Lines Matching full:your
66 Your distro should already have GnuPG installed by default, you just
93 edit your ``~/.gnupg/gpg-agent.conf`` file to set your own values::
102 beginning of your shell session. You may want to check your rc files
108 Protect your PGP key
116 You should also make a new key if your current one is weaker than 2048
143 private key on your chain.
150 3. A single subkey may have multiple capabilities (e.g. your **[C]** key
151 can also be your **[S]** key).
167 If you used the default parameters when generating your key, then that
176 The long line under the ``sec`` entry is your key fingerprint --
180 Ensure your passphrase is strong
183 GnuPG uses passphrases to encrypt your private keys before storing them on
184 disk. This way, even if your ``.gnupg`` directory is leaked or stolen in
185 its entirety, the attackers cannot use your private keys without first
188 It is absolutely essential that your private keys are protected by a
196 Our goal is to protect your Certify key by moving it to offline media,
209 Back up your Certify key for disaster recovery
212 The more signatures you have on your PGP key from other developers, the
216 The best way to create a printable hardcopy of your private key is by
222 Run the following command to create a hardcopy backup of your private
228 pen and write your passphrase on the margin of the paper. **This is
234 and store in a secure and well-protected place, preferably away from your
235 home, such as your bank vault.
239 Your printer is probably no longer a simple dumb device connected to
240 your parallel port, but since the output is still encrypted with
241 your passphrase, printing out even to "cloud-integrated" modern
244 Back up your whole GnuPG directory
251 It is important to have a readily available backup of your PGP keys
254 on these external copies whenever you need to use your Certify key --
255 such as when making changes to your own key or signing other people's
260 -- refer to your distro's documentation on how to accomplish this.
262 For the encryption passphrase, you can use the same one as on your
266 sure it gets properly mounted. Copy your entire ``.gnupg`` directory
282 Remove the Certify key from your homedir
294 Protecting your key with a good passphrase greatly helps reduce the risk
297 recommended setup is to remove your Certify key from your home directory
303 your GnuPG directory in its entirety. What we are about to do will
304 render your key useless if you do not have a usable backup!
306 First, identify the keygrip of your Certify key::
322 Certify key fingerprint). This will correspond directly to a file in your
353 If you do not have a ``~/.gnupg/private-keys-v1.d`` directory, then your
355 GnuPG v1. Making any changes to your key, such as changing the
360 file, which still contains your private keys.
368 subkeys are still in your home directory. Anyone who manages to get
369 their hands on those will be able to decrypt your communication or fake
370 your signatures (if they know the passphrase). Furthermore, each time a
375 The best way to completely protect your keys is to move them to a
396 Unless all your laptops and workstations have smartcard readers, the
413 Your choice will depend on cost, shipping availability in your
428 Configure your smartcard device
431 Your smartcard device should Just Work (TM) the moment you plug it into
442 To configure your smartcard, you will need to use the GnuPG menu system, as
459 additionally leak information about your smartcard should you lose it.
472 Move the subkeys to your smartcard
476 your subkeys onto the smartcard. You will need both your PGP key
514 Your selection? 2
517 slot. When you submit your selection, you will be prompted first for
518 your PGP key passphrase, and then for the admin PIN. If the command
519 returns without an error, your key has been moved.
530 Your selection? 1
534 again, if your command returns without an error, then the operation was
540 Saving the changes will delete the keys you moved to the card from your
558 available on the smartcard. If you go back into your secret keys
577 This should ask for your smartcard PIN on your first command, and then
581 steal your digital developer identity!
587 with your PGP key.
589 Mounting your safe offline storage
592 You will need your Certify key for any of the operations below, so you
593 will first need to mount your backup offline storage and tell GnuPG to
601 your regular home directory location).
610 To extend the expiration on your key by a year from current date, just
616 your birthday, January 1st, or Canada Day)::
624 Updating your work directory after any changes
627 After you make any changes to your key using the offline storage, you will
628 want to import these changes back into your regular working directory::
636 You can forward your gpg-agent over ssh if you need to sign tags or
653 repository is cloned to your system, you have full history of the
667 impersonate you without having access to your PGP keys.
671 Configure git to use your PGP key
674 If you only have one secret key in your keyring, then you don't really
675 need to do anything extra, as it becomes your default key. However, if
677 should be used (``[fpr]`` is the fingerprint of your key)::
734 signatures. Furthermore, when rebasing your repository to match
735 upstream, even your own PGP commit signatures will end up discarded. For
740 However, if you have your working git tree publicly available at some
742 then the recommendation is that you sign all your git commits even if
750 2. If you ever need to re-clone your local repository (for example,
752 integrity before resuming your work.
753 3. If someone needs to cherry-pick your commits, this allows them to
782 It is possible to use your PGP key to sign patches sent to kernel
799 If you already have your PGP key configured with git (via the
801 further configuration. You can start signing your patches by installing
807 signed with your cryptographic signature.
846 developers' public keys, then you can jumpstart your keyring by relying
849 the prospect of starting your own Web of Trust from scratch is too
852 Add the following to your ``~/.gnupg/gpg.conf``::
862 respectively, before adding auto-retrieved public keys to your local
866 accounts. Once you have the above changes in your ``gpg.conf``, you can
873 UID to your key`_ to make WKD more useful to other kernel developers.
875 .. _`add the kernel.org UID to your key`: https://korg.wiki.kernel.org/userdoc/mail#adding_a_kernel…
883 various software makers dictating who should be your trusted certifying
912 that repository as your source of public keys can be found here:
916 If you are a kernel developer, please consider submitting your key for