GPG
Table of Contents
:ID: 31B93D5D-9659-45CD-BA68-63F19595A0E4
# Setup
# Debian
sudo apt-get install gnupg2 -y
# MacOS
brew install gpt2 gpt-agent pinentry-mac
Create /.gnupg/gpg-agent.conf if it doesn’t exist and add the path to
pinentry-mac. This program will shows a GUI prompt asking for the GPG key
passphrase when needed with the option to add it to the keychain.
pinentry-program /your/path/to/pinentry-mac
Then stop the agent so the next time it is run it will pick up the updated configuration above.
killall gpg-agent
See also https://docs.releng.linuxfoundation.org/en/latest/gpg.html
# Generate keys
Run the following and follow the prompts. Choose a passphrase and don’t forget it.
gpg2 --gen-key
The public and private keys will be generated into the ~/.gnupg dir.
# Renew
Keys will expire after some time, but they can be renewed. Search for how to do this.
# Export
Export keys to import them on to another machine. You might want to list your keys first.
gpg2 --list-keys
# Export public key
gpg2 --export --armor --output pub.asc {{email address}}
# Export private key
gpg2 --export-secret-keys --armor --output priv.asc {{email address}}
Transfer key files to usb drive or transfer to other machine via ssh.
# Import
Import exported keys from another machine
gpg2 --import {{filename}}
# Trust
Configure the trust level of a certain key by opening the interactive editing program.
gpg --edit-key <user@email.com>
At the prompt type edit and select the trust level from the menu.
# Emacs
Uses EasyPG package. See commands prefixed with epa-
To encrypt an org file for example, run epa-encrypt-file. This will use the GPG
key to encrypt the file and add a .gpg extension. After that emacs will
automatically decrypt the file when viewing it and encrypt it when saving edits.
See also https://www.masteringemacs.org/article/keeping-secrets-in-emacs-gnupg-auth-sources
# Git (signed commits)
Follow the github docs on this topic