Collaborate Disseminate
tldr: should the level of security measures applied to a GPG private key depend on the use case, or should it always be kept strictly protected?
I started using GPG a few years ago, I’m reasonably comfortable with the technical part but I’… Continue reading Should a GPG private key always be strictly protected?
Is pass a real alternative to Keepass in terms of security?
While Keepass has its own built-in encryption, pass relies on GPG to secure your passwords. GPG is obviously recognized as providing excellent security for transferring data over … Continue reading How secure is pass compared to Keepass?
I have created a GPG key and uploaded it to pgp.mit.edu. Then I accidentally wiped the drive that contained both the key and the revocation certificate. So what to do now?
I found a possible answer here. But how would I do this?
And yes, t… Continue reading Lost GPG private key and revocation certificate
I am new to GPG so I may be going about this all wrong. I have some files I would like to encrypt symmetrically using AES256, but I want to sign them with my GPG key. I need to automate this process however so I’m using –batch and I pas… Continue reading How to pass both passphrase and password in GPG signed symmetric encryption?
I am trying to sign a Python file using the following:
gpg –sign –output ./ulagen.py.sig ./ulagen.py
When I verify the signature using gpg –verify ./ulagen.py.sig, I get the following error:
gpg: WARNING: not a detached signature; file… Continue reading How to fix "WARNING: not a detached signature"?
I have 4 emails that I use and a Github account. Should I use the same key for all of them? Or should I make separate keys? Or should I make sub-keys?
Thanks,
Owen
I have a GPG key that I use for GitHub only. But now I want to replace it with a different key I have. How would I delete this old key? Is it as simple as just deleting it? Or do I have to revoke it first?
I am doing some unattended key generation using –quick-gen-key and –quick-add-key. I am not clear if the user-id mentioned in the man page offers a way to include a comment:
–quick-generate-key user-id [algo [usage [expire]]]
Two questions on signatures.
I am trying to understand the various types of "trust signature". The man page says, "For more information please read the sections “Trust Signature” and “Regular Expression” in RFC-4880."… Continue reading Validity, Owner Trust, Trust Signatures & Certification Level
I’m trying to figure out how to cross-sign two keys. One reference says we should use:
gpg –local-user 0xfedcba98 –edit 0x76543210 sign
gpg –local-user 0x76543210 –edit 0xfedcba98 sign
That’s an old reference, so I assume we should b… Continue reading gpg: How do we Cross-Sign Keys? (–default-key vs. –local-user)