move pgp to gpg and add export and expiration notes

2025-10-20 12:18:49 -04:00
parent e0adee5362
commit cf0a7373d4
2 changed files with 119 additions and 103 deletions
--- a/active/software_gpg/gpg.md
+++ b/active/software_gpg/gpg.md
@@ -0,0 +1,119 @@
+# GPG
+
+- [GPG](#gpg)
+  - [Searching for GPG Keys](#searching-for-gpg-keys)
+  - [Generate GPG Keys](#generate-gpg-keys)
+  - [Renewing GPG Keys](#renewing-gpg-keys)
+  - [Export GPG Keys](#export-gpg-keys)
+  - [GPG Key Servers](#gpg-key-servers)
+  - [Using GPG keys](#using-gpg-keys)
+  - [Linux Apps](#linux-apps)
+    - [Evolution Email](#evolution-email)
+  - [Android Apps](#android-apps)
+    - [OpenKeychain](#openkeychain)
+    - [Fair Email](#fair-email)
+  - [Troubleshooting](#troubleshooting)
+
+## Searching for GPG Keys
+
+I publish all my keys to <https://keys.openpgp.org>
+
+```bash
+# Search for an arbitrary user's key
+gpg --auto-key-locate hkps://keys.openpgp.org --locate-keys <email>
+```
+
+## Generate GPG Keys
+
+```bash
+# Make sure you have pinentry installed
+dnf install pinentry
+
+# Generate the key. The defaults should be good enough.
+gpg --full-generate-key
+
+# Verify your key was created
+gpg --list-secret-keys
+
+# Edit a key in your keyring
+gpg --edit-key <id>
+```
+
+## Renewing GPG Keys
+
+You should set an expiration for your keys. You can extend that expiration (or
+set it on existing keys) with:
+
+```bash
+# Note 2y == "expire 2 years from now"
+# You can also set '0' for no expiration or use 'd' days and 'w' for weeks
+gpg --quick-set-expire <key id> 2y
+
+# Don't forget to republish your keys with new expirations
+gpg --keyserver https://keys.openpgp.org --send-keys <key id>
+```
+
+## Export GPG Keys
+
+```bash
+# Export your public key in ascii format
+gpg --export -a 'git@ducoterra.net' > keys/git_ducoterra_net.pub
+
+# Export your private key
+gpg --export-secret-keys -a 'git@ducoterra.net' > git_ducoterra_net.key
+```
+
+## GPG Key Servers
+
+Edit `~/.gnupg/gpg.conf` and add `keyserver hkps://keys.openpgp.org`
+
+```bash
+# Sync keys with keyserver
+gpg --refresh-keys
+
+# Search for a user's key
+gpg --auto-key-locate hkps://keys.openpgp.org --locate-keys git@ducoterra.net
+
+# Export your public key
+gpg --export -a 'git@ducoterra.net' > keys/git_ducoterra_net.pub
+
+# Inspect a public key with
+gpg --show-key keys/git_ducoterra_net.pub
+
+# Upload a key to a keyserver
+# NOTE: if you upload your key to keys.openpgp.org with this command, the email
+# won't be searchable. You'll need to Use the upload page
+# (https://keys.openpgp.org/upload) and upload the key file generated above
+# instaed. You'll need to verify your email after upload for it to be searchable.
+gpg --keyserver https://keys.openpgp.org --send-keys <key id>
+```
+
+## Using GPG keys
+
+## Linux Apps
+
+### Evolution Email
+
+1. Edit -> Preferences -> Double click the account with a GPG key -> Security ->
+OpenPGP Key ID
+2. Always sign outgoing messages
+3. Advanced Options -> Always trust keys in my keyring when encrypting
+
+## Android Apps
+
+### OpenKeychain
+
+### Fair Email
+
+## Troubleshooting
+
+"error receiving key from agent: No such file or directory - skipped"
+
+"error obtaining lock... process is in use by..."
+
+In general, the easiest way to fix gpg problems is by killing and restarting the agent.
+
+```bash
+gpgconf --kill gpg-agent
+gpgconf --reload gpg-agent
+```