abcdw/gpg-explained.org

## gpg-explained.org

      
    Raw
  

              gpg-explained.org
            
          
    gpg explained

Plan for today


  Brief introduction
  Managing keys
  gpg key instead of ssh and gpg-agent instead of ssh-agent
  hardware tokens

Disclaimer


  I’m not a security expert.
  We won’t learn how to use tools for encryption/signing/etc today.

Asymmetric cryptography use cases

aka Public-key cryptography.

  Sign the work (binaries, commits, tags)
  Encrypt (files, emails, passwords)
  Authenticate (SSH, Git, VPN)
  Create and sign other keys

Name confusion and a little history


  PGP
a software tool.
  OpenPGP
a standard.
  gpg or GnuPG
complete and free implementation of OpenPGP.

Is gpg ideal?

GPG key structure and capabilities

https://rzetterberg.github.io/assets/yubikey-gpg-nixos/key-anatomy1.png

  Sign
  Encrypt
  Authenticate
  Certify

Managing keys

Generating key and subkeys

Do it in a safe environment.
gpg --expert --full-generate-key
gpg --edit-key
addkey
Where to store keys?

Backing up keys

# Use encrypted flash drive or similiar tool instead of ~/gpg-backup dir
# For more information: https://github.com/drduh/YubiKey-Guide#backup
mkdir ~/gpg-backup
gpg --export-secret-keys > ~/gpg-backup/keys.gpg
gpg --export-secret-subkeys > ~/gpg-backup/subkeys.gpg
Publishing key


  keyserver
  web
  email/etc

Searching for key

gpg --keyserver keyserver.ubuntu.com --search-keys KEYID
Importing keys

Generating ssh public key

https://wiki.archlinux.org/index.php/GnuPG#SSH_agent
  https://github.com/drduh/YubiKey-Guide#ssh
Extending expire date

Links


  https://github.com/drduh/YubiKey-Guide
  https://wiki.archlinux.org/index.php/GnuPG
  https://rzetterberg.github.io/yubikey-gpg-nixos.html
  https://latacora.micro.blog/2019/07/16/the-pgp-problem.html