Lines Matching full:your

66 Your distro should already have GnuPG installed by default, you just
92 You can put that in your ``.bashrc`` to make sure it's always the case.
111 edit your ``~/.gnupg/gpg-agent.conf`` file to set your own values::
120     beginning of your shell session. You may want to check your rc files
127 You will need to regularly refresh your keyring in order to get the
133 Check the full path to your ``gpg`` or ``gpg2`` command and use the
138 Protect your master PGP key
146 You should also make a new key if your current one is weaker than 2048 bits
169    lose your private subkey, it cannot be recreated from the master key
186 If you used the default parameters when generating your key, then that
195 Any key carrying the **[C]** capability is your master key, regardless
198 The long line under the ``sec`` entry is your key fingerprint --
202 Ensure your passphrase is strong
205 GnuPG uses passphrases to encrypt your private keys before storing them on
206 disk. This way, even if your ``.gnupg`` directory is leaked or stolen in
207 its entirety, the attackers cannot use your private keys without first
210 It is absolutely essential that your private keys are protected by a
218 Our goal is to protect your master key by moving it to offline media, so
225 your new subkey::
237     recommend that you create an ECC signing subkey for your kernel
247 Back up your master key for disaster recovery
250 The more signatures you have on your PGP key from other developers, the
254 The best way to create a printable hardcopy of your private key is by
260 Run the following command to create a hardcopy backup of your private
266 pen and write your passphrase on the margin of the paper. **This is
272 and store in a secure and well-protected place, preferably away from your
273 home, such as your bank vault.
277     Your printer is probably no longer a simple dumb device connected to
278     your parallel port, but since the output is still encrypted with
279     your passphrase, printing out even to "cloud-integrated" modern
281     change the passphrase on your master key immediately after you are
284 Back up your whole GnuPG directory
291 It is important to have a readily available backup of your PGP keys
294 on these external copies whenever you need to use your Certify key --
295 such as when making changes to your own key or signing other people's
300 -- refer to your distro's documentation on how to accomplish this.
302 For the encryption passphrase, you can use the same one as on your
306 sure it gets properly mounted. Copy your entire ``.gnupg`` directory
322 Remove the master key from  your homedir
334 Protecting your key with a good passphrase greatly helps reduce the risk
337 recommended setup is to remove your master key from your home directory
343     your GnuPG directory in its entirety. What we are about to do will
344     render your key useless if you do not have a usable backup!
346 First, identify the keygrip of your master key::
362 master key fingerprint). This will correspond directly to a file in your
393 If you do not have a ``~/.gnupg/private-keys-v1.d`` directory, then your
395 GnuPG v1. Making any changes to your key, such as changing the
400 file, which still contains your private keys.
408 subkeys are still in your home directory. Anyone who manages to get
409 their hands on those will be able to decrypt your communication or fake
410 your signatures (if they know the passphrase). Furthermore, each time a
415 The best way to completely protect your keys is to move them to a
436 Unless all your laptops and workstations have smartcard readers, the
453 others. Your choice will depend on cost, shipping availability in your
469 Configure your smartcard device
472 Your smartcard device should Just Work (TM) the moment you plug it into
483 To configure your smartcard, you will need to use the GnuPG menu system, as
500 additionally leak information about your smartcard should you lose it.
513 Move the subkeys to your smartcard
517 your subkeys onto the smartcard. You will need both your PGP key
555     Your selection? 2
558 slot.  When you submit your selection, you will be prompted first for
559 your PGP key passphrase, and then for the admin PIN. If the command
560 returns without an error, your key has been moved.
571     Your selection? 1
575 again, if your command returns without an error, then the operation was
581 Saving the changes will delete the keys you moved to the card from your
599 available on the smartcard. If you go back into your secret keys
618 This should ask for your smartcard PIN on your first command, and then
622 steal your digital developer identity!
628 with your PGP key.
630 Mounting your master key offline storage
633 You will need your master key for any of the operations below, so you
634 will first need to mount your backup offline storage and tell GnuPG to
642 your regular home directory location).
651 To extend the expiration on your key by a year from current date, just
657 your birthday, January 1st, or Canada Day)::
665 Updating your work directory after any changes
668 After you make any changes to your key using the offline storage, you will
669 want to import these changes back into your regular working directory::
677 You can forward your gpg-agent over ssh if you need to sign tags or
693 repository is cloned to your system, you have full history of the
707 impersonate you without having access to your PGP keys.
711 Configure git to use your PGP key
714 If you only have one secret key in your keyring, then you don't really
715 need to do anything extra, as it becomes your default key.  However, if
717 should be used (``[fpr]`` is the fingerprint of your key)::
787 signatures. Furthermore, when rebasing your repository to match
788 upstream, even your own PGP commit signatures will end up discarded. For
793 However, if you have your working git tree publicly available at some
795 then the recommendation is that you sign all your git commits even if
803 2. If you ever need to re-clone your local repository (for example,
805    integrity before resuming your work.
806 3. If someone needs to cherry-pick your commits, this allows them to
842 developers' public keys, then you can jumpstart your keyring by relying
845 the prospect of starting your own Web of Trust from scratch is too
848 Add the following to your ``~/.gnupg/gpg.conf``::
858 respectively, before adding auto-retrieved public keys to your local
862 accounts. Once you have the above changes in your ``gpg.conf``, you can
869 UID to your key`_ to make WKD more useful to other kernel developers.
871 .. _`add the kernel.org UID to your key`: https://korg.wiki.kernel.org/userdoc/mail#adding_a_kernel…
879 various software makers dictating who should be your trusted certifying
939 have on your keyring::
955 that it is a valid key. You can add it to your keyring from the
963 do not carefully maintain your own web of trust, then it is a marked