Updated about with larger QR code, updated gpg best practices
This commit is contained in:
Bastian de Byl
115
content/about.md
115
content/about.md
@@ -15,7 +15,7 @@ fingerprint QR-code. Feel free to scan it using the
|
|||||||
[OpenKeychain](https://www.openkeychain.org/) app! I'll provide it here in-case
|
[OpenKeychain](https://www.openkeychain.org/) app! I'll provide it here in-case
|
||||||
you are on a mobile device, and my full public key:
|
you are on a mobile device, and my full public key:
|
||||||
<center>
|
<center>
|
||||||
|
|
||||||
|
|
||||||
`70A4 AA02 555D BD55 9189 B4E0 F32B E05E ADAA 54FC`
|
`70A4 AA02 555D BD55 9189 B4E0 F32B E05E ADAA 54FC`
|
||||||
</center>
|
</center>
|
||||||
@@ -23,7 +23,6 @@ you are on a mobile device, and my full public key:
|
|||||||
{{% admonition info "Public Key" true %}}
|
{{% admonition info "Public Key" true %}}
|
||||||
```
|
```
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
Version: GnuPG v2.2.13 (GNU/Linux)
|
|
||||||
|
|
||||||
mQINBFoTpoMBEADDIjRewOTvJBQF4ZxK/LS7yBL0TuU7VbZzEH3s5YKj63P/Rmvx
|
mQINBFoTpoMBEADDIjRewOTvJBQF4ZxK/LS7yBL0TuU7VbZzEH3s5YKj63P/Rmvx
|
||||||
8/jMm0iop+uiPNo+0imIGYsdfW77bt95I9+kBm27eVf8mDMldMiS/LBCCmnuQ19u
|
8/jMm0iop+uiPNo+0imIGYsdfW77bt95I9+kBm27eVf8mDMldMiS/LBCCmnuQ19u
|
||||||
@@ -36,45 +35,81 @@ ds1OzX0A5RWzfYLPerx5ssKqHa5n09bq634FNHOXnjr9wQuRpxLmNrBgXWvohpuq
|
|||||||
E2+ZgdCIh9YmGsjrnlmjPZRUi5Bl/snTYEy422mJ11Mq04IYlS2IW4USxT1iOzt1
|
E2+ZgdCIh9YmGsjrnlmjPZRUi5Bl/snTYEy422mJ11Mq04IYlS2IW4USxT1iOzt1
|
||||||
nNc+PJ1n921Hy5z9ZG/g0+POrQe9PjCUwlou+2mNutHGvQJNzPOwSq0D7UbFrumi
|
nNc+PJ1n921Hy5z9ZG/g0+POrQe9PjCUwlou+2mNutHGvQJNzPOwSq0D7UbFrumi
|
||||||
Ak0TZ0QJCLOLG5pREeMuJYkd+SQ/1qTmQ5i9WQY3CmmlGXdM+gD3O0OP7wARAQAB
|
Ak0TZ0QJCLOLG5pREeMuJYkd+SQ/1qTmQ5i9WQY3CmmlGXdM+gD3O0OP7wARAQAB
|
||||||
tCdCYXN0aWFuIGRlIEJ5bCA8YmFzdGlhbmRlYnlsQGdtYWlsLmNvbT6JAk4EEwEK
|
tCdCYXN0aWFuIGRlIEJ5bCA8YmFzdGlhbmRlYnlsQGdtYWlsLmNvbT6JAlQEEwEK
|
||||||
ADgWIQRwpKoCVV29VZGJtODzK+BerapU/AUCWhOmgwIbAwULCQgHAgYVCgkICwIE
|
AD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRwpKoCVV29VZGJtODzK+Be
|
||||||
FgIDAQIeAQIXgAAKCRDzK+BerapU/L/+D/0XtboLkk8+f9z0kNO+4Vw/6cQaDFaN
|
rapU/AUCXHCqDgUJBD43CwAKCRDzK+BerapU/AswEACCY1JDmZPRdpkfNfjuvS/M
|
||||||
376IBvZneq5lvDV1BjWcsbEnUMFEBDm14hEN5gvsfMT+c+7wS2zYn41rCkhVFV/h
|
SKpHsHwSuNljYVHKGYmVcBGKqA1feZZMBn8bUqKEhmuZNQ6Df6zCximoHKecR7qI
|
||||||
EczuVCWKaCVjeIM9sC8iHbyZgYlrJBU1YKKue1ZC+OIQwScnUu7Ex+b2wze/Unif
|
xUi55YkBtwchY66pMF+xAPIxVl9TLgwCJfNmmzbJHU9ZoCwERJD4IsMZOhv2qCzM
|
||||||
471fANTBJcaaulFo92EaDhRWwdvuC0yT5B7qj02Qrpw5Q4udpaWmUE4ZtFFS4+7L
|
+Mbtat8hyCNroFtUPaJu0uR6Wudl9QWKKDLBErZa1caVMSpjXrnUP1U1A7SGqxCw
|
||||||
tZ5A39NOntwsIUBZJkWSUj0AdRl2DCq9jEKObibEbPieAkfevkCrkpd4yS+3JQsM
|
LbHOm42SyiclNcy2WA7yzGhLq1DviClOdFEk/158fNVimI7zgNwVRtHeOTlF9Klj
|
||||||
iAsHxNVbs9pPIFQKhwrnJ1XvkekqngTaP8oZ2t0r/Kqg8Fk6WMHJkYMlyP4H59+/
|
PDdp5Ut5UV05R8apA2rvu+PUcTVyfKiUnkaD3cnwL6gORfi4phDXTBEMdntBPToy
|
||||||
WVIrRU8+FjrT2GGF37+lM9xk/ebgqarujw3FXOw64HaRkzDYDuZc6yLLjt/qAjP1
|
K0pPpUms1XJVumOnFrIGNr9jI8LlOScYkL3kIcT3lqDrjjeWEHUlMrSIVe19FfSr
|
||||||
+vcAm1QGaR3t1Xjf9UgEnf3qBeafFcCnxyHzeyNgGewOva4E9xvPWnU3OK49JwJn
|
snoA0gZima4fePGi8KviAJLBwKeh5i/vHwF6pdjdIby+Dq5cKvR6qwtJktMMEd12
|
||||||
rrLmjoWmndPCGTDr4DCLw0Z47Y6eLeEJLuzlnjb3FvJS0D/7FQsU74iY7UcOGNtp
|
FXAIpxDIv0b6nXNsrvGDASHtsdjXYrv4bvFvce0pEUzW0XNCpM0uJsE++DD/mkEP
|
||||||
7+sF8LDpGFzfKix6xEMeFPrICxfNOrXj45J7NMIG4/2vVAJwNFTUYh3BMgLta36K
|
WxhFDV7+0K4L5unlfcpCP3zN38xlgxcIPMhieckYm1s35FAkMEXd3ei7SvPKrzna
|
||||||
ckkT510Iw9w5m1iazrQoEntmD+/FXMuCGFTvyfAWzUaorQo7e0yHz8b5orBh6bek
|
eQ5sq0PmroED51K8SJSahMkcRP5Y47BwknJNVa1fZGJ4lD8uNrTBIqnBGmDizbX1
|
||||||
FaPznygEozBVc7kCDQRaE6aDARAA1lqJBqZWseKWeIsZCBqm2a56+BSEFuL5aWt+
|
lKGAr/F4IojfVM7kEF2strkCDQRaE6aDARAA1lqJBqZWseKWeIsZCBqm2a56+BSE
|
||||||
pmbuM4udLGexX1kP5+8dYDWQwBC2jXnrCgoaG5ZPkVNSHQ3LObknGhNteNLn3+Mr
|
FuL5aWt+pmbuM4udLGexX1kP5+8dYDWQwBC2jXnrCgoaG5ZPkVNSHQ3LObknGhNt
|
||||||
pgv/sBSKmo4cDa9wiEgjw/7zlpjmrZoKCgpVSuFigS077EMhsX4YmzZO1J+AxGSr
|
eNLn3+Mrpgv/sBSKmo4cDa9wiEgjw/7zlpjmrZoKCgpVSuFigS077EMhsX4YmzZO
|
||||||
Wd+DZ3Ye89hcOZqMWW98kjJiEfwFtQfEI2+qRUJ4JyoDjj+znQHJrp2VIloPFvKW
|
1J+AxGSrWd+DZ3Ye89hcOZqMWW98kjJiEfwFtQfEI2+qRUJ4JyoDjj+znQHJrp2V
|
||||||
EzArM/ujUYZpP4eaes6/o+iGPwY3qbcnRFeZQLd/CyJFQn4dKVM/7H3VOsJTKnFX
|
IloPFvKWEzArM/ujUYZpP4eaes6/o+iGPwY3qbcnRFeZQLd/CyJFQn4dKVM/7H3V
|
||||||
5LfDZgFYXmFsSuzBy7n6UWd6t+6gzbrzhf+UyvM6EBS8gZUCYCuSRP/GoWjoCekD
|
OsJTKnFX5LfDZgFYXmFsSuzBy7n6UWd6t+6gzbrzhf+UyvM6EBS8gZUCYCuSRP/G
|
||||||
oxSo510O+JV8nScbf9sV8hGjfy7+j6jngwSltBGrDXEScvK+cQwdAN9YNt+4i9TP
|
oWjoCekDoxSo510O+JV8nScbf9sV8hGjfy7+j6jngwSltBGrDXEScvK+cQwdAN9Y
|
||||||
3Hn4GZpC3uq2HSCLX3rmrgT22L1X2QXFKyO1I2S7ksK5DmFQVuV1PR7GgWBLZzx3
|
Nt+4i9TP3Hn4GZpC3uq2HSCLX3rmrgT22L1X2QXFKyO1I2S7ksK5DmFQVuV1PR7G
|
||||||
j3I1Q1pZHgv6BXjCj/h70ycgS8Sg20GYedLS+W0PEbd8AKelIOPjthPdQpvBQY8l
|
gWBLZzx3j3I1Q1pZHgv6BXjCj/h70ycgS8Sg20GYedLS+W0PEbd8AKelIOPjthPd
|
||||||
3TV7W+7RN3tGpZylhCng28gytoAjbK+IBIXRIQqeq/NYRSgPg9hEjL3ArBKcBlwJ
|
QpvBQY8l3TV7W+7RN3tGpZylhCng28gytoAjbK+IBIXRIQqeq/NYRSgPg9hEjL3A
|
||||||
p6g7/WAuMoTwCMNssNCbK6jKX3IRvztVPdPaQZU5TZMrrb+ZJQtCbDkUArQaFaJG
|
rBKcBlwJp6g7/WAuMoTwCMNssNCbK6jKX3IRvztVPdPaQZU5TZMrrb+ZJQtCbDkU
|
||||||
+C/6X1UAEQEAAYkCNgQYAQoAIBYhBHCkqgJVXb1VkYm04PMr4F6tqlT8BQJaE6aD
|
ArQaFaJG+C/6X1UAEQEAAYkCPAQYAQoAJgIbDBYhBHCkqgJVXb1VkYm04PMr4F6t
|
||||||
AhsMAAoJEPMr4F6tqlT8gMoQAIDp09TEAuDxJuuH5wPOdeV03bsHYcenqhqRY2qV
|
qlT8BQJccKoWBQkEPjcTAAoJEPMr4F6tqlT8VNQP+gN+pGZ7R42uLoqLb0746vrV
|
||||||
4lCwUkinJZXzXLrvRwOcKJf23UkdJDQEMggfJc5DLuSgW3qavXBHOQBnGF5Fa2Jo
|
62kGb7kgWIa9/vxzRNA+ud6mtHs983QaOzNow/2uFFsi3EtZ+t5SKbDUpTtaqI+8
|
||||||
Cr2eblHg1/SwkSuQ3xh5UCELPwG0xeAoU0aeuncwOtN3Comp9Uo30FPqLzR63pi8
|
Q8VGJzx0P2qZVKNbHYfvW0Udn9axoXdMeiwCOvRPsqXQKSEaihWtQT5RzcVwJu7Y
|
||||||
BCrEY/+f0IhAZggu82l3rbf6pm7sKoucZ12jll6tML+La4qpHLoyrU0clwNylJVz
|
LOWI36hH6tpbx3+yMz22+bXWfLw7Em/1JObS/19WonsfwSAKLaAIyGnQadralzNa
|
||||||
tWPgfKcpvtbHmMpHLBx5cpuJJQKjuybCB7ODT45xLr/kNkNDb9YJ1DxMuY+sySXX
|
DKQil3Uj0BW6dbYMOuPZF/YoXIr9yQtJsUhInuYkbUGKBjB5dvTLSl1p8Gk2/3Ou
|
||||||
Bl9exhYmrsYms6+NHxG0w1EmqmGln31JLsjgQVktUuMnFWFTKSO61ZGbnibPmF/Y
|
MAfYCF81wDKgtTGJ2NYxi8hALKcDPS+vq4hilhPvfa3hXV0An0viXnsABxQY+xB9
|
||||||
RdlRZsjDpetX+VXiFEcgPbYEZBuEz8O1aUK+HCUwBx+a40WNjro90CUk9YZ2s3yR
|
/BdYMp0VuuCWY51HSljKj2skL92fB1QhMAu/Fz2fHRdn2IWKr7PEH92rufdRanw2
|
||||||
c1uH47bijOiRLeH5kuDtcEAzqFdvuMAr1BXNejFUPeAEGt8k8fQ0bzGPYICB4Msi
|
fGNPH6aOTBdD/G1XQ5S+vQs/gy8VsvlzUc32ntwfygBdA68WQvHqNrgY9PCQ2oqg
|
||||||
36FPRhHgzA/DpWDKgJ5N3w56RHe7XD96LiHkTp/eyOdgKkM9JY9Q5CoqdJ1q91gT
|
BjixZ178jTv9PW8SFPZBg5dEb7p6RG2ErSmjzCQbXnvKx1lHGTy/MMBdU/qq9GCo
|
||||||
2NJV6ifF4yeTsCjUhmouuZ+H2Bfi/6XDR1U6ACJq2JYOLa8MZeVlVGgkkeBR6ifv
|
gM5PsYAnjCs8x9XNxpnqFuYQT/z6OLYuLzDY795eLRzYB2rJYz6aBp80Ry6h7QwB
|
||||||
hRN2IsW1+4Xdb42E0Xjb6QIfbnrWP/4AjiZvVmCYJhLAGgw4ugzJNTx9X5rWKrlW
|
6mfGI4O7rqaOW2+hxAfwcoAYvYjRFRQq/TbHJGPMVim3YW0+JII2DYnpIQ2WGjnx
|
||||||
d65s
|
K9KToYW84EkYowriS/ZFuQINBFxwqh0BEADNCoVsNHTXHC1zp0uwciILDJ8GSihs
|
||||||
=QdhV
|
zIFQkffnbAkP39F0ugdDLM6zvZheWKgw7cu5ddVZ8S6riN+uqIOYBc91enI92kXi
|
||||||
|
vVvPIVtfQWihSjvR4aPXi9hZUG8VpYL+uyN8hVcv+gqewyjEAQaHVVMiNGijX2QO
|
||||||
|
X/OigW3n5pcOJt0pjMMs66ZN2M9PRxCDoKbr9hJuONoccgxZik9iy9J1lEeQRSm5
|
||||||
|
MjaQvUH5t3Ti/4knnMZ6yDzud3gWboDcQSTvFRbRkO+7mZ9vXRVEQ59Ox/Nr8TD7
|
||||||
|
pRo9GFw4fIiJHyGRHFvfxXMNPs1eaqVRAp+VjdbKDn8MXt2Vwu/SAnx3vCajYXQC
|
||||||
|
6cr2rTgZEHQeOiv7nvCjLSHUSyCBhKVPqiRKV7SkkTGtncHVraW2QJYGqLv84bdM
|
||||||
|
BVIhGZi0yUAOM85HgXD/EU2LsKUn6IXR+jF8mKPvKELx8p/KJoUy9zlpi08znsPE
|
||||||
|
hgZ4zGIER2NMAcqX5B/4OjbRGu4eLIBe6OkH1r/Jb2jhGqvgEXAA9R2G96kj6qYZ
|
||||||
|
aU3QdHXHg6Jk281XFHIIHZrvRWe9fdPdB0JKcZBDHCZURCvR60wasXa4JGtwwsbL
|
||||||
|
2YZIYltFf1DPt4cYIi5FUCqsY7bAtBJzhvfVWDIAAyafov5iikK9JS9jYOAwdXv4
|
||||||
|
6Lt17lkoeXDx7wARAQABiQRyBBgBCAAmFiEEcKSqAlVdvVWRibTg8yvgXq2qVPwF
|
||||||
|
Alxwqh0CGwIFCQHhM4ACQAkQ8yvgXq2qVPzBdCAEGQEIAB0WIQS108zp70t1/tr8
|
||||||
|
fBOy3P6/h1lTogUCXHCqHQAKCRCy3P6/h1lTohOvEACYFk8GRTwFkTCsMD6Wyfw9
|
||||||
|
ia5doD1AhxFQKm3Xyis3UdvfxiUDjgN5EZLhSJGsXaIEbug7CUCKnBIYDu6fP+v/
|
||||||
|
y4lvpKNqxJkpIIesbr9KMm73UQVL/kdbw2GYWUWecSeQH1joItL6JXlw4Jn7b9Oj
|
||||||
|
e/J0DF73/RMHfj322EquLLvjlIcuR+ImXHH4vy5eJJvzvDYUAnFBNR1/PjHf21zI
|
||||||
|
3YgApiRs4XpCieBC0TBfNJLJaWHTuBVnsSZ6BM6H3LghL8ca1EWsob1c1G0qUqni
|
||||||
|
O3rjmmZbbx7qF7tYV6974wx7vMxTCYmqyfVRP35RjKSbkT2Y3G9+opFOuixdOA3C
|
||||||
|
x3eXcGeIQEBQTZG5TQj9zcf/Hq0YJMxGQQHDzaEvn4MpnHKvJchelgyZGBjJ+u9O
|
||||||
|
zjjJ2nthb6EciYP5h1X29jeFGsCJAJBYzLTJZLiYDwYdgJzpz4fdW66G2kh+8Rfv
|
||||||
|
4Ai5q4oDQQL8PO+mXd2X8Wmr2ZvPvEgA70HrZxlO5v0ekGGCKBSeyRrBSKbtqzDD
|
||||||
|
54pHB1bf8QXmYG7fi0vC3xYAUPXfkFif/8dLor6MVcAzy2zgY+8Vxt++W9Fqm2OB
|
||||||
|
CZJwmBkMPMJAnQbjPQbNLGrbeXuA/QPYL/RC7/mQRyLpDWGsSy7GCoFmUVk8IxuM
|
||||||
|
jFqjmav/2fixclffKf7CEqP7D/9Qoos+nr7WiQPa9yW4a8LDkm/KR6Jl5zZZAGsE
|
||||||
|
K+yqkEBHrmCNd8Q8i67b1xXCRNJHxXvoBhV1Ct/pEJ9mPgvjbyh/6TrhKN2u7fBn
|
||||||
|
jwEHPKOeWtBD/+45Rvi0woDBrjqg74ZP2BK089RyWE6MMufsTg1Yw1yPyEFCn+DQ
|
||||||
|
3shX1+ebtP62yBh6sYozq/zhNfCHUgqmWbnmc2UFZ+tGi9UiEMTwcjB1QimnBt4c
|
||||||
|
GllJ+HHo8I14v+LMiVC+6z1YiTY7HZi7hWmujAc26bi/NaFSDj8NFoTSYDVRDL9o
|
||||||
|
SkjedttjNbNskNxCqNsiCINI+9XfwE6UWtTDIvWrE8uLr06em9Rq2mn5ZOdoJ+7i
|
||||||
|
ZTtVDwlsBjjSDML+pOiKDLh2c1TvvNVBexGfsDlnqO0VFYt0lztWJV6yZqHrgW2A
|
||||||
|
XEJwxgd6GqnYx3gSmrZIvU7HJaumrURCp1TbIyxIF52aNSF5UNrfgZmmxY26ui8Z
|
||||||
|
azCSBJyi6EnE9kDYJVRyfk260VQ54K+jsqJW3bUuGa+9Fn9ZVRXnVVguizDlpqn3
|
||||||
|
jkxFiRR9iFiPaRnGk5NjJLgymfa166VZBn9YzNS9T0hHqrdFxhsebfLNtdUbMdd4
|
||||||
|
sZQNaO9sqwN7NSafZ16x97GH5Tsqk2cSRcMy0wKw2QQzMz7f8GS7Es7nbNikN7m1
|
||||||
|
XsiDHQ==
|
||||||
|
=yi65
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
```
|
```
|
||||||
{{% /admonition %}}
|
{{% /admonition %}}
|
||||||
|
|
||||||
|
|||||||
@@ -1,44 +1,61 @@
|
|||||||
---
|
---
|
||||||
title: "OpenPGP Best Practices (and Git)"
|
title: "OpenPGP Best Practices (and Git)"
|
||||||
date: 2019-02-17
|
date: 2019-02-17
|
||||||
lastmod: 2019-02-18
|
lastmod: 2019-02-22
|
||||||
categories: ["Blog"]
|
categories: ["Blog"]
|
||||||
tags: ["linux"]
|
tags: ["linux"]
|
||||||
---
|
---
|
||||||
I decided to start signing my Git commits for personal, and work Git
|
I decided to start signing my Git commits for personal, and work Git
|
||||||
repositories. Currently, most third-party Git repository hosts only support
|
repositories. Currently, most third-party Git repository hosts only support
|
||||||
signing commits, but **do not** support signing pushes.
|
signed commits and **do not** support signed pushes.
|
||||||
<!--more-->
|
<!--more-->
|
||||||
|
|
||||||
That being said, I've added my public key to my
|
That being said, I have added my public key to my
|
||||||
[GitLab](https://gitlab.com/bdebyl), and set the global config to use my key,
|
[GitLab](https://gitlab.com/bdebyl), and set the global config to use my signing
|
||||||
and sign all of my commits:
|
key, and sign all of my commits.
|
||||||
```bash
|
```bash
|
||||||
git config --global user.signingKey ADAA54FC
|
git config --global user.signingKey 875953A2
|
||||||
git config --global commit.gpgSign true
|
git config --global commit.gpgSign true
|
||||||
```
|
```
|
||||||
_Note: I am using git version `2.20.1` in the above example._
|
|
||||||
|
For reference, I am directly referencing the subkey ID I use for **signing only**
|
||||||
|
denoted by `[S]`:
|
||||||
|
```
|
||||||
|
pub rsa4096/ADAA54FC 2017-11-21 [SC] [expires: 2020-02-23]
|
||||||
|
uid Bastian de Byl <bastiandebyl@gmail.com>
|
||||||
|
sub rsa4096/A72FC2F1 2017-11-21 [E] [expires: 2020-02-23]
|
||||||
|
sub rsa4096/875953A2 2019-02-23 [S] [expires: 2020-02-23]
|
||||||
|
```
|
||||||
|
<sub>Note: _I am using git version `2.20.1` in the above example._</sub>
|
||||||
|
|
||||||
|
|
||||||
# Getting Started with OpenPGP
|
# Getting Started with OpenPGP
|
||||||
It is recommended to read through the
|
It is recommended to read through the
|
||||||
[Getting Started](https://www.gnupg.org/gph/en/manual/c14.html) page on the
|
[Getting Started](https://www.gnupg.org/gph/en/manual/c14.html) page on the
|
||||||
official GnuPG website. However, I would **strongly** recommend using the
|
official GnuPG website. It is also **strongly** recommend to use the
|
||||||
`--full-gen-key` option in place of the `--gen-key`. This will allow you to
|
`--full-gen-key` option in place of `--gen-key`. This will allow you to specify
|
||||||
specify additional details about your key, such as using a 4096-bit RSA key.
|
additional details about your key, such as using a 4096-bit RSA key. Lastly,
|
||||||
|
create a separate subkey for **signing only** -- read more about that
|
||||||
|
[here](https://wiki.debian.org/Subkeys).
|
||||||
|
|
||||||
# OpenPGP Keyserver Pool
|
# OpenPGP Keyserver Pool
|
||||||
In addition to that, there came the addition of using the
|
As of GnuPG version
|
||||||
[SKS Keyserver Pool](https://sks-keyservers.net/overview-of-pools.php) for
|
[2.1.11](https://github.com/riseupnet/riseup_help/issues/294#issuecomment-192913705),
|
||||||
sending and receiving keys for OpenPGP. This can be done by obtaining the CA and
|
the `hpks.pool.sks-keyservers.net` CA certificate is installed and made use by
|
||||||
verifying the signature on the
|
default meaning there is nothing to do.
|
||||||
[HKPS Pool Verification](https://sks-keyservers.net/verify_tls.php) page.
|
|
||||||
|
However, if you are using older versions then obtain the CA and verify the
|
||||||
|
signature. Instructions can be found on the
|
||||||
|
[HKPS Pool Verification](https://sks-keyservers.net/verify_tls.php) page or by
|
||||||
|
reading further below.
|
||||||
|
|
||||||
## Verification
|
## Verification
|
||||||
|
To verify and retrieve the necessary keys to do so (automatically, if possible):
|
||||||
```
|
```
|
||||||
gpg --auto-key-retrieve --verify sks-keyservers.netCA.pem.asc sks-keyservers.netCA.pem
|
gpg --auto-key-retrieve --verify sks-keyservers.netCA.pem.asc sks-keyservers.netCA.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
The output received was as follows:
|
The expected output:
|
||||||
```
|
```
|
||||||
gpg: Signature made Wed 30 Mar 2016 11:06:29 AM EDT
|
gpg: Signature made Wed 30 Mar 2016 11:06:29 AM EDT
|
||||||
gpg: using RSA key 250B7AFED6379D85
|
gpg: using RSA key 250B7AFED6379D85
|
||||||
@@ -59,8 +76,12 @@ Primary key fingerprint: 94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
|
|||||||
|
|
||||||
## Adding the HKPS Pool CA
|
## Adding the HKPS Pool CA
|
||||||
Once the signature has been verified, the CA can be moved over to
|
Once the signature has been verified, the CA can be moved over to
|
||||||
`/usr/share/ca-certificates` to add to your CA certificates via `sudo
|
`/usr/share/ca-certificates` to update the list of trusted CA certificates. Do
|
||||||
update-ca-trust` (_Arch_) or `sudo update-ca-certificates` (_Debian/Ubuntu_).
|
this via:
|
||||||
|
|
||||||
|
+ `sudo update-ca-trust` (_Arch_)
|
||||||
|
+ `sudo update-ca-certificates` (_Debian/Ubuntu, RHEL_)
|
||||||
|
|
||||||
|
|
||||||
{{% admonition tip "CA Path" %}}
|
{{% admonition tip "CA Path" %}}
|
||||||
On my system the full path to the CA certs is:
|
On my system the full path to the CA certs is:
|
||||||
@@ -102,10 +123,11 @@ keyserver-options no-honor-keyserver-url
|
|||||||
---
|
---
|
||||||
|
|
||||||
# More Information
|
# More Information
|
||||||
There is a whole load of information on
|
The
|
||||||
[OpenPGP Best Practices](https://riseup.net/en/security/message-security/openpgp/best-practices).
|
[OpenPGP Best Practices](https://riseup.net/en/security/message-security/openpgp/best-practices)
|
||||||
A few noteworthy points worth exploring:
|
page is a good resource for finding out more on best practices. A few points
|
||||||
|
worth exploring, that I personally recommend:
|
||||||
|
|
||||||
- **Keep an encrypted backup of your secret key**
|
- Keep an encrypted backup of your secret key
|
||||||
- Have a separate subkey for signing
|
|
||||||
- Keep your primary key entirely offline
|
- Keep your primary key entirely offline
|
||||||
|
- Have a separate subkey for signing
|
||||||
|
|||||||
Reference in New Issue
Block a user