From 531cb8da3d7914fbf822ef955e51acafeea19969 Mon Sep 17 00:00:00 2001 From: Malin Freeborn Date: Sun, 7 Apr 2024 18:20:42 +0200 Subject: [PATCH] note vim-gnupg --- data/gpg.md | 141 +-------------------------------------------- data/gpg/basics.md | 141 +++++++++++++++++++++++++++++++++++++++++++++ data/gpg/extras.md | 10 ++++ 3 files changed, 154 insertions(+), 138 deletions(-) create mode 100644 data/gpg/basics.md create mode 100644 data/gpg/extras.md diff --git a/data/gpg.md b/data/gpg.md index 4402f79..b00a719 100644 --- a/data/gpg.md +++ b/data/gpg.md @@ -1,142 +1,7 @@ --- title: "gpg" -tags: [ "Documentation", "data" ] +tags: [ "Documentation", "data", "GPG" ] --- -# Making keys - -Generate keys: - -```bash -gpg --gen-key -``` - -Follow the guide. - -# Encrypting a file - -```bash -gpg -r malinfreeborn@posteo.net -e file -``` - -`-r` specifies the recipient. - -Check you have an encrypted version of your file. - -# Changing Expiration Dates - -gpg --list-keys - -... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2? - -# Making encrypted files with a local password - -Make a password with a password (cypher encryption). - -```bash -gpg -c --output passwords.txt -``` - -or - -```bash -gpg -c > passwords.txt -``` - -Put in a password. - -Write message then stop with Ctrl+d. - -Get the message back out the file with: - -```bash -gpg -d passwords.txt -``` - -# Circles of Trust - -Search for a key at any key store: - -```bash -gpg --search-keys nestorv -``` - -Once you've made a decision about someone: - -```bash -gpg --list-keys -``` - -You get something like this: - -``` -pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15] - CD30421FD825696BD95F1FF644C62C57B790D3CF -uid [ultimate] Malin Freeborn -sub rsa3072 2021-08-15 [E] [expires: 2023-08-15] - -``` - -Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is. -This is a fingerprint. - -You can now decide the trust level (this stays on your computer). - -```bash -gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF -``` - -Once you're in the interface, type `trust`. - -```bash -gpg --sign-key alice@posteo.net -``` - -# Swapping Keys - -This system relies on a ring of people swapping key information. - -## Sending - -Send those trusted keys up to a server, so people can see you have verified them: - -```bash -gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F -``` - -## Upload Your Keys - -## Add More Key Servers - -Key servers often swap keys, but it's best to just send to multiple places immediately. -You can add key servers by adding this to `~/.gnupg/gpg.conf`. - -``` -keyserver hkps://keys.openpgp.org -keyserver hkps://mail-api.proton.me -keyserver hkps://keys.mailvelope.com -``` - -# Refresh Keys - -Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more). - -```bash -gpg --refresh-keys -``` - -You can use the [crontab](../basics/cron.md) to refresh keys. - -# Export - -Your public key: - -```bash -gpg --output me.gpg --armor --export -``` - -or - -```bash -gpg --export -a person@email.tld > my_key.pub -``` +- [Setup](gpg/basics.md) +- [Extras](gpg/extras.md) diff --git a/data/gpg/basics.md b/data/gpg/basics.md new file mode 100644 index 0000000..4e5db11 --- /dev/null +++ b/data/gpg/basics.md @@ -0,0 +1,141 @@ +--- +title: "GPG Basics" +tags: [ "Documentation", "data", "GPG" ] +--- +# Making keys + +Generate keys: + +```bash +gpg --gen-key +``` + +Follow the guide. + +# Encrypting a file + +```bash +gpg -r malinfreeborn@posteo.net -e file +``` + +`-r` specifies the recipient. + +Check you have an encrypted version of your file. + +# Changing Expiration Dates + +gpg --list-keys + +... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2? + +# Making encrypted files with a local password + +Make a password with a password (cypher encryption). + +```bash +gpg -c --output passwords.txt +``` + +or + +```bash +gpg -c > passwords.txt +``` + +Put in a password. + +Write message then stop with Ctrl+d. + +Get the message back out the file with: + +```bash +gpg -d passwords.txt +``` + +# Circles of Trust + +Search for a key at any key store: + +```bash +gpg --search-keys nestorv +``` + +Once you've made a decision about someone: + +```bash +gpg --list-keys +``` + +You get something like this: + +``` +pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15] + CD30421FD825696BD95F1FF644C62C57B790D3CF +uid [ultimate] Malin Freeborn +sub rsa3072 2021-08-15 [E] [expires: 2023-08-15] + +``` + +Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is. +This is a fingerprint. + +You can now decide the trust level (this stays on your computer). + +```bash +gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF +``` + +Once you're in the interface, type `trust`. + +```bash +gpg --sign-key alice@posteo.net +``` + +# Swapping Keys + +This system relies on a ring of people swapping key information. + +## Sending + +Send those trusted keys up to a server, so people can see you have verified them: + +```bash +gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F +``` + +## Upload Your Keys + +## Add More Key Servers + +Key servers often swap keys, but it's best to just send to multiple places immediately. +You can add key servers by adding this to `~/.gnupg/gpg.conf`. + +``` +keyserver hkps://keys.openpgp.org +keyserver hkps://mail-api.proton.me +keyserver hkps://keys.mailvelope.com +``` + +# Refresh Keys + +Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more). + +```bash +gpg --refresh-keys +``` + +You can use the [crontab](../basics/cron.md) to refresh keys. + +# Export + +Your public key: + +```bash +gpg --output me.gpg --armor --export +``` +Alternatively: + +```bash +gpg --export -a person@email.tld > my_key.pub +``` + diff --git a/data/gpg/extras.md b/data/gpg/extras.md new file mode 100644 index 0000000..47980b7 --- /dev/null +++ b/data/gpg/extras.md @@ -0,0 +1,10 @@ +--- +title: "gpg" +tags: [ "Documentation", "vim", "data", "GPG" ] +--- + +The `vim-gnupg` plugin lets vim edit gpg-encrypted files as if they were unencrypted. + +It's probably in your package manager. +If not, you'll need to endure the faff of following the [instructions](http://www.vim.org/scripts/script.php?script_id=3645). +