From de7675f7a92430b77f94bf6d3ecc3916d89b5b13 Mon Sep 17 00:00:00 2001 From: Thomas A Caswell Date: Sun, 2 Sep 2018 18:02:29 -0400 Subject: [PATCH 1/3] DOC: add section on signing with existing key --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 97cfcff..0615321 100644 --- a/README.md +++ b/README.md @@ -416,6 +416,17 @@ Export the key ID as a [variable](https://stackoverflow.com/questions/1158091/de $ export KEYID=0xFF3E7D88647EBCDB ``` +# Sign with an existing key (if you have one) + +Export your existing key to move it to the working keyring. From a different terminal do: + + $ gpg --export-secret-keys --armor --output /tmp/new.sec + +and then + + $ gpg --default-key $OLDKEY --sign-key $KEYID + + # Sub-keys Edit the master key to add sub-keys: From 5df1226971970343c55b2225d8a7cbc2bd8e22ca Mon Sep 17 00:00:00 2001 From: Thomas A Caswell Date: Fri, 23 Aug 2019 12:49:23 -0400 Subject: [PATCH 2/3] DOC: notes an adding more emails --- README.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/README.md b/README.md index 0615321..5f59497 100644 --- a/README.md +++ b/README.md @@ -634,6 +634,70 @@ Finish by saving the keys. gpg> save ``` +## Add extra emails + +```console +gpg> adduid +Real name: Dr Duh +Email address: DrDuh@other.org +Comment: +You selected this USER-ID: + "Dr Duh " + +sec rsa4096/0xFF3E7D88647EBCDB + created: 2017-10-09 expires: never usage: SC + trust: ultimate validity: ultimate +ssb rsa4096/0xBECFA3C1AE191D15 + created: 2017-10-09 expires: never usage: S +ssb rsa4096/0x5912A795E90DD2CF + created: 2017-10-09 expires: never usage: E +ssb rsa4096/0x3F29127E79649A3D + created: 2017-10-09 expires: never usage: A +[ultimate] (1). Dr Duh +[ unknown] (2). Dr Duh + + +gpg> trust +sec rsa4096/0xFF3E7D88647EBCDB + created: 2017-10-09 expires: never usage: SC + trust: ultimate validity: ultimate +ssb rsa4096/0xBECFA3C1AE191D15 + created: 2017-10-09 expires: never usage: S +ssb rsa4096/0x5912A795E90DD2CF + created: 2017-10-09 expires: never usage: E +ssb rsa4096/0x3F29127E79649A3D + created: 2017-10-09 expires: never usage: A +[ultimate] (1). Dr Duh +[ unknown] (2). Dr Duh + +Please decide how far you trust this user to correctly verify other users' keys +(by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + +Your decision? 5 +Do you really want to set this key to ultimate trust? (y/N) y + +sec rsa4096/0xFF3E7D88647EBCDB + created: 2017-10-09 expires: never usage: SC + trust: ultimate validity: ultimate +ssb rsa4096/0xBECFA3C1AE191D15 + created: 2017-10-09 expires: never usage: S +ssb rsa4096/0x5912A795E90DD2CF + created: 2017-10-09 expires: never usage: E +ssb rsa4096/0x3F29127E79649A3D + created: 2017-10-09 expires: never usage: A +[ultimate] (1). Dr Duh +[ unknown] (2). Dr Duh + +gpg> save +``` + # Verify List the generated secret keys and verify the output: From f8880975b8c5d2a3fdf779a85453748701a526cf Mon Sep 17 00:00:00 2001 From: Thomas A Caswell Date: Mon, 26 Aug 2019 21:10:19 -0400 Subject: [PATCH 3/3] DOC: justify why you would want to sign your new key --- README.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5f59497..ed476c0 100644 --- a/README.md +++ b/README.md @@ -416,17 +416,26 @@ Export the key ID as a [variable](https://stackoverflow.com/questions/1158091/de $ export KEYID=0xFF3E7D88647EBCDB ``` -# Sign with an existing key (if you have one) +# Sign with an existing key (optional) -Export your existing key to move it to the working keyring. From a different terminal do: +If you already have a pgp key you may want want to sign your new key +with the old one to help prove that your new key is infact controlled +by you. - $ gpg --export-secret-keys --armor --output /tmp/new.sec +Export your existing key to move it to the working keyring. From a +different terminal do: -and then +```console +$ gpg --export-secret-keys --armor --output /tmp/new.sec +``` - $ gpg --default-key $OLDKEY --sign-key $KEYID +to export your old key and then +```console +$ gpg --default-key $OLDKEY --sign-key $KEYID +``` + # Sub-keys Edit the master key to add sub-keys: