Talk:GnuPG

Ideas for articles covering GnuGP integration

This article does not cover tools such as pgp4pine, gpgpine, evolution, and Windows GPG tools. Windows tools certainly do not merit coverage on this wiki, however it may be nice to cover the following mail clients' integration with GnuGP:

• mail-client/pinepgp
• mail-client/evolution

--Maffblaster (talk) 18:27, 26 December 2017 (UTC)

I am closing this discussion, as each mail client should probably have it's own separate article to cover it's own GPG integration. --Maffblaster (talk) 17:01, 24 June 2020 (UTC)

Configuring gpg-agent and pinentry

Section "Configuring gpg-agent and pinentry": Currently the example codeblock for gpg-agent lists the --no-grab option, why? https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html says:

--no-grab
Tell the pinentry to grab the keyboard and mouse. This option should be used on X-Servers to avoid X-sniffing attacks. Any use of the option --grab overrides an used option --no-grab. The default is --no-grab.

--ng0 (talk) 06:16, 1 May 2016 (UTC)

Looks like the --grab option is to avoid protocol sniffing. This a security enhancement so that passwords cannot be exposed as they are typed into the pinentry agent. Looks like the explanation has been explained better since your last comment, so I have updated it for you as well. --Maffblaster (talk) 17:04, 24 June 2020 (UTC)

Moving chatty content to a guide article

This article reads very much like many of the higher quality 'Guide' articles that we have floating around the wiki. I'm wanting to move much of the chatty (but nice for a relaxed read) content to a /Guide subarticle. I would revise the main article to more in-line with an Article Blueprint layout. Any objections to me doing so? Kind regards, --Maffblaster (talk) 00:10, 27 June 2017 (UTC)

Please don't. You would end up having almost all content in the subarticle leaving an almost meaningless main article like e.g. Localization or Initramfs. However, adding references to Handbook:AMD64/Installation/Media#Linux_based_verification and Handbook:AMD64/Working/Features#Validated_Gentoo_repository_snapshots would be nice.
--Charles17 (talk) 06:07, 27 June 2017 (UTC)

Agreed. It shall stay as-is. Thank you. --Maffblaster (talk) 17:05, 24 June 2020 (UTC)

PGP key expiry

I am missing information about expiry and what to do. — The preceding unsigned comment was added by BW (talk • contribs)

There exists only two viable options for expired keys. First would be to extend the expiry date on the key so that it continues to be valid. Second would be to revoke the key and then generate a new key. The decision is left up to you on how to proceed with the solution that best fits your case. I will try to add a small section on extending expiry dates to a key. --Maffblaster (talk) 17:11, 24 June 2020 (UTC)

Removing references to keys.gnupg.net

As far as I can tell, keys.gnupg.net has fallen completely into disrepair; the certificates it presents aren't even valid anymore. It seems borderline unsafe to still be recommending it here. Is there some other public keyserver that is canonically used by the FOSS/Gentoo community, or should we just replace that section with an exhortation to find your own? --Apetresc (talk) 12:34, 23 June 2020 (UTC)

Fine with me. I believe an update server would be the SKS keyservers and the SKS pool, which is ran by a Gentoo developer. Feel free to update these references. I can also help. --Maffblaster (talk) 16:52, 24 June 2020 (UTC)

Please add how to not enter passphrase

Yes gpg-agent will cache it, but I need to enter a passphrase for the first time. Is it possible to read the pass from the env or some file?

--Vitaly-zdanevich (talk) 17:30, 12 June 2021 (UTC)