Repository for documentation about doing GPG Keysigning Parties and using GPG in general
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

125 lines
2.5 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. # gpg presentation from Corey Richardson
  2. ## History
  3. GPG conceived around 1997 for mostly email encryption.
  4. Asymmetric Cryptography
  5. Generate 2 values, a public key and a private key.
  6. There are two things we want to ensure
  7. * authenticity: are we sure that the person we are talking to is them?
  8. * certificates
  9. * signing
  10. * confidentiality: are we sure they are the only ones who can see it?
  11. * encryption
  12. Keys
  13. * public key is public to the wold.
  14. * private key you keep secret.
  15. Operations
  16. * sign a message, produces a signature. Anyone with the signature can verify from the public key that the message was signed with the private key.
  17. * git supports this for signing commits
  18. * Say you work for a company. If that user didn't sign the software they wrote, it may show that they weren't the one responsible for a regression.
  19. * encryption, encrypt a value
  20. * encrypt the message with their public key, and the recipients can decrypt with the private key.
  21. In a key-signing party, you create a set of key pairs first.
  22. Don't use GPG1. Use GPG2
  23. ## Vanilla Key Creation
  24. Non-bullshit mode
  25. ```bash
  26. gpg --gen-key # generates a new keypair
  27. ```
  28. Asks for Real name and for an email address
  29. Asks for a password to secure the private key - this secures the key.
  30. Uses RSA by default. Old, works. Substantially slower than modern cryptography
  31. ## Yubikey
  32. Process - Generate master key (generally used for signing keys and changing expiration dates)
  33. Can have sub-keys for different purposes.
  34. The Yubikey will never release the key. You send data into the Yubikey and it comes out.
  35. There's good instructions here: https://github.com/drduh/YubiKey-Guide#purchase-yubikey
  36. ## Usage of GPG directly
  37. ### Sign a file
  38. ```bash
  39. gpg --sign <filename>
  40. ```
  41. > Createes <filename>.gpg
  42. ### Verify a file
  43. ```bash
  44. gpg --verify <filename>.gpg
  45. ```
  46. > Outputs some info.
  47. ### Encrypt a file
  48. ```bash
  49. gpg -r <email recipients or keyid> --encrypt <filename>
  50. ```
  51. > Creates <filename>.gpg
  52. > file tells us it's encrypted data
  53. ### Decrypt the file
  54. ```bash
  55. gpg --decrypt <filename> > <outputfile>
  56. ```
  57. We're piping the data from stdout
  58. ### Sign Key
  59. This is to sign a key
  60. ```
  61. gpg --recv-keys <keyid>
  62. gpg --sign-key <keyid>
  63. ```
  64. ## Key Management
  65. Keyservers exist to share GPG keys publicly.
  66. ```bash
  67. gpg --send-keys <keyid>
  68. ```
  69. ## Signing Git commits
  70. In `~/.gitconfig`
  71. ```
  72. user.signingkey = <keyid>
  73. commit.gpgSign = true
  74. ```
  75. Use `commit.gpgSign` to always sign by default.
  76. ```bash
  77. git commit --sign # optionally
  78. ```
  79. ## Decent Password Managers
  80. * OnePassword
  81. * Keepass