New to GnuPG, having some difficulty

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

New to GnuPG, having some difficulty

GnuPG - User mailing list
Hello gnupg-users!

I have recently been required to use GnuPG to encrypt messages, and have been endeavouring to create a master key however I think I have fumbled.
I created and deleted some keys while I was trying to work it out and now I cannot make heads or tails of my keyring.
Quite simply there are keys and subkeys and secret keys and they all seem to have the same ID. I haven't shared anything as yet, so I would like to start again and hopefully achieve some clarity in the process on my second attempt.

> Is there a safe way to delete everything and start over?

Also, I need to create and export a public key *and* an encryption subkey. I've been reading everything I can find online, but honestly I'm finding it to be quite difficult to discipher.

> If there are any clear cut human readable guides for GnuPG I would appreciate knowing where they are.

I am using Arch Linux, with fish shell and micro text editor.

Thanks in advance, and I apologise if I'm asking basic questions, it's not often I feel like a novice but this encryption business has me doing so.

Kind Regards.


Sent with ProtonMail Secure Email.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: New to GnuPG, having some difficulty

GnuPG - User mailing list
> Hello gnupg-users!

Hello and welcome!

First, please only send plain text (not HTML) to the list.  Some of the
most knowledgeable people here refuse to open HTML mails from people
they don't know.  :)

> I have recently been required to use GnuPG to encrypt messages, and have
> been endeavouring to create a master key however I think I have fumbled.

The best way to begin is to just run "gpg --gen-key" and use the
defaults.  Really, the defaults are good: we picked them for good
reasons.  The vast majority of the webpages you find about "creating the
perfect GnuPG key!" are at least 90% whaleshit.

> Is there a safe way to delete everything and start over?

gpgconf --kill gpg-agent
gpgconf --kill scdaemon
gpgconf --kill dirmngr
rm -rf $HOME/.gnupg

Then the next time you start GnuPG you'll be starting anew.

> Also, I need to create and export a public key *and* an encryption
> subkey.

Again, I really recommend just running --gen-key unless you have a clear
and compelling reason otherwise.

> Thanks in advance, and I apologise if I'm asking basic questions, it's
> not often I feel like a novice but this encryption business has me doing
> so.

We were all newbies once.  :)

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: New to GnuPG, having some difficulty

Ingo Klöcker
On Sonntag, 7. März 2021 03:06:47 CET Robert J. Hansen via Gnupg-users wrote:
> > Is there a safe way to delete everything and start over?
>
> gpgconf --kill gpg-agent
> gpgconf --kill scdaemon
> gpgconf --kill dirmngr

Or simply
gpgconf --kill all
(which will also take care of all future background services used by gpg, e.g.
the upcoming keybox daemon)

Regards,
Ingo

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: New to GnuPG, having some difficulty

Ángel
In reply to this post by GnuPG - User mailing list
On 2021-03-07 at 00:17 +0000, Mundis wrote:
> Hello gnupg-users!

Hello Mundis!



> I have recently been required to use GnuPG to encrypt messages, and
> have been endeavouring to create a master key however I think I have
> fumbled.
> I created and deleted some keys while I was trying to work it out and
> now I cannot make heads or tails of my keyring.
> Quite simply there are keys and subkeys and secret keys and they all
> seem to have the same ID. I haven't shared anything as yet, so I
> would like to start again and hopefully achieve some clarity in the
> process on my second attempt.
>
> > Is there a safe way to delete everything and start over?

You can delete everything and start over by doing:

  gpgconf --kill all
  rm -rf $HOME/.gnupg

although, as you are asking for a 'safe' way, you may prefer to rename
the .gnupg folder to something else. Deleting this folder is not a
problem since you didn't use any key so far, but for anyone else it
would be a very bad idea, as it would remove all public and private
keys the user had created.


> Also, I need to create and export a public key *and* an encryption
> subkey. I've been reading everything I can find online, but honestly
> I'm finding it to be quite difficult to discipher.

You only need to create a public key that uses a separate encryption
subkey (which is the default nowadays). Exporting this key will export
both the master key and the encryption subkey.

So in your case it will be enough to do something like:
 gpg --export [hidden email] > mykey.pub


> > If there are any clear cut human readable guides for GnuPG I would
> appreciate knowing where they are.
>
> I am using Arch Linux, with fish shell and micro text editor.

The GNU Privacy Handbook <https://gnupg.org/gph/en/manual.html> is a
bit old, but other than the new key algorithms, it should cover the
basics. Where are you having problems?

Also note, you will probably be exchanging GnuPG encrypted messages by
email. Although it's possible to manage them through the command line
(particularly when not using PGP/MIME, which would be harder), it will
help immensely if you use a mail client which supports this format.
Received mails are automatically decrypted (well, after prompting you
for your passphrase), and sending encrypted mails is just clicking a
button in the toolbar to enable it, and the client does the rest for
you, which (a) is easier and (b) avoids human errors such as not
encrypting to all recipients.

Caveat: it needs to be properly configured, for outgoing encryption on
your system (e.g. having the keys for the people you are going to write
to) and for the decryption to work by whoever is sending you mails
(I have seen too many mails where someone tried to send a PGP mail by
pasting an armored PGP block in a html mail instead of doing it the
right way).


> Thanks in advance, and I apologise if I'm asking basic questions,
> it's not often I feel like a novice but this encryption business has
> me doing so.
>
> Kind Regards.

Not a problem. Happy to help.

Kind regards



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users