Variables. Inventory. Inclusion.
.. -*- coding: utf-8; -*-
==========
PGP/GPG.
==========
.. contents::
:local:
Documentation
=============
https://wiki.archlinux.org/index.php/GnuPG
ArchLinux wiki.
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
The Keysigning Party HOWTO.
What preffered client?
======================
GNU gpg.
Which key server to use?
========================
There is `SKS Keyserver Pool <https://sks-keyservers.net/status/>`_::
gpg --keyserver pool.sks-keyservers.net
Popular ``pgp.mit.edu`` joined SKS.
Another alternatives:
* ``keys.openpgp.org``
* ``keyserver.pgp.com``
Define server in ``~/.gnupg/gpg.conf`` to avoid specifying ``--keyserver`` each time::
keyserver hkp://keys.gnupg.net
# keyserver pool.sks-keyservers.net
https://sks-keyservers.net/overview-of-pools.php
Overview of the pools.
* https://superuser.com/questions/227991/where-to-upload-pgp-public-key-are-keyservers-still-surviving
How import keys from key-server?
================================
To import key with signatures::
$ gpg --keyserver pgp.mit.edu --recv-keys $KEYID
To check revocation statuses and receive new signatures::
$ gpg --keyserver pgp.mit.edu --refresh-keys $KEYID
How mark a key as trusted?
==========================
::
$ gpg --edit-key $KEYID trust
How always trust all imported keys?
===================================
Add to ``~/.gnupg/gpg.conf``::
trust-model always
or temporarily::
gpg -v --verify --trust-model always file.zip.asc
How export key?
===============
Export public key in binary (OpenGPG) form::
$ gpg --export $KEYID >$PUBKEY.asc
$ gpg --output $PUBKEY.asc --export $KEYID
Export public key in text form::
$ gpg -a --export $KEYID >$PUBKEY.asc
$ gpg --armor --export $KEYID >$PUBKEY.asc
Export private key (it still encrypted by pass-phrase)::
$ gpg --output $PRIVKEY.gpg --export-secret-key $KEYID
How create own PGP key?
=======================
::
$ gpg --gen-key # answer the question
...
$ gpg -o $keyfile --export-secret-keys $NAME
How import keys from file?
==========================
::
$ gpg --import $keyfile
How to get public key from private without importing to local storage?
======================================================================
::
tmp=$(mktemp -d)
gpg --homedir $tmp --import $SECKEY
gpg --homedir $tmp --export $ID > $PUBKEY
rm -rf $tmp
..
* http://stackoverflow.com/questions/7661500/how-to-get-public-key-from-private-in-gpg-without-using-local-storage-under
How submit public key to key server?
====================================
::
$ gpg --keyserver pgp.mit.edu --send-key $KEYID
What keys in local db?
======================
::
$ gpg --list-keys
$ gpg --list-keys $KEYID
$ gpg --list-keys $EMAIL
$ gpg --list-secret-keys
Making revocation certificate.
==============================
::
$ gpg --armor --output $KEYID.rev --gen-revoke $KEYID
How delete key?
===============
::
$ gpg --delete-key $KEYID
$ gpg --delete-key $USER
$ gpg --delete-key $EMAIL
$ gpg --delete-secret-key $KEYID
Dump content of key or signture.
================================
::
$ gpg --list-packets $FILE.sig
$ gpg --list-packets $FILE.key
$ sudo apt-get install pgpdump
$ pgpdump $FILE.sig
$ pgpdump $FILE.key
How sign file?
==============
To sign with first key::
$ gpg -o $file.sig --sign $file
$ gpg --default-key $NAME -o $file.sig --sign $file
$ gpg -u ${USER_NAME} -o $file.sig --sign $file
How verify signature?
=====================
::
$ gpg --verify $file.sig
How to backup private key?
==========================
Make a copy::
$ gpg --export-secret-keys --armor $KEYID > privkey.asc
Restore from copy::
$ gpg --allow-secret-key-import --import privkey.asc