Document GPG key usage #127

Closed
unbeatable-101 wants to merge 20 commits from master into master
There is no content yet.
unbeatable-101 added 3 commits 7 months ago
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added spent time 6 months ago
1h 37min
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added spent time 6 months ago
24min
n added the
Kind: Documentation
Status: In progress
labels 6 months ago
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added 3 commits 6 months ago
unbeatable-101 added 1 commit 6 months ago
unbeatable-101 added 2 commits 6 months ago
unbeatable-101 added spent time 6 months ago
13min

I feel like there should be some screenshots, also what should the numbers be?

3. Enter you desired key size, it must be at least [TODO Number of bits], press enter to confirm
4. Choose the amount of time you want it to be valid for, we recommend [TODO length of time] for increased security, however you can type 0 for it to never expire. Press enter to confirm.
I feel like there should be some screenshots, also what should the numbers be? ``` 3. Enter you desired key size, it must be at least [TODO Number of bits], press enter to confirm 4. Choose the amount of time you want it to be valid for, we recommend [TODO length of time] for increased security, however you can type 0 for it to never expire. Press enter to confirm. ```
unbeatable-101 added 1 commit 6 months ago
n commented 6 months ago
Collaborator

I think 4096 bits and 1-2 years would be appropriate. Though I'm not sure if the former is a requirement.

I think 4096 bits and 1-2 years would be appropriate. Though I'm not sure if the former is a requirement.
Collaborator

maybe "we recommend" instead of "it must be at lest"?

maybe "we recommend" instead of "it must be at lest"?

maybe "we recommend" instead of "it must be at lest"?

On GitHub they have a minimum key length, so I assumed codeberg did too

> maybe "we recommend" instead of "it must be at lest"? On GitHub they have a minimum key length, so I assumed codeberg did too
Collaborator

https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"

https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"
unbeatable-101 added 2 commits 6 months ago
unbeatable-101 changed title from WIP: Document GPG key usage to Document GPG key usage 6 months ago
n requested changes 6 months ago
LICENSE.md Outdated
"Knut the Polar Bear" has been derived from https://openclipart.org/detail/193243/polar-bear-remix, under CC0 1.0
Parts of [content/security/gpg-key.md](content/security/gpg-key.md) have been derived from [docs.github.com](https://docs.github.com), under CC-BY 4.0
n commented 6 months ago
Poster
Collaborator

Let's move the attribution to the end of the article instead:

---
> **Attribution**  
> This guide is derived from [GitHub Docs](https://docs.github.com), used under CC-BY 4.0.
Let's move the attribution to the end of the article instead: ```markdown --- > **Attribution** > This guide is derived from [GitHub Docs](https://docs.github.com), used under CC-BY 4.0. ```
unbeatable-101 marked this conversation as resolved
---
## What is a GPG key?
GPG stands for GNU Privacy Guard, an opensource implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
n commented 6 months ago
Poster
Collaborator

Let's make it clear that GPG is a cryptographic software program.

Let's make it clear that GPG is a cryptographic software program.
n commented 6 months ago
Poster
Collaborator

opensource --> open-source

`opensource` --> `open-source`
unbeatable-101 marked this conversation as resolved
## Adding an Existing GPG key
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
n commented 6 months ago
Poster
Collaborator

Might be better to suggest to type gpg --version instead because gpg asks for a command.

Also let's change the blockquote to a markdown quote on the next line.

Might be better to suggest to type `gpg --version` instead because `gpg` asks for a command. Also let's change the blockquote to a markdown quote on the next line.
unbeatable-101 marked this conversation as resolved
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
2. Type `gpg --list-secret-keys --keyid-format LONG` into your terminal, it will list all the keys that you have both a public and private key for.
3. Check the output for a key that you want, if there are none, or none that you want to use, continue to [Generating a GPG key](#toc_2). If there is one that you want to use, skip to [adding it to your account](#Adding-to-Codeberg).
<blockquote>
n commented 6 months ago
Poster
Collaborator

Let's stick to markdown here:

> **IMPORTANT**   
> Be sure that your selected key uses the same email as your Codeberg account.
Let's stick to markdown here: ```markdown > **IMPORTANT** > Be sure that your selected key uses the same email as your Codeberg account. ```
unbeatable-101 marked this conversation as resolved
1. Type `gpg --full-generate-key` into your terminal
2. Type `1` and press enter to select `RSA and RSA`
3. Enter you desired key size, it should be at least 4096 bits, as lower values are insecure, press enter to confirm
n commented 6 months ago
Poster
Collaborator

Key sizes lower than 4096 aren't necessarily insecure. Something like we recommend 4096 bits would be more appropriate. (max RSA key size in GPG is 4096 bits)

Key sizes lower than 4096 aren't necessarily insecure. Something like `we recommend 4096 bits` would be more appropriate. (max RSA key size in GPG is 4096 bits)
n commented 6 months ago
Poster
Collaborator

Enter you --> Enter your

`Enter you` --> `Enter your`
unbeatable-101 marked this conversation as resolved
1. Type `gpg --list-secret-keys --keyid-format LONG` into the terminal
2. Select the key you would like to use (the one you just generated). In this example, the GPG key ID is `3AA5C34371567BD2`:
```
n commented 6 months ago
Poster
Collaborator

Please add shell after ``` for appropriate syntax highlighting.

Please add shell after ``` for appropriate syntax highlighting.
fnetX commented 6 months ago
Poster
Collaborator

I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to

```shell

so that Gitea knows how to do syntax HL.

I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to ~~~ ```shell ~~~ so that Gitea knows how to do syntax HL.
unbeatable-101 marked this conversation as resolved
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
```
n commented 6 months ago
Poster
Collaborator

Let's use Knut in the example here.

$ gpg --list-secret-keys --keyid-format LONG
/home/knut/.gnupg/pubring.kbx
--------------------------
sec   rsa4096/3AA5C34371567BD2 2021-06-06 [SC] [expires: 2022-06-06]
      6CD8F2B4F3E2E8F08274B563480F8962730149C7
uid                 [ultimate] knut <knut@codeberg.org>
ssb   rsa4096/42B317FD4BA89E7A 2021-06-06 [E] [expires: 2022-06-06]
Let's use [Knut](https://docs.codeberg.org/getting-started/) in the example here. ```shell $ gpg --list-secret-keys --keyid-format LONG /home/knut/.gnupg/pubring.kbx -------------------------- sec rsa4096/3AA5C34371567BD2 2021-06-06 [SC] [expires: 2022-06-06] 6CD8F2B4F3E2E8F08274B563480F8962730149C7 uid [ultimate] knut <knut@codeberg.org> ssb rsa4096/42B317FD4BA89E7A 2021-06-06 [E] [expires: 2022-06-06] ```
unbeatable-101 marked this conversation as resolved
```
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal
4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`
5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)
n commented 6 months ago
Poster
Collaborator

Let's change this to:

Go to the [SSH/GPG Keys tab](https://codeberg.org/user/settings/keys) in your Codeberg settings.
Let's change this to: ```markdown Go to the [SSH/GPG Keys tab](https://codeberg.org/user/settings/keys) in your Codeberg settings. ```
unbeatable-101 marked this conversation as resolved
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal
4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`
5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)
6. Press `Add Key` in the `Manage GPG Keys` section
n commented 6 months ago
Poster
Collaborator

Steps 6-8 can be combined into one step:

6. Click `Add Key` in the `Manage GPG Keys` section, paste in your public key and click the `Add Key` button.
Steps 6-8 can be combined into one step: ```markdown 6. Click `Add Key` in the `Manage GPG Keys` section, paste in your public key and click the `Add Key` button. ```
unbeatable-101 marked this conversation as resolved
n requested changes 6 months ago
n left a comment

Some syntax changes.

</blockquote>
<h2 id=Generating>Generating a GPG key</h2>
If you haven’t already, be sure to [install](https://gnupg.org/download/index.html#binary) GnuPGP, as we you will be using it to generate your keys.
n commented 6 months ago
Poster
Collaborator

GnuPGP --> GnuPG
we you --> you

`GnuPGP` --> `GnuPG` `we you` --> `you`
unbeatable-101 marked this conversation as resolved
Collaborator

@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-)

@n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉

@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-) @n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉
unbeatable-101 added 1 commit 6 months ago
Collaborator

Note in 55eb9796a5 your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it.

Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.

Note in https://codeberg.org/Codeberg/Documentation/commit/55eb9796a51febc12e4862677a28649da8ee594f your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it. Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.

Yeah that was perposeful that I didn't re-add it since it was unrelated

Yeah that was perposeful that I didn't re-add it since it was unrelated
fnetX approved these changes 6 months ago
n approved these changes 6 months ago
n left a comment

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.

---
## What is a GPG key?
GPG stands for GNU Privacy Guard, which is an open-source cryptographic software program and uses an implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
n commented 6 months ago
Poster
Collaborator

Let's change protocol to standard here.

Let's change protocol to standard here.
unbeatable-101 marked this conversation as resolved
n approved these changes 6 months ago
n left a comment

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.

n approved these changes 6 months ago
n left a comment

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.

n added the
Status: Review
label 6 months ago
n reviewed 6 months ago
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).
> If you are using a linux distro this might already be installed, check by typing `gpg --version` in the terminal.
n commented 6 months ago
Poster
Collaborator

Please make the first letter of linux uppercase.

Please make the first letter of `linux` uppercase.
unbeatable-101 marked this conversation as resolved
n reviewed 6 months ago
4. Choose the amount of time you want it to be valid for, we recommend 1-2 years for increased security, however you can type 0 for it to never expire. Press enter to confirm.
5. Verify your selections are correct, type `y` and press enter to confirm
6. Enter your information, be sure to use the same email as your Codeberg account
7. Type in a passphrase, make sure you write it down somewhere safe. You'll need it later to add your key to git or revoke it if it is compromised
n commented 6 months ago
Poster
Collaborator

Please also make the first letter of git uppercase, when not referring to the command.

Please also make the first letter of `git` uppercase, when not referring to the command.
unbeatable-101 marked this conversation as resolved
unbeatable-101 added 1 commit 6 months ago
fnetX referenced this issue from a commit 6 months ago
Collaborator

Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh.

Sorry. I guess I will simply close this.

Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh. Sorry. I guess I will simply close this.
fnetX closed this pull request 6 months ago

Reviewers

fnetX approved these changes 6 months ago
n approved these changes 6 months ago
This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
No reviewers
No Milestone
No Assignees
4 Participants
Notifications
Total Time Spent: 2h 14min
William Davis
2h 14min
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.