GPG Guide

[aceforeverd]

Summary

This is a tutorial in order to help following gpg commit convention in 4paradigm/rfcs

What is gpg

According to the official website:

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).

Install

• mac: brew install gnupg
• Linux: install gnupg from your package manager

Basic Config

gnupg's default locate at $HOME/.gnupg, you may generate some default config via

 addgnupghome username

you may interest in the file ~/.gnupg/gpg.conf, ~/.gnupg/gpg-agent.conf

Generate GPG Key

run:

gpg --full-generate-key

follow the instruction and offer your name, email and expire date, default option should be fine.

note the email you provided must be one GitHub knows, checkout your emails in settings/email

you can check your gpg key via:

gpg --list-secret-keys

Export public key

run:

gpg --export --armor user-id

user-id can be your email or key fingerprint

Enable GPG in GitHub

go to settings > SSH and GPG Keys, copy the public key context and add to gpg keys section.
You may like GitHub's GPG Tutorial

Enforce GPG Sign in Git

run

git config --global commit.gpgsign true

If you have multiple keys, you can specify the sign key via

git config --global user.signingkey <key fingerprint>

try git commit in your code and push, GitHub should know you :)

Send/Receive Keys

One important usage of GPG is the web of trust. You can export you key to gpg servers, then everybody on web can receive your public key without contact directly

to share:

gpg --send-keys key-id

to receive:

gpg --recv-keys key-id

you can pass the extra --keyserver <server address> to send/receive key to/from that key server.

Share your key :-)

aceforeverd: CE4AA0AE5B7E8112

Upcomming

• use gpg sign and verify file
• gpg agent
• and more

Some References

• https://wiki.archlinux.org/index.php/GnuPG
• https://gnupg.org

[jingchen2222]

Chen22: 5EAE89C255C79CC0

[aceforeverd]

Should send key to a key server first.

gpg -send-keys user-id

then I can find the key via

gpg --recv-keys user-id

[imotai]

imotai:FD3082168701BC57

[imotai]

[jingchen2222]

Should send key to a key server first.

gpg -send-keys user-id

then I can find the key via

gpg --recv-keys user-id

Pls check again.

[vagetablechicken]

HuangWei:C62D6D74980BC645

[aceforeverd]

for those who has problem still, maybe checkout external resource like
https://gist.github.com/troyfontaine/18c9146295168ee9ca2b30c00bd1b41e