#+TITLE: GNUPG: Best Practices #+EXPORT_AUTHOR: bjoernb #+EXPORT_EMAIL: 4bewersd@informatik.uni-hamburg.de #+EXPORT_DATE: \date{December 3, 2013} #+EXPORT_DESCRIPTION: Best practices for using GNUPG #+KEYWORDS: gpg, configuration, key-rollover #+LANGUAGE: en #+OPTIONS: H:3 num:t toc:t \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t #+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc toc:nil #+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js #+EXPORT_SELECT_TAGS: export #+EXPORT_EXCLUDE_TAGS: noexport #+LINK_UP: #+LINK_HOME: #+XSLT: #+startup: beamer #+EXPORT_LaTeX_CLASS: beamer #+EXPORT_LaTeX_CLASS_OPTIONS:[bigger] #+latex_header: \mode{\usetheme{CambridgeUS}\setbeamercolor*{block title}{bg=red!64!black,fg=white}\setbeamercolor{section number projected}{bg=black,fg=white} \setbeamercolor{item projected}{bg=black,fg=white} \setbeamertemplate{itemize items}{\color{black} \blacktriangleright} } #+BEAMER_FRAME_LEVEL: 2 #+COLUMNS: %20ITEM %13BEAMER_env(Env) %6BEAMER_envargs(Args) %4BEAMER_col(Col) %7BEAMER_extra(Extra) * GNUPG Best Practices ** Configuration of gpg *** Configuration of GNUPG :B_block: :PROPERTIES: :BEAMER_env: block :END: **** Configuration - Use HKPS for secure SSL connection to the keyserver \pause - Use a keyserver pool like hkps://hkps.pool.sks-keyservers.net \pause - Use the full fingerprint and not only the short keyid \pause - Use secure digest methods for key creation and signatures ** Generation of keys and key rollover *** Generate key :B_block: :PROPERTIES: :BEAMER_env: block :END: **** Key generation: - Choose a secure algoritym like RSA for your signing and encrytion keys \pause - Use a long keysize like 4096 bit \pause - Set an expiry date that is not so far in the future, like 1 year \pause - A key uid consists of your real name and an email address only you control \pause - Leave the comment field empty \pause - Choose a strong passphrase *** Add another uid :B_block: :PROPERTIES: :BEAMER_env: block :END: **** Manage uids - Add uids to your key \pause - Iff you use xmpp you can add a comment that you do not receive email on that uid \pause - You can set a later added uid as primary uid *** Secure yourself against identity theft or key loss :B_block: :PROPERTIES: :BEAMER_env: block :END: **** Generate revocation certificate - generate the revocation certificate, so that you can revoke a compromised or lost key - keep it in a safe place *** Key rollover :B_block: :PROPERTIES: :BEAMER_env: block :END: **** Getting rid of the old key and communicating the new one - Sign your new key with your old one \pause - Upload your new key to the key servers \pause - Inform others that you have changed your key ** Keep your private key secure *** Storage of private key and revocation certificate :B_block: :PROPERTIES: :BEAMER_env: block :END: **** Do not lose your keys - Encrypt your hard drive \pause - Do backups on a regular basis \pause - Encrypt your backups \pause - Use tools like gfshare * Sources & Documentation ** Weblinks *** Literature :B_block: :PROPERTIES: :BEAMER_env: block :END: 1. [[https://we.riseup.net/riseuplabs\%2Bpaow/openpgp-best-practices][OpenPGP Best Practices]] 2. [[http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/][Key-Rollover]] 3. [[http://www.digital-scurf.org/software/libgfshare][libgfshare]] 4. [[http://orgmode.org/worg/exporters/beamer/tutorial.html][Writing beamer presentations in org-mode]] 5. [[http://orgmode.org/manual/Beamer-export.html][Org-mode: Beamer Export]] * License ** Licence *** License :B_block: :PROPERTIES: :BEAMER_env: block :END: \footnotesize{} This work is licensed under a Creative Commons Attribution-ShareAlike 4.0: - [[http://creativecommons.org/licenses/by-sa/4.0/][http://creativecommons.org/licenses/by-sa/4.0]]/