linux: added gpg and links

master
tiyn 1 year ago
parent 4369cd42ca
commit 0146c06ed0

@ -0,0 +1,102 @@
# GPG
[GNU Privacy Guard](https://gnupg.org/) - short GnuPG or just GPG - is a free and open-source
implementation of OpenPGP from [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
It is used to savely encrypt and decrypt messages or files using assymetric encryption.
## Setup
On most linux distributions GPG can be installed with the `gnupg` package.
## Usage
### Generating a Key Pair
A fast way to generate a key pair is by running the following command.
```sh
gpg --generate-key
```
### Backing Up and Exporting Keys
A total backup or the export of all private, public and subkeys can be achieved by running the
following commands.
Replace `<id>` with the identifier of the key that should be backed up.
```
gpg --export --armor <id> > <id>.pub
gpg --export-secret-keys --armor <id> > <id>.prv
gpg --export-secret-subkeys --armor <id> > <id>_priv.asc
gpg --export-ownertrust > ownertrust.txt
```
Especially the first command can be run in individually to export public keys without owning the
private key.
### Import Keys
Keys that have been imported in the way described in
[the previous section](#backing-up-and-exporting-keys) can be imported by the following commands.
Replace `<id>` with the identifier of the key that should be imported.
```sh
gpg --import <id>.pub
gpg --import <id>.priv
gpg --import <id>_priv.asc
gpg --import-ownertrust ownertrust.txt
```
Again the first command can be run individually to import single public keys that are not owned.
Afterwards the following commands can be run to set the ultimate trust level to the key pair.
Caution is advised.
```sh
gpg --edit-key [email protected]
gpg> trust
Your decision? 5
```
### Encrypting Files and Other Messages
A file - in this case named `message.txt` - can be encrypted using the a specific key with the
following command.
Replace `<id>` with the identifier of the key that should encrypt the message.
```sh
gpg -e -r <id> message.txt
```
This command will create a file with the same name as the input file but with an added `.gpg` - in
this case its called `message.txt.gpg`.
### Decrypt Files and Other Messages
A file - in this case named `message.txt.gpg` - can be decrypted with the following command.
```sh
gpg --decrypt message.txt.gpg
```
This command will output the content of the file.
### Restart the GPG Server
The GPG server can be restarted by simply running the following command.
```sh
gpgconf --kill all
```
### Receive a Key and Trust It
If importing a key does not properly work it can be useful to manually receive and trust a key.
This is done by running the following lines:
Caution is advised.
Replace `<id>` with the identifier of the key that should be received and trusted.
```sh
gpg --recv-key <id>
gpg --lsign <id>
```

@ -32,32 +32,22 @@ curl -o /etc/pacman.d/mirrorlist https://archlinux.org/mirrorlist/all/
#### Error While Importing Keys #### Error While Importing Keys
Both `yay` and `pacman` use gpg keys to confirm the package manager gets the Both `yay` and `pacman` use [GPG keys](/wiki/linux/gpg.md).
right package.
It is possible that it runs into errors when importing new keys. It is possible that it runs into errors when importing new keys.
If this happens you should try to restart your gpg key server with If this happens you should try to restart the GPG key server
`gpgconf --kill all`. [as explained in the GPG entry](/wiki/linux/gpg.md#restart-the-gpg-server).
#### Unknown Public Key #### Unknown Public Key
If the error `ERROR: One or more PGP signatures could not be verified!`, you If the error `ERROR: One or more PGP signatures could not be verified!`, you
have to manually receive the key and trust it. have to manually receive the key and trust it.
This is done by running the following lines: This can be done [as explained in the GPG entry](/wiki/linux/gpg.md#receive-a-key-and-trust-it).
```sh The identifier of the key usually gets gets printed in the line above the error looking like
gpg --recv-key <KEYID>
gpg --lsign <KEYID>
```
Where <KEYID> is the placeholder of the identification string of the key.
It usually gets gets printed in the line above the error looking like
`FAILED (unknown public key <KEYID>)`. `FAILED (unknown public key <KEYID>)`.
#### Error During Updating `is marginal trust` #### Error During Updating `is marginal trust`
Both `yay` and `pacman` use gpg keys to confirm the package manager gets the
right package.
It is possible that it runs into errors when importing new keys.
If the error `[...] Key [...] is marginal trust` occurs while updating the If the error `[...] Key [...] is marginal trust` occurs while updating the
system, it can be fixed by running the following commands and then restarting system, it can be fixed by running the following commands and then restarting
the update process of the package manager. the update process of the package manager.

Loading…
Cancel
Save