Updated about with larger QR code, updated gpg best practices
This commit is contained in:
Bastian de Byl
115
content/about.md
115
content/about.md
@@ -15,7 +15,7 @@ fingerprint QR-code. Feel free to scan it using the
|
||||
[OpenKeychain](https://www.openkeychain.org/) app! I'll provide it here in-case
|
||||
you are on a mobile device, and my full public key:
|
||||
<center>
|
||||
|
||||
|
||||
|
||||
`70A4 AA02 555D BD55 9189 B4E0 F32B E05E ADAA 54FC`
|
||||
</center>
|
||||
@@ -23,7 +23,6 @@ you are on a mobile device, and my full public key:
|
||||
{{% admonition info "Public Key" true %}}
|
||||
```
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.2.13 (GNU/Linux)
|
||||
|
||||
mQINBFoTpoMBEADDIjRewOTvJBQF4ZxK/LS7yBL0TuU7VbZzEH3s5YKj63P/Rmvx
|
||||
8/jMm0iop+uiPNo+0imIGYsdfW77bt95I9+kBm27eVf8mDMldMiS/LBCCmnuQ19u
|
||||
@@ -36,45 +35,81 @@ ds1OzX0A5RWzfYLPerx5ssKqHa5n09bq634FNHOXnjr9wQuRpxLmNrBgXWvohpuq
|
||||
E2+ZgdCIh9YmGsjrnlmjPZRUi5Bl/snTYEy422mJ11Mq04IYlS2IW4USxT1iOzt1
|
||||
nNc+PJ1n921Hy5z9ZG/g0+POrQe9PjCUwlou+2mNutHGvQJNzPOwSq0D7UbFrumi
|
||||
Ak0TZ0QJCLOLG5pREeMuJYkd+SQ/1qTmQ5i9WQY3CmmlGXdM+gD3O0OP7wARAQAB
|
||||
tCdCYXN0aWFuIGRlIEJ5bCA8YmFzdGlhbmRlYnlsQGdtYWlsLmNvbT6JAk4EEwEK
|
||||
ADgWIQRwpKoCVV29VZGJtODzK+BerapU/AUCWhOmgwIbAwULCQgHAgYVCgkICwIE
|
||||
FgIDAQIeAQIXgAAKCRDzK+BerapU/L/+D/0XtboLkk8+f9z0kNO+4Vw/6cQaDFaN
|
||||
376IBvZneq5lvDV1BjWcsbEnUMFEBDm14hEN5gvsfMT+c+7wS2zYn41rCkhVFV/h
|
||||
EczuVCWKaCVjeIM9sC8iHbyZgYlrJBU1YKKue1ZC+OIQwScnUu7Ex+b2wze/Unif
|
||||
471fANTBJcaaulFo92EaDhRWwdvuC0yT5B7qj02Qrpw5Q4udpaWmUE4ZtFFS4+7L
|
||||
tZ5A39NOntwsIUBZJkWSUj0AdRl2DCq9jEKObibEbPieAkfevkCrkpd4yS+3JQsM
|
||||
iAsHxNVbs9pPIFQKhwrnJ1XvkekqngTaP8oZ2t0r/Kqg8Fk6WMHJkYMlyP4H59+/
|
||||
WVIrRU8+FjrT2GGF37+lM9xk/ebgqarujw3FXOw64HaRkzDYDuZc6yLLjt/qAjP1
|
||||
+vcAm1QGaR3t1Xjf9UgEnf3qBeafFcCnxyHzeyNgGewOva4E9xvPWnU3OK49JwJn
|
||||
rrLmjoWmndPCGTDr4DCLw0Z47Y6eLeEJLuzlnjb3FvJS0D/7FQsU74iY7UcOGNtp
|
||||
7+sF8LDpGFzfKix6xEMeFPrICxfNOrXj45J7NMIG4/2vVAJwNFTUYh3BMgLta36K
|
||||
ckkT510Iw9w5m1iazrQoEntmD+/FXMuCGFTvyfAWzUaorQo7e0yHz8b5orBh6bek
|
||||
FaPznygEozBVc7kCDQRaE6aDARAA1lqJBqZWseKWeIsZCBqm2a56+BSEFuL5aWt+
|
||||
pmbuM4udLGexX1kP5+8dYDWQwBC2jXnrCgoaG5ZPkVNSHQ3LObknGhNteNLn3+Mr
|
||||
pgv/sBSKmo4cDa9wiEgjw/7zlpjmrZoKCgpVSuFigS077EMhsX4YmzZO1J+AxGSr
|
||||
Wd+DZ3Ye89hcOZqMWW98kjJiEfwFtQfEI2+qRUJ4JyoDjj+znQHJrp2VIloPFvKW
|
||||
EzArM/ujUYZpP4eaes6/o+iGPwY3qbcnRFeZQLd/CyJFQn4dKVM/7H3VOsJTKnFX
|
||||
5LfDZgFYXmFsSuzBy7n6UWd6t+6gzbrzhf+UyvM6EBS8gZUCYCuSRP/GoWjoCekD
|
||||
oxSo510O+JV8nScbf9sV8hGjfy7+j6jngwSltBGrDXEScvK+cQwdAN9YNt+4i9TP
|
||||
3Hn4GZpC3uq2HSCLX3rmrgT22L1X2QXFKyO1I2S7ksK5DmFQVuV1PR7GgWBLZzx3
|
||||
j3I1Q1pZHgv6BXjCj/h70ycgS8Sg20GYedLS+W0PEbd8AKelIOPjthPdQpvBQY8l
|
||||
3TV7W+7RN3tGpZylhCng28gytoAjbK+IBIXRIQqeq/NYRSgPg9hEjL3ArBKcBlwJ
|
||||
p6g7/WAuMoTwCMNssNCbK6jKX3IRvztVPdPaQZU5TZMrrb+ZJQtCbDkUArQaFaJG
|
||||
+C/6X1UAEQEAAYkCNgQYAQoAIBYhBHCkqgJVXb1VkYm04PMr4F6tqlT8BQJaE6aD
|
||||
AhsMAAoJEPMr4F6tqlT8gMoQAIDp09TEAuDxJuuH5wPOdeV03bsHYcenqhqRY2qV
|
||||
4lCwUkinJZXzXLrvRwOcKJf23UkdJDQEMggfJc5DLuSgW3qavXBHOQBnGF5Fa2Jo
|
||||
Cr2eblHg1/SwkSuQ3xh5UCELPwG0xeAoU0aeuncwOtN3Comp9Uo30FPqLzR63pi8
|
||||
BCrEY/+f0IhAZggu82l3rbf6pm7sKoucZ12jll6tML+La4qpHLoyrU0clwNylJVz
|
||||
tWPgfKcpvtbHmMpHLBx5cpuJJQKjuybCB7ODT45xLr/kNkNDb9YJ1DxMuY+sySXX
|
||||
Bl9exhYmrsYms6+NHxG0w1EmqmGln31JLsjgQVktUuMnFWFTKSO61ZGbnibPmF/Y
|
||||
RdlRZsjDpetX+VXiFEcgPbYEZBuEz8O1aUK+HCUwBx+a40WNjro90CUk9YZ2s3yR
|
||||
c1uH47bijOiRLeH5kuDtcEAzqFdvuMAr1BXNejFUPeAEGt8k8fQ0bzGPYICB4Msi
|
||||
36FPRhHgzA/DpWDKgJ5N3w56RHe7XD96LiHkTp/eyOdgKkM9JY9Q5CoqdJ1q91gT
|
||||
2NJV6ifF4yeTsCjUhmouuZ+H2Bfi/6XDR1U6ACJq2JYOLa8MZeVlVGgkkeBR6ifv
|
||||
hRN2IsW1+4Xdb42E0Xjb6QIfbnrWP/4AjiZvVmCYJhLAGgw4ugzJNTx9X5rWKrlW
|
||||
d65s
|
||||
=QdhV
|
||||
tCdCYXN0aWFuIGRlIEJ5bCA8YmFzdGlhbmRlYnlsQGdtYWlsLmNvbT6JAlQEEwEK
|
||||
AD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRwpKoCVV29VZGJtODzK+Be
|
||||
rapU/AUCXHCqDgUJBD43CwAKCRDzK+BerapU/AswEACCY1JDmZPRdpkfNfjuvS/M
|
||||
SKpHsHwSuNljYVHKGYmVcBGKqA1feZZMBn8bUqKEhmuZNQ6Df6zCximoHKecR7qI
|
||||
xUi55YkBtwchY66pMF+xAPIxVl9TLgwCJfNmmzbJHU9ZoCwERJD4IsMZOhv2qCzM
|
||||
+Mbtat8hyCNroFtUPaJu0uR6Wudl9QWKKDLBErZa1caVMSpjXrnUP1U1A7SGqxCw
|
||||
LbHOm42SyiclNcy2WA7yzGhLq1DviClOdFEk/158fNVimI7zgNwVRtHeOTlF9Klj
|
||||
PDdp5Ut5UV05R8apA2rvu+PUcTVyfKiUnkaD3cnwL6gORfi4phDXTBEMdntBPToy
|
||||
K0pPpUms1XJVumOnFrIGNr9jI8LlOScYkL3kIcT3lqDrjjeWEHUlMrSIVe19FfSr
|
||||
snoA0gZima4fePGi8KviAJLBwKeh5i/vHwF6pdjdIby+Dq5cKvR6qwtJktMMEd12
|
||||
FXAIpxDIv0b6nXNsrvGDASHtsdjXYrv4bvFvce0pEUzW0XNCpM0uJsE++DD/mkEP
|
||||
WxhFDV7+0K4L5unlfcpCP3zN38xlgxcIPMhieckYm1s35FAkMEXd3ei7SvPKrzna
|
||||
eQ5sq0PmroED51K8SJSahMkcRP5Y47BwknJNVa1fZGJ4lD8uNrTBIqnBGmDizbX1
|
||||
lKGAr/F4IojfVM7kEF2strkCDQRaE6aDARAA1lqJBqZWseKWeIsZCBqm2a56+BSE
|
||||
FuL5aWt+pmbuM4udLGexX1kP5+8dYDWQwBC2jXnrCgoaG5ZPkVNSHQ3LObknGhNt
|
||||
eNLn3+Mrpgv/sBSKmo4cDa9wiEgjw/7zlpjmrZoKCgpVSuFigS077EMhsX4YmzZO
|
||||
1J+AxGSrWd+DZ3Ye89hcOZqMWW98kjJiEfwFtQfEI2+qRUJ4JyoDjj+znQHJrp2V
|
||||
IloPFvKWEzArM/ujUYZpP4eaes6/o+iGPwY3qbcnRFeZQLd/CyJFQn4dKVM/7H3V
|
||||
OsJTKnFX5LfDZgFYXmFsSuzBy7n6UWd6t+6gzbrzhf+UyvM6EBS8gZUCYCuSRP/G
|
||||
oWjoCekDoxSo510O+JV8nScbf9sV8hGjfy7+j6jngwSltBGrDXEScvK+cQwdAN9Y
|
||||
Nt+4i9TP3Hn4GZpC3uq2HSCLX3rmrgT22L1X2QXFKyO1I2S7ksK5DmFQVuV1PR7G
|
||||
gWBLZzx3j3I1Q1pZHgv6BXjCj/h70ycgS8Sg20GYedLS+W0PEbd8AKelIOPjthPd
|
||||
QpvBQY8l3TV7W+7RN3tGpZylhCng28gytoAjbK+IBIXRIQqeq/NYRSgPg9hEjL3A
|
||||
rBKcBlwJp6g7/WAuMoTwCMNssNCbK6jKX3IRvztVPdPaQZU5TZMrrb+ZJQtCbDkU
|
||||
ArQaFaJG+C/6X1UAEQEAAYkCPAQYAQoAJgIbDBYhBHCkqgJVXb1VkYm04PMr4F6t
|
||||
qlT8BQJccKoWBQkEPjcTAAoJEPMr4F6tqlT8VNQP+gN+pGZ7R42uLoqLb0746vrV
|
||||
62kGb7kgWIa9/vxzRNA+ud6mtHs983QaOzNow/2uFFsi3EtZ+t5SKbDUpTtaqI+8
|
||||
Q8VGJzx0P2qZVKNbHYfvW0Udn9axoXdMeiwCOvRPsqXQKSEaihWtQT5RzcVwJu7Y
|
||||
LOWI36hH6tpbx3+yMz22+bXWfLw7Em/1JObS/19WonsfwSAKLaAIyGnQadralzNa
|
||||
DKQil3Uj0BW6dbYMOuPZF/YoXIr9yQtJsUhInuYkbUGKBjB5dvTLSl1p8Gk2/3Ou
|
||||
MAfYCF81wDKgtTGJ2NYxi8hALKcDPS+vq4hilhPvfa3hXV0An0viXnsABxQY+xB9
|
||||
/BdYMp0VuuCWY51HSljKj2skL92fB1QhMAu/Fz2fHRdn2IWKr7PEH92rufdRanw2
|
||||
fGNPH6aOTBdD/G1XQ5S+vQs/gy8VsvlzUc32ntwfygBdA68WQvHqNrgY9PCQ2oqg
|
||||
BjixZ178jTv9PW8SFPZBg5dEb7p6RG2ErSmjzCQbXnvKx1lHGTy/MMBdU/qq9GCo
|
||||
gM5PsYAnjCs8x9XNxpnqFuYQT/z6OLYuLzDY795eLRzYB2rJYz6aBp80Ry6h7QwB
|
||||
6mfGI4O7rqaOW2+hxAfwcoAYvYjRFRQq/TbHJGPMVim3YW0+JII2DYnpIQ2WGjnx
|
||||
K9KToYW84EkYowriS/ZFuQINBFxwqh0BEADNCoVsNHTXHC1zp0uwciILDJ8GSihs
|
||||
zIFQkffnbAkP39F0ugdDLM6zvZheWKgw7cu5ddVZ8S6riN+uqIOYBc91enI92kXi
|
||||
vVvPIVtfQWihSjvR4aPXi9hZUG8VpYL+uyN8hVcv+gqewyjEAQaHVVMiNGijX2QO
|
||||
X/OigW3n5pcOJt0pjMMs66ZN2M9PRxCDoKbr9hJuONoccgxZik9iy9J1lEeQRSm5
|
||||
MjaQvUH5t3Ti/4knnMZ6yDzud3gWboDcQSTvFRbRkO+7mZ9vXRVEQ59Ox/Nr8TD7
|
||||
pRo9GFw4fIiJHyGRHFvfxXMNPs1eaqVRAp+VjdbKDn8MXt2Vwu/SAnx3vCajYXQC
|
||||
6cr2rTgZEHQeOiv7nvCjLSHUSyCBhKVPqiRKV7SkkTGtncHVraW2QJYGqLv84bdM
|
||||
BVIhGZi0yUAOM85HgXD/EU2LsKUn6IXR+jF8mKPvKELx8p/KJoUy9zlpi08znsPE
|
||||
hgZ4zGIER2NMAcqX5B/4OjbRGu4eLIBe6OkH1r/Jb2jhGqvgEXAA9R2G96kj6qYZ
|
||||
aU3QdHXHg6Jk281XFHIIHZrvRWe9fdPdB0JKcZBDHCZURCvR60wasXa4JGtwwsbL
|
||||
2YZIYltFf1DPt4cYIi5FUCqsY7bAtBJzhvfVWDIAAyafov5iikK9JS9jYOAwdXv4
|
||||
6Lt17lkoeXDx7wARAQABiQRyBBgBCAAmFiEEcKSqAlVdvVWRibTg8yvgXq2qVPwF
|
||||
Alxwqh0CGwIFCQHhM4ACQAkQ8yvgXq2qVPzBdCAEGQEIAB0WIQS108zp70t1/tr8
|
||||
fBOy3P6/h1lTogUCXHCqHQAKCRCy3P6/h1lTohOvEACYFk8GRTwFkTCsMD6Wyfw9
|
||||
ia5doD1AhxFQKm3Xyis3UdvfxiUDjgN5EZLhSJGsXaIEbug7CUCKnBIYDu6fP+v/
|
||||
y4lvpKNqxJkpIIesbr9KMm73UQVL/kdbw2GYWUWecSeQH1joItL6JXlw4Jn7b9Oj
|
||||
e/J0DF73/RMHfj322EquLLvjlIcuR+ImXHH4vy5eJJvzvDYUAnFBNR1/PjHf21zI
|
||||
3YgApiRs4XpCieBC0TBfNJLJaWHTuBVnsSZ6BM6H3LghL8ca1EWsob1c1G0qUqni
|
||||
O3rjmmZbbx7qF7tYV6974wx7vMxTCYmqyfVRP35RjKSbkT2Y3G9+opFOuixdOA3C
|
||||
x3eXcGeIQEBQTZG5TQj9zcf/Hq0YJMxGQQHDzaEvn4MpnHKvJchelgyZGBjJ+u9O
|
||||
zjjJ2nthb6EciYP5h1X29jeFGsCJAJBYzLTJZLiYDwYdgJzpz4fdW66G2kh+8Rfv
|
||||
4Ai5q4oDQQL8PO+mXd2X8Wmr2ZvPvEgA70HrZxlO5v0ekGGCKBSeyRrBSKbtqzDD
|
||||
54pHB1bf8QXmYG7fi0vC3xYAUPXfkFif/8dLor6MVcAzy2zgY+8Vxt++W9Fqm2OB
|
||||
CZJwmBkMPMJAnQbjPQbNLGrbeXuA/QPYL/RC7/mQRyLpDWGsSy7GCoFmUVk8IxuM
|
||||
jFqjmav/2fixclffKf7CEqP7D/9Qoos+nr7WiQPa9yW4a8LDkm/KR6Jl5zZZAGsE
|
||||
K+yqkEBHrmCNd8Q8i67b1xXCRNJHxXvoBhV1Ct/pEJ9mPgvjbyh/6TrhKN2u7fBn
|
||||
jwEHPKOeWtBD/+45Rvi0woDBrjqg74ZP2BK089RyWE6MMufsTg1Yw1yPyEFCn+DQ
|
||||
3shX1+ebtP62yBh6sYozq/zhNfCHUgqmWbnmc2UFZ+tGi9UiEMTwcjB1QimnBt4c
|
||||
GllJ+HHo8I14v+LMiVC+6z1YiTY7HZi7hWmujAc26bi/NaFSDj8NFoTSYDVRDL9o
|
||||
SkjedttjNbNskNxCqNsiCINI+9XfwE6UWtTDIvWrE8uLr06em9Rq2mn5ZOdoJ+7i
|
||||
ZTtVDwlsBjjSDML+pOiKDLh2c1TvvNVBexGfsDlnqO0VFYt0lztWJV6yZqHrgW2A
|
||||
XEJwxgd6GqnYx3gSmrZIvU7HJaumrURCp1TbIyxIF52aNSF5UNrfgZmmxY26ui8Z
|
||||
azCSBJyi6EnE9kDYJVRyfk260VQ54K+jsqJW3bUuGa+9Fn9ZVRXnVVguizDlpqn3
|
||||
jkxFiRR9iFiPaRnGk5NjJLgymfa166VZBn9YzNS9T0hHqrdFxhsebfLNtdUbMdd4
|
||||
sZQNaO9sqwN7NSafZ16x97GH5Tsqk2cSRcMy0wKw2QQzMz7f8GS7Es7nbNikN7m1
|
||||
XsiDHQ==
|
||||
=yi65
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
```
|
||||
{{% /admonition %}}
|
||||
|
||||
|
||||
@@ -1,44 +1,61 @@
|
||||
---
|
||||
title: "OpenPGP Best Practices (and Git)"
|
||||
date: 2019-02-17
|
||||
lastmod: 2019-02-18
|
||||
lastmod: 2019-02-22
|
||||
categories: ["Blog"]
|
||||
tags: ["linux"]
|
||||
---
|
||||
I decided to start signing my Git commits for personal, and work Git
|
||||
repositories. Currently, most third-party Git repository hosts only support
|
||||
signing commits, but **do not** support signing pushes.
|
||||
signed commits and **do not** support signed pushes.
|
||||
<!--more-->
|
||||
|
||||
That being said, I've added my public key to my
|
||||
[GitLab](https://gitlab.com/bdebyl), and set the global config to use my key,
|
||||
and sign all of my commits:
|
||||
That being said, I have added my public key to my
|
||||
[GitLab](https://gitlab.com/bdebyl), and set the global config to use my signing
|
||||
key, and sign all of my commits.
|
||||
```bash
|
||||
git config --global user.signingKey ADAA54FC
|
||||
git config --global user.signingKey 875953A2
|
||||
git config --global commit.gpgSign true
|
||||
```
|
||||
_Note: I am using git version `2.20.1` in the above example._
|
||||
|
||||
For reference, I am directly referencing the subkey ID I use for **signing only**
|
||||
denoted by `[S]`:
|
||||
```
|
||||
pub rsa4096/ADAA54FC 2017-11-21 [SC] [expires: 2020-02-23]
|
||||
uid Bastian de Byl <bastiandebyl@gmail.com>
|
||||
sub rsa4096/A72FC2F1 2017-11-21 [E] [expires: 2020-02-23]
|
||||
sub rsa4096/875953A2 2019-02-23 [S] [expires: 2020-02-23]
|
||||
```
|
||||
<sub>Note: _I am using git version `2.20.1` in the above example._</sub>
|
||||
|
||||
|
||||
# Getting Started with OpenPGP
|
||||
It is recommended to read through the
|
||||
[Getting Started](https://www.gnupg.org/gph/en/manual/c14.html) page on the
|
||||
official GnuPG website. However, I would **strongly** recommend using the
|
||||
`--full-gen-key` option in place of the `--gen-key`. This will allow you to
|
||||
specify additional details about your key, such as using a 4096-bit RSA key.
|
||||
official GnuPG website. It is also **strongly** recommend to use the
|
||||
`--full-gen-key` option in place of `--gen-key`. This will allow you to specify
|
||||
additional details about your key, such as using a 4096-bit RSA key. Lastly,
|
||||
create a separate subkey for **signing only** -- read more about that
|
||||
[here](https://wiki.debian.org/Subkeys).
|
||||
|
||||
# OpenPGP Keyserver Pool
|
||||
In addition to that, there came the addition of using the
|
||||
[SKS Keyserver Pool](https://sks-keyservers.net/overview-of-pools.php) for
|
||||
sending and receiving keys for OpenPGP. This can be done by obtaining the CA and
|
||||
verifying the signature on the
|
||||
[HKPS Pool Verification](https://sks-keyservers.net/verify_tls.php) page.
|
||||
As of GnuPG version
|
||||
[2.1.11](https://github.com/riseupnet/riseup_help/issues/294#issuecomment-192913705),
|
||||
the `hpks.pool.sks-keyservers.net` CA certificate is installed and made use by
|
||||
default meaning there is nothing to do.
|
||||
|
||||
However, if you are using older versions then obtain the CA and verify the
|
||||
signature. Instructions can be found on the
|
||||
[HKPS Pool Verification](https://sks-keyservers.net/verify_tls.php) page or by
|
||||
reading further below.
|
||||
|
||||
## Verification
|
||||
To verify and retrieve the necessary keys to do so (automatically, if possible):
|
||||
```
|
||||
gpg --auto-key-retrieve --verify sks-keyservers.netCA.pem.asc sks-keyservers.netCA.pem
|
||||
```
|
||||
|
||||
The output received was as follows:
|
||||
The expected output:
|
||||
```
|
||||
gpg: Signature made Wed 30 Mar 2016 11:06:29 AM EDT
|
||||
gpg: using RSA key 250B7AFED6379D85
|
||||
@@ -59,8 +76,12 @@ Primary key fingerprint: 94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
|
||||
|
||||
## Adding the HKPS Pool CA
|
||||
Once the signature has been verified, the CA can be moved over to
|
||||
`/usr/share/ca-certificates` to add to your CA certificates via `sudo
|
||||
update-ca-trust` (_Arch_) or `sudo update-ca-certificates` (_Debian/Ubuntu_).
|
||||
`/usr/share/ca-certificates` to update the list of trusted CA certificates. Do
|
||||
this via:
|
||||
|
||||
+ `sudo update-ca-trust` (_Arch_)
|
||||
+ `sudo update-ca-certificates` (_Debian/Ubuntu, RHEL_)
|
||||
|
||||
|
||||
{{% admonition tip "CA Path" %}}
|
||||
On my system the full path to the CA certs is:
|
||||
@@ -102,10 +123,11 @@ keyserver-options no-honor-keyserver-url
|
||||
---
|
||||
|
||||
# More Information
|
||||
There is a whole load of information on
|
||||
[OpenPGP Best Practices](https://riseup.net/en/security/message-security/openpgp/best-practices).
|
||||
A few noteworthy points worth exploring:
|
||||
The
|
||||
[OpenPGP Best Practices](https://riseup.net/en/security/message-security/openpgp/best-practices)
|
||||
page is a good resource for finding out more on best practices. A few points
|
||||
worth exploring, that I personally recommend:
|
||||
|
||||
- **Keep an encrypted backup of your secret key**
|
||||
- Have a separate subkey for signing
|
||||
- Keep an encrypted backup of your secret key
|
||||
- Keep your primary key entirely offline
|
||||
- Have a separate subkey for signing
|
||||
|
||||
Reference in New Issue
Block a user