add gpg notes and gpg public keys

active/security_pgp/pgp.md

@@ -2,6 +2,9 @@
 
 - [PGP](#pgp)
   - [Searching for Keys](#searching-for-keys)
+  - [GPG](#gpg)
+    - [Generate with GPG](#generate-with-gpg)
+    - [GPG Key Servers](#gpg-key-servers)
   - [Fedora KDE](#fedora-kde)
     - [Seahorse](#seahorse)
     - [Evolution Email](#evolution-email)
@@ -13,6 +16,38 @@
 
 I publish all my keys to <https://keys.openpgp.org>
 
+## GPG
+
+### Generate with GPG
+
+```bash
+# Make sure you have pinentry installed
+dnf install pinentry
+
+# Generate the key. The defaults should be good enough.
+gpg --full-generate-key
+
+# Verify your key was created
+gpg --list-keys
+```
+
+### GPG Key Servers
+
+Edit `~/.gnupg/gpg.conf` and add `keyserver hkps://keys.openpgp.org`
+
+Sync keys with keyserver using `gpg --refresh-keys`
+
+Search for a user's key `gpg --auto-key-locate hkps://keys.openpgp.org --locate-keys git@ducoterra.net`
+
+Export your public key with `gpg --export -a 'git@ducoterra.net' > keys/git_ducoterra_net.pub`
+
+Inspect a public key with `gpg --show-key keys/git_ducoterra_net.pub`
+
+You can upload a key with `gpg --keyserver https://keys.openpgp.org --send-keys
+7FC1B2970...` but the email won't be associated with it. Use the [upload
+page](https://keys.openpgp.org/upload) and upload the key file generated above
+instaed. You'll need to verify your email after upload for it to be searchable.
+
 ## Fedora KDE
 
 ### Seahorse