gpg explained

Plan for today

  • Brief introduction
  • Managing keys
  • gpg key instead of ssh and gpg-agent instead of ssh-agent
  • hardware tokens

Disclaimer

  • I'm not a security expert.
  • We won't learn how to use tools for encryption/signing/etc today.

Asymmetric cryptography use cases

aka Public-key cryptography.

  • Sign the work (binaries, commits, tags)
  • Encrypt (files, emails, passwords)
  • Authenticate (SSH, Git, VPN)
  • Create and sign other keys

Name confusion and a little history

PGP
a software tool.
OpenPGP
a standard.
gpg or GnuPG
complete and free implementation of OpenPGP.

Is gpg ideal?

GPG key structure and capabilities

key-anatomy1.png

  • Sign
  • Encrypt
  • Authenticate
  • Certify

Managing keys

Generating key and subkeys

Do it in a safe environment.

gpg --expert --full-generate-key
gpg --edit-key
addkey

Where to store keys?

Backing up keys

# Use encrypted flash drive or similiar tool instead of ~/gpg-backup dir
# For more information: https://github.com/drduh/YubiKey-Guide#backup
mkdir ~/gpg-backup
gpg --export-secret-keys > ~/gpg-backup/keys.gpg
gpg --export-secret-subkeys > ~/gpg-backup/subkeys.gpg

Publishing key

  • keyserver
  • web
  • email/etc

Searching for key

gpg --keyserver keyserver.ubuntu.com --search-keys KEYID

Importing keys

Extending expire date

Links