From a948f95492b6888b0fcb499f84a49c8aeedda34d Mon Sep 17 00:00:00 2001 From: Brandon Rozek Date: Sat, 11 Apr 2020 20:12:26 -0400 Subject: [PATCH] New Posts --- content/blog/gpgkeygen.md | 98 ++++++++++++++++++++++++++++++++++ content/blog/signingcommits.md | 53 ++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 content/blog/gpgkeygen.md create mode 100644 content/blog/signingcommits.md diff --git a/content/blog/gpgkeygen.md b/content/blog/gpgkeygen.md new file mode 100644 index 0000000..aa57e7b --- /dev/null +++ b/content/blog/gpgkeygen.md @@ -0,0 +1,98 @@ +--- +title: "GPG Keygen" +date: 2020-04-11T19:35:05-04:00 +draft: false +tags: ["gpg"] +--- + +GPG keys have a variety of different uses from sending encrypted emails to verifying git commits. Here I'll show how easy it is to create a public/private key-pair. Assuming you have the `gpg` client installed. + +Type the following command + +```bash +gpg --full-gen-key +``` + +This will then show + +``` +gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +``` + +I selected the default option. + +``` +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (3072) 4096 +Requested keysize is 4096 bits +``` + +I went for the highest available option. + +``` +Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) 1y +``` + +It's highly recommended that you set an expiration date. I usually set it for around 1-3 years. + +``` +Key expires at Mon 11 Apr 2021 06:42:01 PM EDT +Is this correct? (y/N) y +``` + +Quick sanity check. + +``` +GnuPG needs to construct a user ID to identify your key. + +Real name: Brandon Rozek +Email address: +Comment: Git + +``` + +All the fields are optional. Fill them in as you wish. + +``` +You selected this USER-ID: + "Brandon Rozek (Git)" +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +``` + +More sanity checks. + +``` +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. +``` + +Do as it says, start going crazy. + +``` +gpg: key IFMWDHXYSKTICHSE marked as ultimately trusted +public and secret key created and signed. + +pub rsa4096 2020-04-11 [SC] [expires: 2021-04-11] + FDMGHVYEIWPDKVT83ICUZOEKSLFIVYQALKZMNTYR +uid Brandon Rozek (Git) +sub rsa4096 2020-04-11 [E] [expires: 2021-04-11] +``` + +Congratulations, you now have a GPG key set. \ No newline at end of file diff --git a/content/blog/signingcommits.md b/content/blog/signingcommits.md new file mode 100644 index 0000000..16f23c0 --- /dev/null +++ b/content/blog/signingcommits.md @@ -0,0 +1,53 @@ +--- +title: "Signing Commits" +date: 2020-04-11T19:59:41-04:00 +draft: false +tags: ["git", "gpg"] +--- + +Git and their various hosting platforms support commit signing as an additional step of verification. There seems to be an active debate on whether it should be used regularly, though I'll describe it on here in case you want to set it up. + +You'll need to have a [GPG key already created](https://brandonrozek.com/blog/gpgkeygen). + +First locate the key you want to sign with + +```bash +gpg --list-secret-keys --keyid-format SHORT +``` + +This will output something like +``` +/home/user/.gnupg/pubring.kbx +------------------------------ +sec rsa4096/8294756F 2020-04-11 [SC] [expires: 2021-04-11] + KDIAUBEUX837DIU79YHDKAPOEMNCD7123FDAPOI +uid [ultimate] Brandon Rozek (Git) +ssb rsa4096/9582109R 2020-04-11 [E] [expires: 2021-04-11] +``` + +Copy the string starting with "KDI..". This will be your *fingerprint*. + +Now tell git the key you want to sign with + +```bash +git config --global user.signingkey $FINGERPRINT +``` + +To sign a commit, add a `-S` flag + +```bash +git commit -S -m "Initial Commit" +``` + +To always sign your commits + +```bash +git config --global commit.gpgsign true +``` + +Remember to add your public key to Github, Gitlab, etc. You can get it by + +```bash +gpg --armor --export $FINGERPRINT +``` +