Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
GnuPG 2.1 best practices review #451
This is a meta-issue to regroup issues surrounding a formal review of the GnuPG best practices after the publication of the GnuPG 2.1 release, which includes some of the recommendations from the document.
added a commit
Sep 7, 2017
This was referenced
Sep 7, 2017
referenced this issue
Feb 13, 2018
Phew, I'm glad that I found this ticket.
I think the best practices guide should either target only modern GnuPG (>2.1) or be split into two - modern and legacy.
Currently it's hard to navigate and a lot of stuff is obsolete in modern gpg (
There is also stuff that I think is worth adding (for example setting up Web Key Directory on own domain allows easy and secure key discovery using e-mail addresses).
added a commit
Jul 9, 2018
Hello, thank you for the wonderful guide! I was able to follow every part of the guide, but I'm failing to publish my key to a key server.
I believe this is because
Another weird thing is that https://sks-keyservers.net/sks-keyservers.netCA.pem does not seem to download a file by default. What I did was I right-clicked that link and selected "Save Link As..." Then I was able to save a file called
Hi @DamianRivas, thanks for the feedback! We can only help if we know what you tried in combination with the output of for example 'gpg --send-keys keyIDs'. Also this is not a good place to give user support, at best try the [gpg-users list](http://lists.gnupg.org/mailman/listinfo/gnupg-users) or the [webchat](https://webchat.freenode.net/?channels=#gnupg) for #gnupg.
I believe this is because `gnupg-curl` doesn't seem to exist anymore. Are there any known alternatives? I'm on Ubuntu 18.04.
See above, since version 2.1 gpg uses dirmngr to handle interactions with keyservers as explained in latest changes to the guide (#523).
Another weird thing is that https://sks-keyservers.net/sks-keyservers.netCA.pem does not seem to download a file by default. What I did was I right-clicked that link and selected "Save Link As..." Then I was able to save a file called `sks-keyservers.netCA.pem`. Is this acceptable?
Isn't this what you wanted? You are lucky, modern firefox shows a dialog to trust a new Certificate Authority when opening a .pem file instead. Sorry, I can't help you better without a clear error message.
Hi @kradan! I actually just tried again and it worked for me this time. Perhaps I copied and pasted the fingerprint incorrectly the first time around. And yeah, the command was
It might be a good idea to explicitly state that dirmngr replaces gnupg-curl. I came across the guide because I'm totally new to encryption, and "Use dirmngr in OpenPGP best practices" didn't mean anything to me until now that I already know to look for that. Just my 2 cents if the goal here is to be welcoming to newbies.
The more I Google, the more it seems that most of the stuff in the riseup guide is deprecated. I realize this is stated in the beginning but considering the amount of information it contains I didn't expect so much to be outdated for newer versions. Although there seems to be some good gems in there like
I don't want to go on a huge tangent, so thanks for the reply and the resources! :)