Wikimedia Release Engineering Team/Onboarding/PGP and GPG
Appearance
macOS instructions
[edit]Setup
[edit]- Follow instructions at https://alexcabal.com/creating-the-perfect-gpg-keypair
- Store key at encrypted USB stick.
- For added security, do not store the password in keychain.
$ brew install gnupg # install gpg $ gpg --version # check if it's installed $ export GNUPGHOME=/Volumes/(VOLUME/FOLDER) # point gpg to the folder with key $ gpg -K # show key $ gpg --list-keys # list keys
Import
[edit]$ gpg --recv-key "(KEY)" # keyserver needs to be configured (not sure how) $ gpg --import (FILE) # import key from file
Sign
[edit]$ gpg --edit-key (KEY) # edit key gpg> help # help gpg> sign # sign gpg> save # save
Send
[edit]To verify that the email address on the key works, export the signed key, encrypt the exported key, and then send the encrypted key to its owner. The owner, if they get email to the address in the key, can decrypt the encrypted key, import the key, and send the signature to the keyservers themselves.
$ gpg --export --armor "(KEY)" > (FILE) # export $ gpg --encrypt -r "(KEY)" (FILE)
- Answer
Y
to the warning message:gpg: no ultimately trusted keys found ... Use this key anyway? (y/N)
- E-mail the file with
.gpg
extension to the e-mail in the key.