf"
|
||||||
</blockquote>
|
>here</a
|
||||||
<p>or if you are using Linux and have packages signing-party and dialog installed, you can use</p>
|
>.</p
|
||||||
<blockquote>
|
><h4 id="group-lines"
|
||||||
<p>keylookup QUERY WORDS</p>
|
>Group lines</h4
|
||||||
</blockquote>
|
><p
|
||||||
<h5 id="word-of-warning">Word of warning</h5>
|
>Group lines are a way to write email to one recepient and have it encrypted to multiple keys automatically.</p
|
||||||
<p>Keyservers only append content. Information on keyserver cannot be removed. This means, that when you delete uid, signature or whatever, it reappears when you run</p>
|
><p
|
||||||
<blockquote>
|
>Example group line:</p
|
||||||
<p>gpg2 --refresh-keys</p>
|
><p
|
||||||
</blockquote>
|
>group touchlay-server@googlegroups.com=0x4DB53CFE82A46728 0x0BD622288449A12B 0x729DF464666CC0DD 0xCACC5B094EC00206</p
|
||||||
<p>or receive your key from keyserver again. Thought content (uids, signatures, keys etc.) can be revoked.</p>
|
><p
|
||||||
<h1 id="you-can-now-move-to-icedove-thunderbird-guide-and-after-that-or-enigmail-guide-because-things-after-this-are-usually-done-by-email-client.">You can now move to Icedove / Thunderbird guide and after that | or Enigmail guide, because things after this are usually done by email client.</h1>
|
>With that line, when recepient is touchlay-server@googlegroups.com, then emails are encrypted to those 4 keys.</p
|
||||||
<p>But you should continue reading to understand how to use GPG without email client.</p>
|
><p
|
||||||
<h2 id="trusting-keys.">Trusting keys.</h2>
|
>NOTE: KEYIDs in group line should be in format 0xLONG. If you don't use that format by default, use "gpg2 --keyid-format 0xLONG --list-keys".</p
|
||||||
<p>If you want to make gpg know that you trust key of another person, you have two opinons. Enter the "key editing shell", with</p>
|
><p
|
||||||
<blockquote>
|
>See also my <a href="Enigmail.html"
|
||||||
<p>gpg2 --edit-key KEYID</p>
|
>Enigmail</a
|
||||||
</blockquote>
|
> instructions about group lines.</p
|
||||||
<p>and</p>
|
><h3 id="comments"
|
||||||
<h3 id="way-1-lsign">Way 1: lsign</h3>
|
>Comments</h3
|
||||||
<p>Lsign signs the key locally making it impossible to export the signature. Use it if you trust the key owner to be who the key says, but you haven't met him/her personally.</p>
|
><p
|
||||||
<p>Lsign the key with</p>
|
>GPG can automatically add comments to signed and encrypted content. They are usually hidden by email clients, which support GPG.</p
|
||||||
<blockquote>
|
><p
|
||||||
<p>lsign</p>
|
>Example comment:</p
|
||||||
</blockquote>
|
><p
|
||||||
<p>and then you can exit gpg with</p>
|
>``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1</p
|
||||||
<blockquote>
|
><p
|
||||||
<p>quit</p>
|
>Signed content. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: This is a comment.</p
|
||||||
</blockquote>
|
><p
|
||||||
<p>confirming to svae changes with</p>
|
>iQIcBAEBAgAGBQJP0ypzAAoJEE21PP6CpGcojpsP/jV8o398xaCOCtdk5gyZtSZG KYDbyV8dNk1jxyNb7yPuEHGdm2BNXuKDHoG1vOli1yfavDvZ7Ir6i6HqDINRt6QF TFcWQgurMtXEJ4zCbMwBHM5OCpRL0gtuK/ERZFWeA+zDuM/pDKWLcX9REriT5CaG CWBBvCIf/C2imGqe3+KBKSy13pis7MXARCTHesTOV/z04vKfsVqh7+M60ss/sc48 kkL7CR/RiovomeoDhWuwS63oDE49eG+hlMDswgehnx71bvYr2NBZ3qfls4utx3fj ro4ubRGW52tY9wIC1tZoNiqa/n9Z6jOIq76Vn5DaJQ1dKWn3MnA5Sv2ztV4GlaIO iTLkvavAe7KHVxDCKcHpI7vnj9JlahF1u8+JDHXbTePDE3MiQvK1uEK91EQP9kYT EYQwuClDfVGNBgqORTzZUpszYrT1dCdLte+29RdkHzsC+32x540xLvkDFvkZ+92Y 7LxCX83aKzIdAZmehNmSrzQAL+NCfMW3YjkvWOYoFFMd//nSVifCbxvRLsyv7npr Fowb/UnnZW3ScT/sFNJWH/xY5skDS8WZd3H6O7MJ8gHUeOR9YQepQX56kvSRVtbj ncnVEtqLjlbMpHEFy9ykKgM6rzuRTzLRct7Tf787Ww4hgSN92lhetPZmi6BGcS1z ZRzFq367A+HsVMlihBjd =HKS4 -----END PGP SIGNATURE----- ```</p
|
||||||
<blockquote>
|
><p
|
||||||
<p>y</p>
|
>To add comments, use "--comment" flag or add "comment" lines to gpg.conf:</p
|
||||||
</blockquote>
|
><p
|
||||||
<h3 id="way-2-sign">Way 2: sign</h3>
|
>For example:</p
|
||||||
<p>If you trust the key owner to be whom the key says and you have met him/her personally and have seen proof of his/her identify (i.e. passport) or he/she is member of your family or long time friend, you can sign the key with</p>
|
><blockquote
|
||||||
<blockquote>
|
><p
|
||||||
<p>sign</p>
|
>comment "Something"</p
|
||||||
</blockquote>
|
></blockquote
|
||||||
<p>making the signature exportable or sendable to keyserver. Now exit gpg with</p>
|
><p
|
||||||
<blockquote>
|
>Appears as</p
|
||||||
<p>quit</p>
|
><p
|
||||||
</blockquote>
|
>``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1</p
|
||||||
<p>saving the changes with</p>
|
><p
|
||||||
<blockquote>
|
>This is signed content, which has comment, which reads "Something".</p
|
||||||
<p>y</p>
|
><p
|
||||||
</blockquote>
|
>-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Something</p
|
||||||
<p>and send the signed key to keyserver with</p>
|
><p
|
||||||
<blockquote>
|
>iQIcBAEBAgAGBQJP0yt8AAoJEE21PP6CpGcoHskP/jLift0y8tA7VnmbIyFfOr2J RVJfcc/cl8xvbnhSKIOa5rS47Z9MgVqf8KDY373E1CZMvOsdx4yPINMJb4901iBQ 71RCRcg45YUI+yWRlZ2+ZsE7NBgUWm2cdSbwfaWrxH2eL8zRN+G5c3qiAQu0pXY5 Mc1MG6ZQQzz3v+SrYPB6aZn8R8uNQR6U1YfbhtG1daxIfzdbXQNqMi/pIDV+M5GY IS3Wbbp57pvJ8R3EjvqMsDKv76L/ZFySlrAugQaZIj4lQVUzXhivBwzkaHslj6dP HSGamz3C4yX5GPe/QBJ8jgANAtmdx2+1IpoRRqiLrOOT48vRkCFM40VwjMVO4W+B wNg9BQUpB53/QBtpQ5kDHrpPA+6bS4QkzUIzMsMuSvF9w15vG+Ae7qozD/YTLeD/ IBaRlqPIRI/CrOEfUfn0DE6bFKTMgf4WE5M8IZ2kBVAE/mBqicJ9QKI53it8Ru4M hznPzwtmQTHf02yaj06LjB1P0SYU3gjwioRN+3RVoCRC92rjW5gN4MBYR0jKydp6 MHf2Mg+ped1BegBDEVD4FyDPw/LNmveZb5O8/KIpjdb9dMgP5uqDpvJEzS64OQf0 vtzYEnCrJW+/1ABuGoF2aKG7+i24gLt9re+jOb02dj5NxRc1tWmhVNVM/acwReVr 1ELecm6kOS0qlPF//OnU =Ilhi -----END PGP SIGNATURE----- ```</p
|
||||||
<p>gpg2 --send-keys KEYID</p>
|
><p
|
||||||
</blockquote>
|
>Comments can be whatever you want. For example they can have link to your homepage or command to receive your key from keyserver etc.</p
|
||||||
<p>Other people will see your signature next time when they receive the key agan or run</p>
|
><h3 id="step-4-sharing-your-public-key"
|
||||||
<blockquote>
|
>Step 4: Sharing your public key</h3
|
||||||
<p>gpg2 --refresh-keys</p>
|
><p
|
||||||
</blockquote>
|
>There are two ways to share your key. I personally use and recommend them both.</p
|
||||||
<p>NOTE: You can upgrade lsigned signature to signed signature with the "sign" command.</p>
|
><h4 id="without-keyservers"
|
||||||
<h4 id="trust">Trust</h4>
|
>Without keyservers</h4
|
||||||
<p>Trust determines does gpg trust the key to validate other keys. Trust is only visible to you. You can se trust with</p>
|
><p
|
||||||
<blockquote>
|
>If you have homepage, it's recommended that you put your key there. My key can be found at <a href="../../PGP/key.txt"
|
||||||
<p>trust</p>
|
>PGP/key.txt</a
|
||||||
</blockquote>
|
></p
|
||||||
<p>and then exit gpg with</p>
|
><p
|
||||||
<blockquote>
|
>You can get your public key with command</p
|
||||||
<p>quit</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>saving the changes with</p>
|
>gpg2 --export -a KEYID</p
|
||||||
<blockquote>
|
></blockquote
|
||||||
<p>y</p>
|
><p
|
||||||
</blockquote>
|
>or if you use Linux and have installed package signing-party, you can use</p
|
||||||
<h2 id="signing">Signing</h2>
|
><blockquote
|
||||||
<h3 id="signing-a-message">Signing a message</h3>
|
><p
|
||||||
<p>Run</p>
|
>pgp-clean KEYID</p
|
||||||
<blockquote>
|
></blockquote
|
||||||
<p>gpg2 --clearsign</p>
|
><p
|
||||||
</blockquote>
|
>to get your public key without signatures (I will explain them later). WARNING: pgp-clean seems to also remove encryption subkey.</p
|
||||||
<p>and write your message. When you are ready, add one empty line and press CTRL-D and gpg outputs signed message.</p>
|
><h4 id="with-keyservers"
|
||||||
<h3 id="signing-a-plaintext-file">Signing a plaintext file</h3>
|
>With keyservers</h4
|
||||||
<p>Just run</p>
|
><p
|
||||||
<blockquote>
|
>If you followed my configuration, you are usng pool.sks-keyservers.net as your keyserver and you are automatically receiving unknown keys from t, whenever you try to verify something, what is signed with unknown key.</p
|
||||||
<p>gpg2 --clearsign file.txt</p>
|
><p
|
||||||
</blockquote>
|
>To send your public key to keyserver, run</p
|
||||||
<p>and the signed content will be found from file.txt.asc</p>
|
><blockquote
|
||||||
<p>NOTE: .asc is same as .txt and can be opened with normal text editor.</p>
|
><p
|
||||||
<h3 id="verifying-signature">Verifying signature</h3>
|
>gpg2 --send-keys KEYID</p
|
||||||
<h4 id="clearsigned-messages">Clearsigned messages</h4>
|
></blockquote
|
||||||
<p>Just run</p>
|
><p
|
||||||
<blockquote>
|
>To receive key from keyserver, run</p
|
||||||
<p>gpg2</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>and paste the signed content, add one empty line and press CTRL-D.</p>
|
>gpg2 --recv-keys KEYID</p
|
||||||
<h4 id="detached-signatures">Detached signatures</h4>
|
></blockquote
|
||||||
<p>Run</p>
|
><p
|
||||||
<blockquote>
|
>To search keys from keyserver, use</p
|
||||||
<p>gpg2 --verify file.sig</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>and you are asked for signed file.</p>
|
>gpg2 --search-keys QUERY WORDS</p
|
||||||
<h2 id="encrypting">Encrypting</h2>
|
></blockquote
|
||||||
<p>To encrypt a message, just run</p>
|
><p
|
||||||
<blockquote>
|
>or if you are using Linux and have packages signing-party and dialog installed, you can use</p
|
||||||
<p>gpg2 --encrypt -a -r receiver (-r receiver...)</p>
|
><blockquote
|
||||||
</blockquote>
|
><p
|
||||||
<p>If you followed my configuration instructions, you are automatically receiver. Replace "receiver" with KEYID. Write your message, add empty line and press CTRL-D and gpg outputs encrypted content.</p>
|
>keylookup QUERY WORDS</p
|
||||||
<h3 id="decrypting">Decrypting</h3>
|
></blockquote
|
||||||
<p>Just run</p>
|
><h5 id="word-of-warning"
|
||||||
<blockquote>
|
>Word of warning</h5
|
||||||
<p>gpg2 --decrypt</p>
|
><p
|
||||||
</blockquote>
|
>Keyservers only append content. Information on keyserver cannot be removed. This means, that when you delete uid, signature or whatever, it reappears when you run</p
|
||||||
<p>paste the encrypted content, add empty line and press CTRL-D and gpg outputs, the decrypted content.</p>
|
><blockquote
|
||||||
<h2 id="read-also">Read also</h2>
|
><p
|
||||||
<p>My <a href="../Thunderbird-Icedove.html">Icedove / Thunderbird guide</a> and <a href="Enigmail.html">Enigmail guide</a>.</p>
|
>gpg2 --refresh-keys</p
|
||||||
<h2 id="license">License</h2>
|
></blockquote
|
||||||
<p><a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">GPG guide</span> by <a xmlns:cc="http://creativecommons.org/ns#" href="http://mkaysi.github.com/articles/guides/GPG/GPG.html" property="cc:attributionName" rel="cc:attributionURL">Mika Suomalainen</a> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.</p>
|
><p
|
||||||
<h2 id="questions-and-asnwers">Questions and asnwers</h2>
|
>or receive your key from keyserver again. Thought content (uids, signatures, keys etc.) can be revoked.</p
|
||||||
<h3 id="how-do-i-ask-question">How do I ask question?</h3>
|
><h1 id="you-can-now-move-to-icedove-thunderbird-guide-and-after-that-or-enigmail-guide-because-things-after-this-are-usually-done-by-email-client."
|
||||||
<p>Just email me, the addresses can be found from my GPG key, which has been mentioned on this page some times. Please cleasign your question, so I won't get power to fake it, and please don't use HTML.</p>
|
>You can now move to Icedove / Thunderbird guide and after that | or Enigmail guide, because things after this are usually done by email client.</h1
|
||||||
|
><p
|
||||||
|
>But you should continue reading to understand how to use GPG without email client.</p
|
||||||
|
><h2 id="trusting-keys."
|
||||||
|
>Trusting keys.</h2
|
||||||
|
><p
|
||||||
|
>If you want to make gpg know that you trust key of another person, you have two opinons. Enter the "key editing shell", with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --edit-key KEYID</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and</p
|
||||||
|
><h3 id="way-1-lsign"
|
||||||
|
>Way 1: lsign</h3
|
||||||
|
><p
|
||||||
|
>Lsign signs the key locally making it impossible to export the signature. Use it if you trust the key owner to be who the key says, but you haven't met him/her personally.</p
|
||||||
|
><p
|
||||||
|
>Lsign the key with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>lsign</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and then you can exit gpg with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>quit</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>confirming to svae changes with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>y</p
|
||||||
|
></blockquote
|
||||||
|
><h3 id="way-2-sign"
|
||||||
|
>Way 2: sign</h3
|
||||||
|
><p
|
||||||
|
>If you trust the key owner to be whom the key says and you have met him/her personally and have seen proof of his/her identify (i.e. passport) or he/she is member of your family or long time friend, you can sign the key with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>sign</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>making the signature exportable or sendable to keyserver. Now exit gpg with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>quit</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>saving the changes with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>y</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and send the signed key to keyserver with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --send-keys KEYID</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>Other people will see your signature next time when they receive the key agan or run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --refresh-keys</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>NOTE: You can upgrade lsigned signature to signed signature with the "sign" command.</p
|
||||||
|
><h4 id="trust"
|
||||||
|
>Trust</h4
|
||||||
|
><p
|
||||||
|
>Trust determines does gpg trust the key to validate other keys. Trust is only visible to you. You can se trust with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>trust</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and then exit gpg with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>quit</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>saving the changes with</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>y</p
|
||||||
|
></blockquote
|
||||||
|
><h2 id="signing"
|
||||||
|
>Signing</h2
|
||||||
|
><h3 id="signing-a-message"
|
||||||
|
>Signing a message</h3
|
||||||
|
><p
|
||||||
|
>Run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --clearsign</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and write your message. When you are ready, add one empty line and press CTRL-D and gpg outputs signed message.</p
|
||||||
|
><h3 id="signing-a-plaintext-file"
|
||||||
|
>Signing a plaintext file</h3
|
||||||
|
><p
|
||||||
|
>Just run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --clearsign file.txt</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and the signed content will be found from file.txt.asc</p
|
||||||
|
><p
|
||||||
|
>NOTE: .asc is same as .txt and can be opened with normal text editor.</p
|
||||||
|
><h3 id="verifying-signature"
|
||||||
|
>Verifying signature</h3
|
||||||
|
><h4 id="clearsigned-messages"
|
||||||
|
>Clearsigned messages</h4
|
||||||
|
><p
|
||||||
|
>Just run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and paste the signed content, add one empty line and press CTRL-D.</p
|
||||||
|
><h4 id="detached-signatures"
|
||||||
|
>Detached signatures</h4
|
||||||
|
><p
|
||||||
|
>Run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --verify file.sig</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>and you are asked for signed file.</p
|
||||||
|
><h2 id="encrypting"
|
||||||
|
>Encrypting</h2
|
||||||
|
><p
|
||||||
|
>To encrypt a message, just run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --encrypt -a -r receiver (-r receiver...)</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>If you followed my configuration instructions, you are automatically receiver. Replace "receiver" with KEYID. Write your message, add empty line and press CTRL-D and gpg outputs encrypted content.</p
|
||||||
|
><h3 id="decrypting"
|
||||||
|
>Decrypting</h3
|
||||||
|
><p
|
||||||
|
>Just run</p
|
||||||
|
><blockquote
|
||||||
|
><p
|
||||||
|
>gpg2 --decrypt</p
|
||||||
|
></blockquote
|
||||||
|
><p
|
||||||
|
>paste the encrypted content, add empty line and press CTRL-D and gpg outputs, the decrypted content.</p
|
||||||
|
><h2 id="read-also"
|
||||||
|
>Read also</h2
|
||||||
|
><p
|
||||||
|
>My <a href="../Thunderbird-Icedove.html"
|
||||||
|
>Icedove / Thunderbird guide</a
|
||||||
|
> and <a href="Enigmail.html"
|
||||||
|
>Enigmail guide</a
|
||||||
|
>.</p
|
||||||
|
><h2 id="license"
|
||||||
|
>License</h2
|
||||||
|
><p
|
||||||
|
><a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">GPG guide</span> by <a xmlns:cc="http://creativecommons.org/ns#" href="http://mkaysi.github.com/articles/guides/GPG/GPG.html" property="cc:attributionName" rel="cc:attributionURL">Mika Suomalainen</a> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.</p
|
||||||
|
><h2 id="questions-and-asnwers"
|
||||||
|
>Questions and asnwers</h2
|
||||||
|
><h3 id="how-do-i-ask-question"
|
||||||
|
>How do I ask question?</h3
|
||||||
|
><p
|
||||||
|
>Just email me, the addresses can be found from my GPG key, which has been mentioned on this page some times. Please cleasign your question, so I won't get power to fake it, and please don't use HTML.</p
|
||||||
|
>
|
||||||
|
|||||||
@ -6,6 +6,7 @@
|
|||||||
<meta name="author" content="Mika Suomalainen" />
|
<meta name="author" content="Mika Suomalainen" />
|
||||||
<meta charset="UTF-8" />
|
<meta charset="UTF-8" />
|
||||||
<link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/GPG.html">
|
<link rel="canonical" href="http://mkaysi.github.com/articles/guides/GPG/GPG.html">
|
||||||
|
<link rel="stylesheet" type="text/css" href="../../../tyyli.css" />
|
||||||
<title>GPG guide</title>
|
<title>GPG guide</title>
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user