From 58b1e85336e50489c1484a630fa4545679241000 Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastiandebyl@gmail.com>
Date: Sun, 17 Feb 2019 16:46:09 -0500
Subject: [PATCH] Added new post, Makefile include drafts, updated lastmod on
 other posts

---
 Makefile                                   |  2 +-
 content/post/aperture-study.md             |  3 +-
 content/post/archinstall.md                |  4 +-
 content/post/gpg_best_practices_and_git.md | 96 ++++++++++++++++++++++
 content/post/headphone-fix.md              |  3 +-
 content/post/humble-beginnings.md          |  3 +-
 6 files changed, 105 insertions(+), 6 deletions(-)
 create mode 100644 content/post/gpg_best_practices_and_git.md

diff --git a/Makefile b/Makefile
index 8063965..ebfc266 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,7 @@ build:
 	$(DOCKER_RUN) ${DOCKER_IMAGE}
 
 run:
-	$(DOCKER_RUN) ${DOCKER_PORT} ${DOCKER_IMAGE} server --bind=0.0.0.0
+	$(DOCKER_RUN) ${DOCKER_PORT} ${DOCKER_IMAGE} server --bind=0.0.0.0 -D
 
 new:
 	$(DOCKER_RUN) ${DOCKER_IMAGE} new post/$(shell read -p "Post Name (i.e. my_post.md): " pn; echo $$pn)
diff --git a/content/post/aperture-study.md b/content/post/aperture-study.md
index 18f663d..699b6f3 100644
--- a/content/post/aperture-study.md
+++ b/content/post/aperture-study.md
@@ -1,6 +1,7 @@
 ---
 title: "A Study in Aperture"
-date: 2019-01-16T22:32:33-05:00
+date: 2019-01-16
+lastmod: 2019-02-11
 categories: ["Blog"]
 tags: ["photography"]
 ---
diff --git a/content/post/archinstall.md b/content/post/archinstall.md
index 4ca80e8..43242dc 100644
--- a/content/post/archinstall.md
+++ b/content/post/archinstall.md
@@ -1,6 +1,7 @@
 ---
 title: "Installing ArchLinux with Full Disk Encryption (LUKS)"
-date: 2018-12-19T22:35:11-05:00
+date: 2018-12-19
+lastmod: 2019-01-29
 categories: ["Tutorial"]
 tags: ["linux"]
 ---
@@ -138,4 +139,3 @@ The reader may always consult manpages, the [Arch Wiki](https://wiki.archlinux.o
    # unmount -R /mnt
    # reboot
    ```
-
diff --git a/content/post/gpg_best_practices_and_git.md b/content/post/gpg_best_practices_and_git.md
new file mode 100644
index 0000000..47f539a
--- /dev/null
+++ b/content/post/gpg_best_practices_and_git.md
@@ -0,0 +1,96 @@
+---
+title: "GPG Best Practices (and Git)"
+date: 2019-02-17
+lastmod: 2019-02-17
+categories: ["Blog"]
+tags: ["linux"]
+---
+I decided to start signing my Git commits for personal, and work Git
+repositories. Currently, most Git third-party services only support signing
+commits, but _do not_ support signing pushes. Regardless, it would still be
+considered good Currently, most Git third-party services only support **signing
+commits**, but _do not_ support signing pushes. Regardless, it would still be
+considered good practice to start signing commits. practice to start signing
+commits.
+<!--more-->
+That being said, I've added my public key to my
+[GitLab](https://gitlab.com/bdebyl), and set the global config to use my key,
+and sign all of my commits:
+```bash
+git config --global user.signingKey ADAA54FC
+git config --global commit.gpgSign true
+```
+_Note: I am using git version `2.20.1` in the above example._
+
+# Getting Started with OpenPGP
+It is recommended to read through the
+[Getting Started](https://www.gnupg.org/gph/en/manual/c14.html) on the official
+GnuPG website. However, I would **strongly** recommend using the `--full-gen-key`
+option in place of the `--gen-key`. This will allow you to specify additional
+details about your key, such as using a 4096-bit RSA key.
+
+# OpenPGP Keyserver Pool
+In addition to that, there came the addition of using the
+[SKS Keyserver Pool](https://sks-keyservers.net/overview-of-pools.php) for
+sending and receiving keys for OpenPGP. This can be done by obtaining the CA and
+verifying the signature on the
+[HKPS Pool Verification](https://sks-keyservers.net/verify_tls.php) page.
+
+## Verification
+```
+gpg --auto-key-retrieve --verify sks-keyservers.netCA.pem.asc sks-keyservers.netCA.pem
+```
+
+The output received was as follows:
+```
+gpg: Signature made Wed 30 Mar 2016 11:06:29 AM EDT
+gpg:                using RSA key 250B7AFED6379D85
+gpg: key 0B7F8B60E3EDFAE3: 1214 signatures not checked due to missing keys
+gpg: key 0B7F8B60E3EDFAE3: public key "Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>" imported
+gpg: marginals needed: 3  completes needed: 1  trust model: pgp
+    gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
+gpg: Total number processed: 1
+gpg:               imported: 1
+gpg: Good signature from "Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>" [unknown]
+gpg:                 aka "Kristian Fiskerstrand <kf@gnupg.net>" [unknown]
+gpg:                 aka "Kristian Fiskerstrand <k_f@gentoo.org>" [unknown]
+gpg:                 aka "Kristian Fiskerstrand <kf@sumptuouscapital.com>" [unknown]
+gpg: Note: This key has expired!
+Primary key fingerprint: 94CB AFDD 3034 5109 5618  35AA 0B7F 8B60 E3ED FAE3
+     Subkey fingerprint: B4EA D120 C7F8 9A4A EA47  2707 250B 7AFE D637 9D85
+```
+
+## Adding the HKPS Pool CA
+Once the signature has been verified, the CA can be moved over to
+`/usr/share/ca-certificates` to add to your CA certificates via `sudo
+update-ca-trust` (_Arch_) or `sudo update-ca-certificates` (_Debian/Ubuntu_).
+
+Lastly, the following parameters should be added to your `~/.gnupg/gpg.conf`:
+```
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem
+```
+{{% admonition info "CA Path" %}}
+On my setup, the full path to the CA certs is:
+
+`/etc/ca-certificates/extracted/cadir/sks-keyservers.net_CA.pem`
+{{% /admonition %}}
+
+## *Optional* - Ensure keys refreshed through keyserver
+To ensure no keys are pulled from insecure sources, or that an attacked would
+not be able to designate a keyserver they control, it is recommended to add the
+following additional parameter to the above `gpg.conf` file:
+```
+keyserver-options no-honor-keyserver-url
+```
+
+---
+
+# More Information
+There is a whole load of information on
+[OpenPGP Best Practices](https://riseup.net/en/security/message-security/openpgp/best-practices).
+A few noteworthy points worth exploring:
+
+- **Keep an encrypted backup of your secret key**
+- Have a separate subkey for signing
+- Keep your primary key entirely offline
diff --git a/content/post/headphone-fix.md b/content/post/headphone-fix.md
index 7563e9b..7ab1d60 100644
--- a/content/post/headphone-fix.md
+++ b/content/post/headphone-fix.md
@@ -1,6 +1,7 @@
 ---
 title: "Make Your Ears Bern"
-date: 2018-01-11T04:26:57+01:00
+date: 2018-01-11
+lastmod: 2019-01-16
 categories: ["Blog"]
 tags: ["electronics"]
 ---
diff --git a/content/post/humble-beginnings.md b/content/post/humble-beginnings.md
index b652461..3d63608 100644
--- a/content/post/humble-beginnings.md
+++ b/content/post/humble-beginnings.md
@@ -1,6 +1,7 @@
 ---
 title: "Humble Beginnings"
-date: 2017-12-21T01:42:57-05:00
+date: 2017-12-21
+lastmod: 2019-01-16
 categories: ["Blog"]
 tags: ["code"]
 ---