diff options
| author | xengineering <me@xengineering.eu> | 2026-05-08 18:48:11 +0200 |
|---|---|---|
| committer | xengineering <me@xengineering.eu> | 2026-06-11 19:45:11 +0200 |
| commit | 741b98c3b6569cfbff7c0f9e8f986762f4b1b72d (patch) | |
| tree | 73d8b07dfef1a8825aa8ba96663e4b5d14c0b2fe | |
| parent | 155b488d1bf69f17a73164d867cfdd8d2c67ff8f (diff) | |
| download | website-741b98c3b6569cfbff7c0f9e8f986762f4b1b72d.tar website-741b98c3b6569cfbff7c0f9e8f986762f4b1b72d.tar.zst website-741b98c3b6569cfbff7c0f9e8f986762f4b1b72d.zip | |
articles: Add gpg
| -rw-r--r-- | content/articles/gpg.md | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/content/articles/gpg.md b/content/articles/gpg.md new file mode 100644 index 0000000..7c92736 --- /dev/null +++ b/content/articles/gpg.md @@ -0,0 +1,68 @@ +{ + "title": "GnuPG", + "subtitle": "Digital Security made easy" +} + +#### Introduction + +[GnuPG][1] or `gpg` implements the [OpenPGP][2] standard. + +With this it is possible to secure digital communication by: + +- encryption +- signatures +- authentication + +Assuming a user named John Smith with the mail address john.smith@example.com +`gpg` can be used to generate a primary key for certification of other keys and +signatures based on the ED25519 algorithm which never expires. + +``` +gpg --quick-generate-key "John Smith <john.smith@example.com>" ed25519 cert,sign never +``` + +The output looks similar to the one below. + +``` +gpg: directory '/home/john/.gnupg' created +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. +gpg: /home/john/.gnupg/trustdb.gpg: trustdb created +gpg: directory '/home/john/.gnupg/openpgp-revocs.d' created +gpg: revocation certificate stored as '/home/john/.gnupg/openpgp-revocs.d/2DA27087D0D30BC33EF921134C5E480B970685E2.rev' +public and secret key created and signed. + +pub ed25519 2026-06-11 [SC] + 2DA27087D0D30BC33EF921134C5E480B970685E2 +uid John Smith <john.smith@example.com> +``` + +The fingerprint `2DA27087D0D30BC33EF921134C5E480B970685E2` is needed for the +following commands. + +`gpg` is used to add a sub key for encryption. + +``` +gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 cv25519 encrypt never +``` + +Also an authentication sub key is created with `gpg`. + +``` +gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 ed25519 auth never +``` + +All relevant data is stored in `/home/john/.gnupg` and the private keys can be +listed with `gpg`. + +``` +gpg --list-secret-keys +``` + +See the [Arch Linux wiki][3] for details on how to use GnuPG. + +[1]: https://gnupg.org/ +[2]: https://www.openpgp.org/ +[3]: https://wiki.archlinux.org/title/GnuPG |