homelab/active/software_gpg/gpg.md

GPG

• GPG
  • Searching for GPG Keys
  • Generate GPG Keys
  • Renewing GPG Keys
  • Export GPG Keys
  • GPG Key Servers
  • Using GPG keys
  • Linux Apps
    • Evolution Email
  • Android Apps
    • OpenKeychain
    • Fair Email
  • Troubleshooting

Searching for GPG Keys

I publish all my keys to https://keys.openpgp.org

# Search for an arbitrary user's key
gpg --auto-key-locate hkps://keys.openpgp.org --locate-keys <email>

Generate GPG Keys

# Make sure you have pinentry installed
dnf install pinentry

# Generate the key. The defaults should be good enough.
gpg --full-generate-key

# Verify your key was created
gpg --list-secret-keys

# Edit a key in your keyring
gpg --edit-key <id>

Renewing GPG Keys

You should set an expiration for your keys. You can extend that expiration (or set it on existing keys) with:

# Note 2y == "expire 2 years from now"
# You can also set '0' for no expiration or use 'd' days and 'w' for weeks
gpg --quick-set-expire <key id> 2y

# Don't forget to republish your keys with new expirations
gpg --keyserver https://keys.openpgp.org --send-keys <key id>

Export GPG Keys

# Export your public key in ascii format
gpg --export -a 'git@ducoterra.net' > keys/git_ducoterra_net.pub

# Export your private key
gpg --export-secret-keys -a 'git@ducoterra.net' > git_ducoterra_net.key

GPG Key Servers

Edit ~/.gnupg/gpg.conf and add keyserver hkps://keys.openpgp.org

# Sync keys with keyserver
gpg --refresh-keys

# Search for a user's key
gpg --auto-key-locate hkps://keys.openpgp.org --locate-keys git@ducoterra.net

# Export your public key
gpg --export -a 'git@ducoterra.net' > keys/git_ducoterra_net.pub

# Inspect a public key with
gpg --show-key keys/git_ducoterra_net.pub

# Upload a key to a keyserver
# NOTE: if you upload your key to keys.openpgp.org with this command, the email
# won't be searchable. You'll need to Use the upload page
# (https://keys.openpgp.org/upload) and upload the key file generated above
# instaed. You'll need to verify your email after upload for it to be searchable.
gpg --keyserver https://keys.openpgp.org --send-keys <key id>

Using GPG keys

Linux Apps

Evolution Email

1. Edit -> Preferences -> Double click the account with a GPG key -> Security -> OpenPGP Key ID
2. Always sign outgoing messages
3. Advanced Options -> Always trust keys in my keyring when encrypting

Android Apps

OpenKeychain

Fair Email

Troubleshooting

"error receiving key from agent: No such file or directory - skipped"

"error obtaining lock... process is in use by..."

In general, the easiest way to fix gpg problems is by killing and restarting the agent.

gpgconf --kill gpg-agent
gpgconf --reload gpg-agent