From 4c61c00bff9bb3270ac5da1995d64c5ef415ed86 Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Tue, 20 Sep 2016 23:37:06 +0100 Subject: moved tool config from core --- tools/conf/etc/skel/.gnupg/gpg.conf | 141 ++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 tools/conf/etc/skel/.gnupg/gpg.conf (limited to 'tools/conf/etc/skel/.gnupg') diff --git a/tools/conf/etc/skel/.gnupg/gpg.conf b/tools/conf/etc/skel/.gnupg/gpg.conf new file mode 100644 index 0000000..20eed65 --- /dev/null +++ b/tools/conf/etc/skel/.gnupg/gpg.conf @@ -0,0 +1,141 @@ +# These first three lines are not copied to the gpg.conf file in +# the users home directory. +# $Id$ +# Options for GnuPG +# Copyright 1998-2003, 2010 Free Software Foundation, Inc. +# Copyright 1998-2003, 2010 Werner Koch +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Unless you specify which option file to use (with the command line +# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf +# by default. +# +# An options file can contain any long options which are available in +# GnuPG. If the first non white space character of a line is a '#', +# this line is ignored. Empty lines are also ignored. +# +# See the gpg man page for a list of options. + + +# If you have more than 1 secret key in your keyring, you may want to +# uncomment the following option and set your preferred keyid. + +#default-key 621CC013 + + +# If you do not pass a recipient to gpg, it will ask for one. Using +# this option you can encrypt to a default key. Key validation will +# not be done in this case. The second form uses the default key as +# default recipient. + +#default-recipient some-user-id +#default-recipient-self + + +# Group names may be defined like this: +# group mynames = paige 0x12345678 joe patti +# +# Any time "mynames" is a recipient (-r or --recipient), it will be +# expanded to the names "paige", "joe", and "patti", and the key ID +# "0x12345678". Note there is only one level of expansion - you +# cannot make an group that points to another group. Note also that +# if there are spaces in the recipient name, this will appear as two +# recipients. In these cases it is better to use the key ID. + +#group mynames = paige 0x12345678 joe patti + + +# GnuPG can automatically locate and retrieve keys as needed using +# this option. This happens when encrypting to an email address (in +# the "user@@example.com" form) and there are no keys matching +# "user@example.com" in the local keyring. This option takes any +# number mechanisms which are tried in the given order. The default +# is "--auto-key-locate local" to search for keys only in the local +# key database. Uncomment the next line to locate a missing key using +# two DNS based mechanisms. + +#auto-key-locate local,pka,dane + + +# Common options for keyserver functions: +# (Note that the --keyserver option has been moved to dirmngr.conf) +# +# include-disabled = when searching, include keys marked as "disabled" +# on the keyserver (not all keyservers support this). +# +# no-include-revoked = when searching, do not include keys marked as +# "revoked" on the keyserver. +# +# verbose = show more information as the keys are fetched. +# Can be used more than once to increase the amount +# of information shown. +# +# auto-key-retrieve = automatically fetch keys as needed from the keyserver +# when verifying signatures or when importing keys that +# have been revoked by a revocation key that is not +# present on the keyring. +# +# no-include-attributes = do not include attribute IDs (aka "photo IDs") +# when sending keys to the keyserver. + +keyserver-options auto-key-retrieve +#keyserver wwwkeys.pgp.net +#keyserver search.keyserver.net +keyserver pgp.mit.edu + +# Uncomment this line to display photo user IDs in key listings and +# when a signature from a key with a photo is verified. + +#show-photos + + +# Use this program to display photo user IDs +# +# %i is expanded to a temporary file that contains the photo. +# %I is the same as %i, but the file isn't deleted afterwards by GnuPG. +# %k is expanded to the key ID of the key. +# %K is expanded to the long OpenPGP key ID of the key. +# %t is expanded to the extension of the image (e.g. "jpg"). +# %T is expanded to the MIME type of the image (e.g. "image/jpeg"). +# %f is expanded to the fingerprint of the key. +# %% is %, of course. +# +# If %i or %I are not present, then the photo is supplied to the +# viewer on standard input. If your platform supports it, standard +# input is the best way to do this as it avoids the time and effort in +# generating and then cleaning up a secure temp file. +# +# The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" +# On Mac OS X and Windows, the default is to use your regular JPEG image +# viewer. +# +# Some other viewers: +# photo-viewer "qiv %i" +# photo-viewer "ee %i" +# photo-viewer "display -title 'KeyID 0x%k'" +# +# This one saves a copy of the photo ID in your home directory: +# photo-viewer "cat > ~/photoid-for-key-%k.%t" +# +# Use your MIME handler to view photos: +# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" + + +# Because some mailers change lines starting with "From " to ">From " +# it is good to handle such lines in a special way when creating +# cleartext signatures; all other PGP versions do it this way too. +# To enable full OpenPGP compliance you may want to use this option. + +#no-escape-from-lines + + +# Uncomment the following option to get rid of the copyright notice + +#no-greeting -- cgit 1.4.1-2-gfad0 From 4e82f44d66bbbc2f5891dcbc17e272b81079b9cb Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Wed, 21 Sep 2016 06:36:46 +0100 Subject: gpg revision --- tools/conf/etc/skel/.gnupg/gpg.conf | 9 +--- tools/gnupg.html | 105 ++++++++++++++++++------------------ 2 files changed, 56 insertions(+), 58 deletions(-) (limited to 'tools/conf/etc/skel/.gnupg') diff --git a/tools/conf/etc/skel/.gnupg/gpg.conf b/tools/conf/etc/skel/.gnupg/gpg.conf index 20eed65..48edc58 100644 --- a/tools/conf/etc/skel/.gnupg/gpg.conf +++ b/tools/conf/etc/skel/.gnupg/gpg.conf @@ -1,6 +1,3 @@ -# These first three lines are not copied to the gpg.conf file in -# the users home directory. -# $Id$ # Options for GnuPG # Copyright 1998-2003, 2010 Free Software Foundation, Inc. # Copyright 1998-2003, 2010 Werner Koch @@ -85,10 +82,8 @@ # no-include-attributes = do not include attribute IDs (aka "photo IDs") # when sending keys to the keyserver. -keyserver-options auto-key-retrieve -#keyserver wwwkeys.pgp.net -#keyserver search.keyserver.net -keyserver pgp.mit.edu +#keyserver-options auto-key-retrieve + # Uncomment this line to display photo user IDs in key listings and # when a signature from a key with a photo is verified. diff --git a/tools/gnupg.html b/tools/gnupg.html index 61bfaba..f3feed1 100644 --- a/tools/gnupg.html +++ b/tools/gnupg.html @@ -10,6 +10,7 @@

GnuPG

+

1. Install

Install gnupg;

@@ -24,34 +25,7 @@
         $ sudo cp /usr/share/gnupg/gpg-conf.skel /etc/skel/.gnupg/gpg.conf
-

Configure GnuPG to automatically fetch public keys, - uncomment following line to ~/.gnupg/gpg.conf;

- - 
-        keyserver-options auto-key-retrieve
-
- -

And add a server, in this example wwwkeys.pgp.net;

- - 
-        # keyserver wwwkeys.pgp.net
-        # keyserver search.keyserver.net
-        keyserver pgp.mit.edu
-
- -

Test your configuration as described by Justin R. Miller Mutt Gnupg Howto;

- - 
-        $ gpg --recv-keys 0xC9C40C31
-
- -

Confirm;

- - 
-        gpg --list-keys justin
-
- -

1. Generate keys

+

2. Generate keys

Options for creating a DSA and ElGamal key;

@@ -83,26 +57,25 @@ (4) RSA (sign only) Your selection? 2 DSA keys may be between 1024 and 3072 bits long. - What keysize do you want? (2048) 2049 - Requested keysize is 2049 bits - rounded up to 2112 bits + What keysize do you want? (2048) 2048 + Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years - Key is valid for? (0) 1y + Key is valid for? (0) 6m Key expires at Tue May 30 20:29:36 2017 WEST Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: User Name - Email address: user@external.org + Email address: user@core.privat-server.net Comment: user at external dot org You selected this USER-ID: - "User Name (user at external dot org) <user@external.org>" + "User Name (user at core) <user@core.privat-server.net>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O @@ -123,7 +96,7 @@ /home/droid/.gnupg/pubring.kbx ------------------------------ pub dsa3072/EE29B7D3 2016-05-30 [SC] [expires: 2017-05-30] - uid [ultimate] User Name (user at external dot org) <user@external.org> + uid [ultimate] User Name (user at core ) <user@core.privat-server.net> sub elg2112/9BC2DC12 2016-05-30 [E] [expires: 2017-05-30] @@ -133,7 +106,7 @@ export GPGKEY=0xEE29B7D3 -

2. Key Management

+

3. Key Management

Key Management;

@@ -146,7 +119,7 @@ $ gpg --edit-key UID -

2.1 Edit key

+

3.1 Edit key

         $ gpg --edit-key KEYID
@@ -162,9 +135,9 @@
         save
-

3. Export and import keys

+

4. Export and import keys

-

3.1. Export Key

+

4.1. Export Key

Public keys can be exported in binary format or ASCII-armored format. To export binary format;

@@ -185,14 +158,14 @@

3.2. Export to keyserver

-

The primary public key's ID is referenced in the pub +

The primary public key's ID is referenced in the pub line after the key size, for example the key created above, the short key ID is EE29B7D3: 

         gpg --keyserver search.keyserver.net --send-key EE29B7D3
-

3.3. Import Key

+

4.3. Import Key

Is very easy to import public keys;

@@ -206,9 +179,39 @@ $ gpg --list-keys -

4. Encrypt, decrypt and signing

+

4.4. Key Servers

-

4.1. Encrypt file

+

Configure GnuPG to automatically fetch public keys, + uncomment following line to ~/.gnupg/gpg.conf;

+ + 
+        keyserver-options auto-key-retrieve
+
+ +

And add a server, in this example wwwkeys.pgp.net;

+ + 
+        keyserver wwwkeys.pgp.net
+        keyserver search.keyserver.net
+        keyserver pgp.mit.edu
+
+ +

Test your configuration as described by Justin R. Miller Mutt Gnupg Howto;

+ + 
+        $ gpg --recv-keys 0xC9C40C31
+
+ +

Confirm;

+ + 
+        gpg --list-keys justin
+
+ + +

5. Encrypt, decrypt and signing

+ +

5.1. Encrypt file

To be abble to decrypt the document we need to include public key in the recipient list;

@@ -220,7 +223,7 @@ index.html -

4.2. Decrypt file

+

5.2. Decrypt file

To decrypt the file;

@@ -228,7 +231,7 @@ $ gpg --output index.html --decrypt index.html.gpg -

4.3. Signing a File

+

5.3. Signing a File

A digital signature certifies and timestamps a document. If the document is subsequently modified in any way, @@ -283,12 +286,12 @@ $ gpg --verify index.html.sig - Systools Index -

This is part of the SysDoc Manual. - Copyright (C) 2016 - Silvino Silva. - See the file Gnu Free Documentation License - for copying conditions.

+ Tools Index +

+ This is part of the c9-doc Manual. + Copyright (C) 2016 + c9 team. + See the file Gnu Free Documentation License for copying conditions.

-- cgit 1.4.1-2-gfad0