summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/articles/gpg.md68
1 files changed, 68 insertions, 0 deletions
diff --git a/content/articles/gpg.md b/content/articles/gpg.md
new file mode 100644
index 0000000..7c92736
--- /dev/null
+++ b/content/articles/gpg.md
@@ -0,0 +1,68 @@
+{
+ "title": "GnuPG",
+ "subtitle": "Digital Security made easy"
+}
+
+#### Introduction
+
+[GnuPG][1] or `gpg` implements the [OpenPGP][2] standard.
+
+With this it is possible to secure digital communication by:
+
+- encryption
+- signatures
+- authentication
+
+Assuming a user named John Smith with the mail address john.smith@example.com
+`gpg` can be used to generate a primary key for certification of other keys and
+signatures based on the ED25519 algorithm which never expires.
+
+```
+gpg --quick-generate-key "John Smith <john.smith@example.com>" ed25519 cert,sign never
+```
+
+The output looks similar to the one below.
+
+```
+gpg: directory '/home/john/.gnupg' created
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: /home/john/.gnupg/trustdb.gpg: trustdb created
+gpg: directory '/home/john/.gnupg/openpgp-revocs.d' created
+gpg: revocation certificate stored as '/home/john/.gnupg/openpgp-revocs.d/2DA27087D0D30BC33EF921134C5E480B970685E2.rev'
+public and secret key created and signed.
+
+pub ed25519 2026-06-11 [SC]
+ 2DA27087D0D30BC33EF921134C5E480B970685E2
+uid John Smith <john.smith@example.com>
+```
+
+The fingerprint `2DA27087D0D30BC33EF921134C5E480B970685E2` is needed for the
+following commands.
+
+`gpg` is used to add a sub key for encryption.
+
+```
+gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 cv25519 encrypt never
+```
+
+Also an authentication sub key is created with `gpg`.
+
+```
+gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 ed25519 auth never
+```
+
+All relevant data is stored in `/home/john/.gnupg` and the private keys can be
+listed with `gpg`.
+
+```
+gpg --list-secret-keys
+```
+
+See the [Arch Linux wiki][3] for details on how to use GnuPG.
+
+[1]: https://gnupg.org/
+[2]: https://www.openpgp.org/
+[3]: https://wiki.archlinux.org/title/GnuPG
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-20 21:49:03 +0000