Document GPG key usage #127

Closed
unbeatable-101 wants to merge 20 commits from master into master
There is no content yet.
unbeatable-101 added 3 commits 1 year ago
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added spent time 1 year ago
1h 37min
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added spent time 1 year ago
24min
n added the
Kind: Documentation
Status: In progress
labels 1 year ago
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added 3 commits 1 year ago
unbeatable-101 added 1 commit 1 year ago
unbeatable-101 added 2 commits 1 year ago
unbeatable-101 added spent time 1 year ago
13min

I feel like there should be some screenshots, also what should the numbers be?

3. Enter you desired key size, it must be at least [TODO Number of bits], press enter to confirm
4. Choose the amount of time you want it to be valid for, we recommend [TODO length of time] for increased security, however you can type 0 for it to never expire. Press enter to confirm.
I feel like there should be some screenshots, also what should the numbers be? ``` 3. Enter you desired key size, it must be at least [TODO Number of bits], press enter to confirm 4. Choose the amount of time you want it to be valid for, we recommend [TODO length of time] for increased security, however you can type 0 for it to never expire. Press enter to confirm. ```
unbeatable-101 added 1 commit 1 year ago
n commented 1 year ago
Collaborator

I think 4096 bits and 1-2 years would be appropriate. Though I'm not sure if the former is a requirement.

I think 4096 bits and 1-2 years would be appropriate. Though I'm not sure if the former is a requirement.
Owner

maybe "we recommend" instead of "it must be at lest"?

maybe "we recommend" instead of "it must be at lest"?

maybe "we recommend" instead of "it must be at lest"?

On GitHub they have a minimum key length, so I assumed codeberg did too

> maybe "we recommend" instead of "it must be at lest"? On GitHub they have a minimum key length, so I assumed codeberg did too
Owner

https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"

https://docs.gitea.io/en-us/signing/ looks like Gitea only checks if the signature matches the one a user uploaded and not much more. So I'd say you can go for "recommend"
unbeatable-101 added 2 commits 1 year ago
unbeatable-101 changed title from WIP: Document GPG key usage to Document GPG key usage 1 year ago
n requested changes 1 year ago
LICENSE.md Outdated
"Knut the Polar Bear" has been derived from https://openclipart.org/detail/193243/polar-bear-remix, under CC0 1.0
Parts of [content/security/gpg-key.md](content/security/gpg-key.md) have been derived from [docs.github.com](https://docs.github.com), under CC-BY 4.0
n commented 1 year ago
Collaborator

Let's move the attribution to the end of the article instead:

---
> **Attribution**  
> This guide is derived from [GitHub Docs](https://docs.github.com), used under CC-BY 4.0.
Let's move the attribution to the end of the article instead: ```markdown --- > **Attribution** > This guide is derived from [GitHub Docs](https://docs.github.com), used under CC-BY 4.0. ```
unbeatable-101 marked this conversation as resolved
---
## What is a GPG key?
GPG stands for GNU Privacy Guard, an opensource implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
n commented 1 year ago
Collaborator

Let's make it clear that GPG is a cryptographic software program.

Let's make it clear that GPG is a cryptographic software program.
n commented 1 year ago
Collaborator

opensource --> open-source

`opensource` --> `open-source`
unbeatable-101 marked this conversation as resolved
## Adding an Existing GPG key
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
n commented 1 year ago
Collaborator

Might be better to suggest to type gpg --version instead because gpg asks for a command.

Also let's change the blockquote to a markdown quote on the next line.

Might be better to suggest to type `gpg --version` instead because `gpg` asks for a command. Also let's change the blockquote to a markdown quote on the next line.
unbeatable-101 marked this conversation as resolved
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).<blockquote>If you are using a linux distro this might already be installed, check by typing `gpg` in the terminal.</blockquote>
2. Type `gpg --list-secret-keys --keyid-format LONG` into your terminal, it will list all the keys that you have both a public and private key for.
3. Check the output for a key that you want, if there are none, or none that you want to use, continue to [Generating a GPG key](#toc_2). If there is one that you want to use, skip to [adding it to your account](#Adding-to-Codeberg).
<blockquote>
n commented 1 year ago
Collaborator

Let's stick to markdown here:

> **IMPORTANT**   
> Be sure that your selected key uses the same email as your Codeberg account.
Let's stick to markdown here: ```markdown > **IMPORTANT** > Be sure that your selected key uses the same email as your Codeberg account. ```
unbeatable-101 marked this conversation as resolved
1. Type `gpg --full-generate-key` into your terminal
2. Type `1` and press enter to select `RSA and RSA`
3. Enter you desired key size, it should be at least 4096 bits, as lower values are insecure, press enter to confirm
n commented 1 year ago
Collaborator

Key sizes lower than 4096 aren't necessarily insecure. Something like we recommend 4096 bits would be more appropriate. (max RSA key size in GPG is 4096 bits)

Key sizes lower than 4096 aren't necessarily insecure. Something like `we recommend 4096 bits` would be more appropriate. (max RSA key size in GPG is 4096 bits)
n commented 1 year ago
Collaborator

Enter you --> Enter your

`Enter you` --> `Enter your`
unbeatable-101 marked this conversation as resolved
1. Type `gpg --list-secret-keys --keyid-format LONG` into the terminal
2. Select the key you would like to use (the one you just generated). In this example, the GPG key ID is `3AA5C34371567BD2`:
```
n commented 1 year ago
Collaborator

Please add shell after ``` for appropriate syntax highlighting.

Please add shell after ``` for appropriate syntax highlighting.
fnetX commented 1 year ago
Owner

I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to

```shell

so that Gitea knows how to do syntax HL.

I have been confused by this on first read, so in case it's not obvious for you, too: the point is to replace that line to ~~~ ```shell ~~~ so that Gitea knows how to do syntax HL.
unbeatable-101 marked this conversation as resolved
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
```
n commented 1 year ago
Collaborator

Let's use Knut in the example here.

$ gpg --list-secret-keys --keyid-format LONG
/home/knut/.gnupg/pubring.kbx
--------------------------
sec   rsa4096/3AA5C34371567BD2 2021-06-06 [SC] [expires: 2022-06-06]
      6CD8F2B4F3E2E8F08274B563480F8962730149C7
uid                 [ultimate] knut <knut@codeberg.org>
ssb   rsa4096/42B317FD4BA89E7A 2021-06-06 [E] [expires: 2022-06-06]
Let's use [Knut](https://docs.codeberg.org/getting-started/) in the example here. ```shell $ gpg --list-secret-keys --keyid-format LONG /home/knut/.gnupg/pubring.kbx -------------------------- sec rsa4096/3AA5C34371567BD2 2021-06-06 [SC] [expires: 2022-06-06] 6CD8F2B4F3E2E8F08274B563480F8962730149C7 uid [ultimate] knut <knut@codeberg.org> ssb rsa4096/42B317FD4BA89E7A 2021-06-06 [E] [expires: 2022-06-06] ```
unbeatable-101 marked this conversation as resolved
```
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal
4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`
5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)
n commented 1 year ago
Collaborator

Let's change this to:

Go to the [SSH/GPG Keys tab](https://codeberg.org/user/settings/keys) in your Codeberg settings.
Let's change this to: ```markdown Go to the [SSH/GPG Keys tab](https://codeberg.org/user/settings/keys) in your Codeberg settings. ```
unbeatable-101 marked this conversation as resolved
3. Type `gpg --armor --export <GPG KEY ID>` into the terminal
4. Copy the output including the `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`
5. Go to [https://codeberg.org/user/settings/keys](https://codeberg.org/user/settings/keys)
6. Press `Add Key` in the `Manage GPG Keys` section
n commented 1 year ago
Collaborator

Steps 6-8 can be combined into one step:

6. Click `Add Key` in the `Manage GPG Keys` section, paste in your public key and click the `Add Key` button.
Steps 6-8 can be combined into one step: ```markdown 6. Click `Add Key` in the `Manage GPG Keys` section, paste in your public key and click the `Add Key` button. ```
unbeatable-101 marked this conversation as resolved
n requested changes 1 year ago
n left a comment
Collaborator

Some syntax changes.

Some syntax changes.
</blockquote>
<h2 id=Generating>Generating a GPG key</h2>
If you haven’t already, be sure to [install](https://gnupg.org/download/index.html#binary) GnuPGP, as we you will be using it to generate your keys.
n commented 1 year ago
Collaborator

GnuPGP --> GnuPG
we you --> you

`GnuPGP` --> `GnuPG` `we you` --> `you`
unbeatable-101 marked this conversation as resolved
Owner

@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-)

@n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉

@unbeatable-101 thank you for coming up and finishing this, I pretty much like it. I think most reviewed points are valid, let's improve and finalize this :-) @n thank you as always for your quite detailed review. I don't have that strong feelings to some suggestions, I'll have a closer look to this PR once you discussed out this stuff 😉
unbeatable-101 added 1 commit 1 year ago
Owner

Note in 55eb9796a5 your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it.

Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.

Note in https://codeberg.org/Codeberg/Documentation/commit/55eb9796a51febc12e4862677a28649da8ee594f your change from OSX to mac OS got lost. It's actually unrelated to this PR, this is a good example of why not to touch stuff that is unrelated, it might get mixed up or lost when you don't recall you did it. Not sure if you just want to readd this commit or create a new PR (or don't care). I'm fine with all solutions this time.

Yeah that was perposeful that I didn't re-add it since it was unrelated

Yeah that was perposeful that I didn't re-add it since it was unrelated
fnetX approved these changes 1 year ago
n approved these changes 1 year ago
n left a comment
Collaborator

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
---
## What is a GPG key?
GPG stands for GNU Privacy Guard, which is an open-source cryptographic software program and uses an implementation of the [Open PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) protocol. A GPG key is used to sign each commit you make so your collaborators can be sure it was you who made it.
n commented 1 year ago
Collaborator

Let's change protocol to standard here.

Let's change protocol to standard here.
unbeatable-101 marked this conversation as resolved
n approved these changes 1 year ago
n left a comment
Collaborator

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
n approved these changes 1 year ago
n left a comment
Collaborator

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.

Thanks for finishing the guide and implementing all of my suggestions. Other than a minor issue, we are ready to merge.
n added the
Status: Review
label 1 year ago
n reviewed 1 year ago
If you have your public key in an easy to find location, great! You can skip to [adding it to your account](#Adding-to-Codeberg). If not we will be using the [GnuPG software](https://gnupg.org/download/index.html#binary) to check, if you have downloaded this before you can skip to [Generating a GPG key](#Generating).
1. Download and install [GnuGPG](https://gnupg.org/download/index.html#binary).
> If you are using a linux distro this might already be installed, check by typing `gpg --version` in the terminal.
n commented 1 year ago
Collaborator

Please make the first letter of linux uppercase.

Please make the first letter of `linux` uppercase.
unbeatable-101 marked this conversation as resolved
n reviewed 1 year ago
4. Choose the amount of time you want it to be valid for, we recommend 1-2 years for increased security, however you can type 0 for it to never expire. Press enter to confirm.
5. Verify your selections are correct, type `y` and press enter to confirm
6. Enter your information, be sure to use the same email as your Codeberg account
7. Type in a passphrase, make sure you write it down somewhere safe. You'll need it later to add your key to git or revoke it if it is compromised
n commented 1 year ago
Collaborator

Please also make the first letter of git uppercase, when not referring to the command.

Please also make the first letter of `git` uppercase, when not referring to the command.
unbeatable-101 marked this conversation as resolved
unbeatable-101 added 1 commit 1 year ago
fnetX referenced this issue from a commit 1 year ago
Owner

Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh.

Sorry. I guess I will simply close this.

Damn, manual merges suck. Autodetection is disabled and you can only set a manual merge after you have a commit, but you can't set it as manually merged, when there are conflicts. Of course, a manual merge commit creates conflicts. Arrrgghhh. Sorry. I guess I will simply close this.
fnetX closed this pull request 1 year ago

Reviewers

fnetX approved these changes 1 year ago
n approved these changes 1 year ago
This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
No reviewers
No Milestone
No Assignees
4 Participants
Notifications
Total Time Spent: 2 hours 14 minutes
William Davis
2 hours 14 minutes
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Codeberg/Documentation#127
Loading…
There is no content yet.