# PGP - [PGP](#pgp) - [Searching for Keys](#searching-for-keys) - [GPG](#gpg) - [Generate with GPG](#generate-with-gpg) - [GPG Key Servers](#gpg-key-servers) - [Fedora KDE](#fedora-kde) - [Seahorse](#seahorse) - [Evolution Email](#evolution-email) - [Android](#android) - [OpenKeychain](#openkeychain) - [Fair Email](#fair-email) ## Searching for Keys I publish all my keys to ## GPG ### Generate with GPG ```bash # Make sure you have pinentry installed dnf install pinentry # Generate the key. The defaults should be good enough. gpg --full-generate-key # Verify your key was created gpg --list-keys ``` ### GPG Key Servers Edit `~/.gnupg/gpg.conf` and add `keyserver hkps://keys.openpgp.org` Sync keys with keyserver using `gpg --refresh-keys` Search for a user's key `gpg --auto-key-locate hkps://keys.openpgp.org --locate-keys git@ducoterra.net` Export your public key with `gpg --export -a 'git@ducoterra.net' > keys/git_ducoterra_net.pub` Inspect a public key with `gpg --show-key keys/git_ducoterra_net.pub` You can upload a key with `gpg --keyserver https://keys.openpgp.org --send-keys 7FC1B2970...` but the email won't be associated with it. Use the [upload page](https://keys.openpgp.org/upload) and upload the key file generated above instaed. You'll need to verify your email after upload for it to be searchable. ## Fedora KDE ### Seahorse Taken from 1. Launch Seahorse. It should be installed by default. 2. Select GnuPG keys. 3. Select the + sign to create a new key. 4. Select PGP Key. 5. Enter your email and the name you would like to be associated with the key. This doesn’t need to be your real name. 6. Select advanced options. 7. Encryption type should be RSA. 8. Key strength should be 3072. 9. Expiration date should be within less then two years. You can always extend the key expiration as long as you still have access to the key, even after it has expired. Why should I set an expiration -. 10. Enter a strong password that you can remember. If you forget this password, it cannot be recovered and any encrypted data you have using it for, including emails, will be permanently inaccessible. 11. The computer will now generate the key, which may take some time. After this, you will have an OpenPGP key pair that is ready to be used—Great! You can manage the key options, export the public key, change the password, delete and/or revoke the key, and perform other key adjustments through the Seahorse user interface or the command line. 12. Optional: At this point, you can publish your public key to a key server where people can request it remotely to be able to send encrypted data and emails to you. Before you continue, please make sure you have selected a good keyserver. Once you are ready: 1. Select the Key(s) you want to publish. Hold Ctrl and click to select more than one, or press Ctrl+A to select all keys. 2. Navigate to Remote → Sync and Publish Keys… 3. Press the Key Servers button. 4. Publish the keys to any keyserver (select one if the “Sync” button was grayed out in the previous screen); they all synchronize with each other, so your key will be on each one. 5. Recommended: Check the Automatically retrieve keys from key servers but do not check the Automatically synchronize modified keys with key servers check boxes. Instead, please consider using parcimonie. 6. Press the Close button and then the Sync button to synchronize your keys. Your public key is now published on the key servers and is accessible to others! ### Evolution Email ## Android ### OpenKeychain ### Fair Email