Documentation/process/maintainer-pgp-guide.rst

80 will assume you have the version 2.2 of GnuPG (or later). If you are
81 using version 2.0 of GnuPG, then some of the commands in this guide will
97 The GnuPG agent is a helper tool that will start automatically whenever
103   the time-to-live expires, the countdown will reset for another period.
127 You will need to regularly refresh your keyring in order to get the
187 is what you will have. You can verify by running ``gpg --list-secret-keys``,
268 that passphrase, and if you ever change it you will not remember what it
293 disaster-level preparedness we did with ``paperkey``. You will also rely
299 will use for backup purposes. You will need to encrypt them using LUKS
343     your GnuPG directory in its entirety. What we are about to do will
350 The output will be something like this::
362 master key fingerprint). This will correspond directly to a file in your
377 Now, if you issue the ``--list-secret-keys`` command, it will show that
409 their hands on those will be able to decrypt your communication or fake
453 others. Your choice will depend on cost, shipping availability in your
483 To configure your smartcard, you will need to use the GnuPG menu system, as
495 the smartcard). You so rarely need to use the Admin PIN, that you will
499 as name, sex, login data, etc), but it's not necessary and will
517 your subkeys onto the smartcard. You will need both your PGP key
535 Using ``--edit-key`` puts us into the menu mode again, and you will
547 meaning that if you type ``key 1`` again, the ``*`` will disappear and
548 the key will not be selected any more.
558 slot.  When you submit your selection, you will be prompted first for
581 Saving the changes will delete the keys you moved to the card from your
588 If you perform ``--list-secret-keys`` now, you will see a subtle
600 directory and look at the contents there, you will notice that the
633 You will need your master key for any of the operations below, so you
634 will first need to mount your backup offline storage and tell GnuPG to
668 After you make any changes to your key using the offline storage, you will
752 The merge message will contain something like this::
761 If you are verifying someone else's git tag, then you will need to
788 upstream, even your own PGP commit signatures will end up discarded. For
790 and will ignore signed commits in any external repositories that they
802    signatures will be valuable for such purposes.
857 looking up public keys, GnuPG will validate DNSSEC or TLS certificates,
888 the key changes in the future, the SSH client will alert you and refuse
893 previously imported key and the new key will be marked as invalid and
894 you will need to manually figure out which one to keep.
915 beings. Here are some shortcuts that will help you reduce the risk of