An opinionated trust-nothing guide to setting up and using PGP keys in a post-Snowden world.
This is written for a threat model of either a nation state or close enough to one. As such is may need more hardware than you expect. Don't let that deter you.
The hardware required can be purchased for less than $150USD. If you have an old computer lying around you can probably use that.
You should follow this guide if you are a programmer, journalist, network administrator or sysadmin, or someone who just uses
Pull Requests are welcome. There's an edit link on every page.
Writing a guide like this, it's hard to cater to all knowledge levels. This guide is written with the following assumptions:
crtl-cwill cancel a running command in terminal
downlet you cycle recent commands
Tailsand other Linux terminals to copy text from the terminal you use
Tailsyou need to be root to access an OpenPGP smartcard (that's the Yubikey)
You should also know that there are known malware programs who's only job is to scan everything it can looking for private keys. These keys are super obvious as they always start with:
-----BEGIN PGP PRIVATE KEY BLOCK-----
So yes, be paranoid about your private key touching any networked computer, it will take barely a second for the key to be exfiltrated, and rendered insecure. And you will likely never know if this has actually happened.
After completing this guide you will be able to:
decryptfiles and emails encrypted with your public key,
signfiles, text and other peoples public keys
authenticateyourself using PGP