Collaborate Disseminate
The primary secret key should be stored offline and only be used for creating/signing keys.
There will be at least two secret keys: one primary key or subkey for signing, and one subkey for encryption; there might be a third key for author… Continue reading Which PGP fingerprint to share/publish as my digital identity?
Can we be sure that a cleartext message that becomes encrypted by pgp or openpgp which is intended for one-or-more specific recipients doesn’t also get secretly decipherable by a third party? Since i understand we can target multiple recip… Continue reading Can secret recipients be included in PGP cryptography
I am unable to identify certain public keys on my keyring because the key owner generated their public key using a UID that contained no identifiable information. For instance they’re completely lacking of an identifying email address tha… Continue reading Using GPG is there a way to label public keys on my OpenPGP keyring?
My YubiKey stores my OpenPGP subkeys for signing, encryption and authentication with SSH, emails, code signing, etc. However, it also implements WebAuthn (not all sites enforce PIN checks), PIV and TOTP.
Anyone with the device can simply p… Continue reading How do I hide OpenPGP key fingerprints from smartcard info (specifically YubiKey)?
I’ve recently been enjoying using my YubiKey to authenticate SSH via GPG Agent, TOTPs, and encrypting emails. However, I realised if I were to attend, say, a key signing party, that since the public key URL (as well as the fingerprint) is … Continue reading How to prevent my identity being revealed in the event my YubiKey is stolen?
I want to use a Telegram username instead of an email address in a PGP key.
Is there an agreed upon standard for doing this? Do you know a software or service which acts as a bridge to connect a PGP email address to a Telegram account?
How do you create a private-key/public-key pair without the public key’s information in the private key? So you should basically not be able to extract the public key from the private key. The private key should contain the bare minimum.
I… Continue reading Create "bare" pgp private key / Make private key without being able to generate the public key from it
Assuming I want to use different mail addresses for different purposes and using either a catch-all configuration (*@example.com) or mail extensions (e.g. me+*@example.com) (where * can be replaced with anything). But for simplicity and be… Continue reading Best practices for GPG user ids and mail extensions / catch-all addresses
Since, I am new to gpg I wanted to generate a key pair. So I typed gpg –full-gen-key and inputted the following:
root@kali-linux:~# gpg –full-gen-key
gpg (GnuPG) 2.2.35; Copyright (C) 2022 g10 Code GmbH
This is free software: you are fre… Continue reading How to fix import private key in GPG?
I have few doubts about PGP and RSA. I am really new about all this encryption stuff.
I understand that PGP uses RSA keys, right? And the keys generated by RSA is something like this(public and private):
< RSAKeyValue>
< Modulus&g… Continue reading What is PGP and RSA