In most cases people publish their GPG Key on a key server which (typically) syncs keys with other key servers. Yesterday I learned that there’s an other option: When you are in control of a DNS server you can publish your key (or more specifically: a pointer to that key) in a DNS TXT record. So what you’re doing is the following: you export your public key to a file, preferably ASCII armored Read more

Yesterday I discussed with somebody that it would be cool to use encfs on a folder shared with several people. The word “folder” can be understood as a Samba share, a Subversion repository, or a Dropbox. Obviously, the show stopper here is the exchange of the symmetric key needed by encfs. So let’s use our GnuPG keys! The idea of the script is as follows: generate a symmetric key $encfsKey for encfs using /dev/urandom wrap $encfsKey using GnuPG; the $receivers variable holds the IDs of all people that should be allowed to decrypt $encfsKey (the folder) plus your own ID (you also want to decrypt! Read more

Again some notes, mostly for myself… I wanted to update my both (private/office) 2048-bit GPG keys to a (single) 4096-bit key. Here are some handy commands. Start with generating a new key: gpg --gen-key Select a RSA/RSA 4096 bit key… Edit your new key, add all mail addresses you need. Also set your preferred hash and crypto algorithms. gpg --edit-key NEWKEYID > adduid > ... > setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed > quit Make a backup of your new key… Read more

Recently I’m playing a little with GnuPG and I wanted to document some things, mostly for myself… GnuPG on Macs It seems that GnuPG version 2 available in Homebrew is broken. Instead use MacGPG2. If you do not want to compile this by yourself, there is also a handy installer available, which comes with a plugin for Apple Mail and a graphical tool for key management. Command Line Voodoo Creating a signature of a file (= create hash value of file + encrypting hash value with own private key): Read more