I feel like there should be some screenshots, also what should the numbers be?
3. Enter you desired key size, it must be at least [TODO Number of bits], press enter to confirm
4. Choose the amount of time you want it to be valid for, we recommend [TODO length of time] for increased security, however you can type 0 for it to never expire. Press enter to confirm.
I feel like there should be some screenshots, also what should the numbers be?
```
3. Enter you desired key size, it must be at least [TODO Number of bits], press enter to confirm
4. Choose the amount of time you want it to be valid for, we recommend [TODO length of time] for increased security, however you can type 0 for it to never expire. Press enter to confirm.
```
https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"
https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"
Let's move the attribution to the end of the article instead:
---
> **Attribution**
> This guide is derived from [GitHub Docs](https://docs.github.com), used under CC-BY 4.0.
Let's move the attribution to the end of the article instead:
```markdown
---
> **Attribution**
> This guide is derived from [GitHub Docs](https://docs.github.com), used under CC-BY 4.0.
```
unbeatable-101 marked this conversation as resolved
GPG stands for GNU Privacy Guard, an opensource implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
Might be better to suggest to type gpg --version instead because gpg asks for a command.
Also let's change the blockquote to a markdown quote on the next line.
Might be better to suggest to type `gpg --version` instead because `gpg` asks for a command.
Also let's change the blockquote to a markdown quote on the next line.
unbeatable-101 marked this conversation as resolved
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
2. Type `gpg --list-secret-keys --keyid-format LONG` into your terminal, it will list all the keys that you have both a public and private key for.
3. Check the output for a key that you want, if there are none, or none that you want to use, continue to [Generating a GPG key](#toc_2). If there is one that you want to use, skip to [adding it to your account](#Adding-to-Codeberg).
Key sizes lower than 4096 aren't necessarily insecure. Something like we recommend 4096 bits would be more appropriate. (max RSA key size in GPG is 4096 bits)
Key sizes lower than 4096 aren't necessarily insecure. Something like `we recommend 4096 bits` would be more appropriate. (max RSA key size in GPG is 4096 bits)
I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to
```shell
so that Gitea knows how to do syntax HL.
I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to
~~~
```shell
~~~
so that Gitea knows how to do syntax HL.
6. Click `Add Key` in the `Manage GPG Keys` section, paste in your public key and click the `Add Key` button.
Steps 6-8 can be combined into one step:
```markdown
6. Click `Add Key` in the `Manage GPG Keys` section, paste in your public key and click the `Add Key` button.
```
unbeatable-101 marked this conversation as resolved
@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-)
@n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉
@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-)
@n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉
Note in 55eb9796a5 your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it.
Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.
Note in https://codeberg.org/Codeberg/Documentation/commit/55eb9796a51febc12e4862677a28649da8ee594f your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it.
Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.
GPG stands for GNU Privacy Guard, which is an open-source cryptographic software program and uses an implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).
> If you are using a linux distro this might already be installed, check by typing `gpg --version` in the terminal.
4. Choose the amount of time you want it to be valid for, we recommend 1-2 years for increased security, however you can type 0 for it to never expire. Press enter to confirm.
5. Verify your selections are correct, type `y` and press enter to confirm
6. Enter your information, be sure to use the same email as your Codeberg account
7. Type in a passphrase, make sure you write it down somewhere safe. You'll need it later to add your key to git or revoke it if it is compromised
Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh.
Sorry. I guess I will simply close this.
Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh.
Sorry. I guess I will simply close this.
I feel like there should be some screenshots, also what should the numbers be?
I think 4096 bits and 1-2 years would be appropriate. Though I'm not sure if the former is a requirement.
maybe "we recommend" instead of "it must be at lest"?
On GitHub they have a minimum key length, so I assumed codeberg did too
https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"
WIP: Document GPG key usageto Document GPG key usage 12 months ago"Knut the Polar Bear" has been derived from https://openclipart.org/detail/193243/polar-bear-remix, under CC0 1.0
Parts of [content/security/gpg-key.md](content/security/gpg-key.md) have been derived from [docs.github.com](https://docs.github.com), under CC-BY 4.0
Let's move the attribution to the end of the article instead:
---
## What is a GPG key?
GPG stands for GNU Privacy Guard, an opensource implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
Let's make it clear that GPG is a cryptographic software program.
opensource
-->open-source
## Adding an Existing GPG key
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
Might be better to suggest to type
gpg --version
instead becausegpg
asks for a command.Also let's change the blockquote to a markdown quote on the next line.
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
2. Type `gpg --list-secret-keys --keyid-format LONG` into your terminal, it will list all the keys that you have both a public and private key for.
3. Check the output for a key that you want, if there are none, or none that you want to use, continue to [Generating a GPG key](#toc_2). If there is one that you want to use, skip to [adding it to your account](#Adding-to-Codeberg).
<blockquote>
Let's stick to markdown here:
1. Type `gpg --full-generate-key` into your terminal
2. Type `1` and press enter to select `RSA and RSA`
3. Enter you desired key size, it should be at least 4096 bits, as lower values are insecure, press enter to confirm
Key sizes lower than 4096 aren't necessarily insecure. Something like
we recommend 4096 bits
would be more appropriate. (max RSA key size in GPG is 4096 bits)Enter you
-->Enter your
1. Type `gpg --list-secret-keys --keyid-format LONG` into the terminal
2. Select the key you would like to use (the one you just generated). In this example, the GPG key ID is `3AA5C34371567BD2`:
```
Please add shell after ``` for appropriate syntax highlighting.
I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to
so that Gitea knows how to do syntax HL.
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
```
Let's use Knut in the example here.
```
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal
4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`
5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)
Let's change this to:
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal
4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`
5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)
6. Press `Add Key` in the `Manage GPG Keys` section
Steps 6-8 can be combined into one step:
Some syntax changes.
</blockquote>
<h2 id=Generating>Generating a GPG key</h2>
If you haven’t already, be sure to [install](https://gnupg.org/download/index.html#binary) GnuPGP, as we you will be using it to generate your keys.
GnuPGP
-->GnuPG
we you
-->you
@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-)
@n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉
Note in
55eb9796a5
your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it.Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.
Yeah that was perposeful that I didn't re-add it since it was unrelated
Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
---
## What is a GPG key?
GPG stands for GNU Privacy Guard, which is an open-source cryptographic software program and uses an implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
Let's change protocol to standard here.
Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).
> If you are using a linux distro this might already be installed, check by typing `gpg --version` in the terminal.
Please make the first letter of
linux
uppercase.4. Choose the amount of time you want it to be valid for, we recommend 1-2 years for increased security, however you can type 0 for it to never expire. Press enter to confirm.
5. Verify your selections are correct, type `y` and press enter to confirm
6. Enter your information, be sure to use the same email as your Codeberg account
7. Type in a passphrase, make sure you write it down somewhere safe. You'll need it later to add your key to git or revoke it if it is compromised
Please also make the first letter of
git
uppercase, when not referring to the command.Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh.
Sorry. I guess I will simply close this.
Reviewers