Neatly managing and handling PGP/GnuPG keyrings
GUI Key Management
If graphical programs appeal more to you than tools for the command line, you should take a look at Seahorse (Gnome) [18] or KGpg (KDE) [19], as well as the GNU Privacy Assistant (GPA) [20].
You can manage certificates (Figures 4 and 5), as well as GnuPG and SSH keys, with the compact Seahorse application. It is integrated within the Ubuntu and Gnome desktops. To keep your local GnuPG keyring up to date, Seahorse can synchronize the available keys with the key server network on request with the Remote | Match and share keys menu item.
On first sight, the GPA operates more comprehensively than Seahorse, but concentrates on GnuPG key management (Figure 6). In GPA, for example, you can add keys, modify and sign them, or match your keyring with the key server network.
Conclusion
Your keyring is always up to date with little effort using GnuPG and its graphical front ends. To browse for more information, I recommend the GnuPG wiki [21] and an article on OpenPGP best practices [22]. The question of where and how you can store private keys and their related files securely has remained unanswered to this point.
Note of Thanks
The author thanks Sebastian Andres, Wolfram Eifler, Sven Guckes, Gerold Rupprecht, and Martin Ebnother for their suggestions and criticism before the publication of this article.
Infos
- "PGP with GnuPG" by Martin Loschwitz, Ubuntu User, issue 24, 2015, pg. 56, http://www.ubuntu-user.com/Magazine/Archive/2015/24/Reliably-encrypting-emails-using-GnuPG
- Key signing party: https://en.wikipedia.org/wiki/Key_signing_party
- Monkeysign: http://web.monkeysphere.info/monkeysign/
- "Submitting your GPG key to a keyserver": https://debian-administration.org/article/451/Submitting_your_GPG_key_to_a_keyserver
- GnuPG: https://www.gnupg.org
- GPG options: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html
- Key servers: https://sks-keyservers.net/status/
- GnuPG server pools: https://sks-keyservers.net/overview-of-pools.php
- "Creating a new GPG key with subkeys": https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/
- Sending encrypted emails using Thunderbird and PGP: http://www.wefightcensorship.org/article/sending-encrypted-emails-using-thunderbird-and-pgphtml.html
- Mutt and GnuPG: https://dev.mutt.org/trac/wiki/MuttGuide/UseGPG
- The difference between electronic signatures and digital signatures: https://www.globalsign.com/en/blog/electronic-signatures-vs-digital-signatures/
- Tank, Margo H. K., Sara E. Emley, and R. David Whitaker. A Brief Guide to Using Electronic Signatures in Securities Transactions, http://www.buckleysandler.com/uploads/1082/doc/A-Brief-Guide-to-Using-Electronic-Signatures-in-Securities-Transactions.pdf
- X.509 certificates: https://en.wikipedia.org/wiki/X.509
- Enigmail (DEB): https://packages.debian.org/jessie/enigmail
- Setting up OpenPGP encryption in Thunderbird/Icedove, https://wiki.debian.org/Icedove#Setting_up_OpenPGP_Encryption
- The GNU Privacy Handbook, Chapter 3, Key Management: https://www.gnupg.org/gph/en/manual/c235.html
- Seahorse: https://wiki.gnome.org/Apps/Seahorse
- KGpg: https://utils.kde.org/projects/kgpg/
- GNU Privacy Assistant: https://www.gnupg.org/related_software/gpa/index.html
- GnuPG wiki: https://wiki.gnupg.org
- OpenPGP best practices: https://help.riseup.net/en/security/message-security/openpgp/best-practices
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)