From 0146c06ed0ff45ae156e77466093391c5d743edb Mon Sep 17 00:00:00 2001
From: tiyn <tiyn@mail-mk.eu>
Date: Wed, 18 Oct 2023 00:09:34 +0200
Subject: [PATCH] linux: added gpg and links

---
 wiki/linux/gpg.md             | 102 ++++++++++++++++++++++++++++++++++
 wiki/linux/package_manager.md |  20 ++-----
 2 files changed, 107 insertions(+), 15 deletions(-)
 create mode 100644 wiki/linux/gpg.md

diff --git a/wiki/linux/gpg.md b/wiki/linux/gpg.md
new file mode 100644
index 0000000..84bf0de
--- /dev/null
+++ b/wiki/linux/gpg.md
@@ -0,0 +1,102 @@
+# GPG
+
+[GNU Privacy Guard](https://gnupg.org/) - short GnuPG or just GPG - is a free and open-source
+implementation of OpenPGP from [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
+It is used to savely encrypt and decrypt messages or files using assymetric encryption.
+
+## Setup
+
+On most linux distributions GPG can be installed with the `gnupg` package.
+
+## Usage
+
+### Generating a Key Pair
+
+A fast way to generate a key pair is by running the following command.
+
+```sh
+gpg --generate-key
+```
+
+### Backing Up and Exporting Keys
+
+A total backup or the export of all private, public and subkeys can be achieved by running the
+following commands.
+Replace `<id>` with the identifier of the key that should be backed up.
+
+```
+gpg --export --armor <id> > <id>.pub
+gpg --export-secret-keys --armor <id> > <id>.prv
+gpg --export-secret-subkeys --armor <id> > <id>_priv.asc
+gpg --export-ownertrust > ownertrust.txt
+```
+
+Especially the first command can be run in individually to export public keys without owning the
+private key.
+
+### Import Keys
+
+Keys that have been imported in the way described in
+[the previous section](#backing-up-and-exporting-keys) can be imported by the following commands.
+Replace `<id>` with the identifier of the key that should be imported.
+
+```sh
+gpg --import <id>.pub
+gpg --import <id>.priv
+gpg --import <id>_priv.asc
+gpg --import-ownertrust ownertrust.txt
+```
+
+Again the first command can be run individually to import single public keys that are not owned.
+
+Afterwards the following commands can be run to set the ultimate trust level to the key pair.
+Caution is advised.
+
+```sh
+gpg --edit-key [email protected]
+gpg> trust
+Your decision? 5
+```
+
+### Encrypting Files and Other Messages
+
+A file - in this case named `message.txt` - can be encrypted using the a specific key with the
+following command.
+Replace `<id>` with the identifier of the key that should encrypt the message.
+
+```sh
+gpg -e -r <id> message.txt
+```
+
+This command will create a file with the same name as the input file but with an added `.gpg` - in
+this case its called `message.txt.gpg`.
+
+### Decrypt Files and Other Messages
+
+A file - in this case named `message.txt.gpg` - can be decrypted with the following command.
+
+```sh
+gpg --decrypt message.txt.gpg
+```
+
+This command will output the content of the file.
+
+### Restart the GPG Server
+
+The GPG server can be restarted by simply running the following command.
+
+```sh
+gpgconf --kill all
+```
+
+### Receive a Key and Trust It
+
+If importing a key does not properly work it can be useful to manually receive and trust a key.
+This is done by running the following lines:
+Caution is advised.
+Replace `<id>` with the identifier of the key that should be received and trusted.
+
+```sh
+gpg --recv-key <id>
+gpg --lsign <id>
+```
diff --git a/wiki/linux/package_manager.md b/wiki/linux/package_manager.md
index 972da06..932503e 100644
--- a/wiki/linux/package_manager.md
+++ b/wiki/linux/package_manager.md
@@ -32,32 +32,22 @@ curl -o /etc/pacman.d/mirrorlist https://archlinux.org/mirrorlist/all/
 
 #### Error While Importing Keys
 
-Both `yay` and `pacman` use gpg keys to confirm the package manager gets the
-right package.
+Both `yay` and `pacman` use [GPG keys](/wiki/linux/gpg.md).
 It is possible that it runs into errors when importing new keys.
-If this happens you should try to restart your gpg key server with
-`gpgconf --kill all`.
+If this happens you should try to restart the GPG key server
+[as explained in the GPG entry](/wiki/linux/gpg.md#restart-the-gpg-server).
 
 #### Unknown Public Key
 
 If the error `ERROR: One or more PGP signatures could not be verified!`, you
 have to manually receive the key and trust it.
-This is done by running the following lines:
+This can be done [as explained in the GPG entry](/wiki/linux/gpg.md#receive-a-key-and-trust-it).
 
-```sh
-gpg --recv-key <KEYID>
-gpg --lsign <KEYID>
-```
-
-Where <KEYID> is the placeholder of the identification string of the key.
-It usually gets gets printed in the line above the error looking like
+The identifier of the key usually gets gets printed in the line above the error looking like
 `FAILED (unknown public key <KEYID>)`.
 
 #### Error During Updating `is marginal trust`
 
-Both `yay` and `pacman` use gpg keys to confirm the package manager gets the
-right package.
-It is possible that it runs into errors when importing new keys.
 If the error `[...] Key [...] is marginal trust` occurs while updating the
 system, it can be fixed by running the following commands and then restarting
 the update process of the package manager.