Basic on PGP

Names:

  • PGP: a commerical encryption program
  • OpenPGP: the IETF standard followed by PGP (the problem) and GPG (proglem). The "PGP" in the title also resolves to it.
  • GPG / gnupg: GNU Privacy Guard, anothe encryption program that implementes OpenPGP.
    • The gpg program shipped with most (if not all) Linuxes.

GPG key:

A format that contains one main (cryptology) key, one or more UserID (name + email), and zero or more subkey (attached cryptology key).

  • anotomy of a GPG key
    • The term 'key' is largely ambigious in a cryptology context. It can mean a number, a encoded form of that number, a file format of key (number) and other metadata, etc.
    • A GPG key (file) is identified by fingerpoint (hashed public half of main key)
    • This is not a immutable (thought it is).
    • With secret half of the main key, one can modify the key and upload it to key servers.
    • Key servers are mostly a key for anyone to host keys. One should trust only keys that are confirmed by other way (e.g. meeting offline).
  • intermediate GPG
  • Creating the perfect GPG keypair
  • How to change the expiration date of a GPG key

Subkeys:

Keybase

  • A PGP key is almost necessary
  • One can have multiple PGP keys can be used
  • keybase pgp update: gpg keychain -> keybase site
  • keybase pgp export: keybase fs -> local file (that can be imported to gpg)
  • keybase pgp import: local -> keybase fs

  • Feature: publish public key

  • Feature: gpg --list-keys

OpenKeychain

Basically a PGP client for Android.

Fidesmo

I found when used to keep PGP key, fidesmo card have a quite limited capacity:

  • Only keeps 1 key
  • I cannot save a existing key to it. i.e. A new key have to be created.
  • The secret key part is always stored within the card, and cannot be exported.
    • It's intended to be an authoritive key holder, rather than a backup key store. Reasonable from a security POV.

My use of them

  • Passphrased copy, and
  • keep 1