No Milestone
No Assignees
4 Participants
Notifications
Total Time Spent: 2h 14min
Due Date
William Davis
2h 14min
No due date set.
Dependencies
This pull request currently doesn't have any dependencies.
Loading…
Reference in new issue
There is no content yet.
Delete Branch 'master'
Deleting a branch is permanent. It CANNOT be undone. Continue?
I feel like there should be some screenshots, also what should the numbers be?
I think 4096 bits and 1-2 years would be appropriate. Though I'm not sure if the former is a requirement.
maybe "we recommend" instead of "it must be at lest"?
On GitHub they have a minimum key length, so I assumed codeberg did too
https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"
WIP: Document GPG key usageto Document GPG key usage 6 months ago"Knut the Polar Bear" has been derived from https://openclipart.org/detail/193243/polar-bear-remix, under CC0 1.0Parts of [content/security/gpg-key.md](content/security/gpg-key.md) have been derived from [docs.github.com](https://docs.github.com), under CC-BY 4.0Let's move the attribution to the end of the article instead:
---## What is a GPG key?GPG stands for GNU Privacy Guard, an opensource implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.Let's make it clear that GPG is a cryptographic software program.
opensource-->open-source## Adding an Existing GPG keyIf you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>Might be better to suggest to type
gpg --versioninstead becausegpgasks for a command.Also let's change the blockquote to a markdown quote on the next line.
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>2. Type `gpg --list-secret-keys --keyid-format LONG` into your terminal, it will list all the keys that you have both a public and private key for.3. Check the output for a key that you want, if there are none, or none that you want to use, continue to [Generating a GPG key](#toc_2). If there is one that you want to use, skip to [adding it to your account](#Adding-to-Codeberg).<blockquote>Let's stick to markdown here:
1. Type `gpg --full-generate-key` into your terminal2. Type `1` and press enter to select `RSA and RSA`3. Enter you desired key size, it should be at least 4096 bits, as lower values are insecure, press enter to confirmKey sizes lower than 4096 aren't necessarily insecure. Something like
we recommend 4096 bitswould be more appropriate. (max RSA key size in GPG is 4096 bits)Enter you-->Enter your1. Type `gpg --list-secret-keys --keyid-format LONG` into the terminal2. Select the key you would like to use (the one you just generated). In this example, the GPG key ID is `3AA5C34371567BD2`:```Please add shell after ``` for appropriate syntax highlighting.
I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to
so that Gitea knows how to do syntax HL.
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]uid Hubotssb 4096R/42B317FD4BA89E7A 2016-03-10```Let's use Knut in the example here.
```3. Type `gpg --armor --export <GPG KEY ID>` into the terminal4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)Let's change this to:
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)6. Press `Add Key` in the `Manage GPG Keys` sectionSteps 6-8 can be combined into one step:
Some syntax changes.
</blockquote><h2 id=Generating>Generating a GPG key</h2>If you haven’t already, be sure to [install](https://gnupg.org/download/index.html#binary) GnuPGP, as we you will be using it to generate your keys.GnuPGP-->GnuPGwe you-->you@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-)
@n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉
Note in
55eb9796a5your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it.Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.
Yeah that was perposeful that I didn't re-add it since it was unrelated
Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
---## What is a GPG key?GPG stands for GNU Privacy Guard, which is an open-source cryptographic software program and uses an implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.Let's change protocol to standard here.
Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).> If you are using a linux distro this might already be installed, check by typing `gpg --version` in the terminal.Please make the first letter of
linuxuppercase.4. Choose the amount of time you want it to be valid for, we recommend 1-2 years for increased security, however you can type 0 for it to never expire. Press enter to confirm.5. Verify your selections are correct, type `y` and press enter to confirm6. Enter your information, be sure to use the same email as your Codeberg account7. Type in a passphrase, make sure you write it down somewhere safe. You'll need it later to add your key to git or revoke it if it is compromisedPlease also make the first letter of
gituppercase, when not referring to the command.Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh.
Sorry. I guess I will simply close this.
Reviewers