Parman - Activate OP_GFY now!! on Nostr: For mini GPG (PGP) tutorial number 2 in the #gpgparman series, we're going to import ...
For mini GPG (PGP) tutorial number 2 in the #gpgparman series, we're going to import Parman's public gpg key into the computer's key ring.
Easy AF and quick (I'll link episode 1 in the thread).
Preamble:
The keyring is just an abstract concept - it's a list of stored public keys (of other people).
The public keys are sort of like Bitcoin addresses with identity information embedded. That person has the private key and can sign with it. You, and anyone, have the public key. The owner would usually widely publish their public key, or share it personally with anyone who requests it.
You (the public) do signature checks for validity with the public key, the same way your Bitcoin node checks the validity of Bitcoin transactions and signatures. A discussion about Bitcoin signing another time. For now, let's just do the acquisition and importing of a public key.
Step 1 - get gpg, the program
Step 2 - get a key
Step 3 - import key
Step 4 - Another time; verify Parman's signature.
STEP 1:
First, you need to have gpg installed. Linux has it by default.
For Mac, download and install GPGsuite, gpgtools.org, click the friendly red download button, install, and uncheck all the bloat, just get a minimal installation.
For Windows, download and install gpg4win - gpg4win.org
STEP 2:
Next, let's get my public key. There are many ways, and for something you're super paranoid about, you could check different sources to make sure you're getting the right key and not an imposter's.
I'll show you the way from a "keyserver" which is analogous to a Bitcoin node that shares data with other nodes and stays in sync, like mempool.space.
Here, keyserver.ubuntu.com, you can enter names or emails and get lists of keys that hit your match.
Go there and enter "armatheparman".
(IMAGE below)
You'll see a database entry for my key. Click the link that starts with "(4) rsa..." - it might open in the browser, or it might download. If it opens in the browser, right-click and save the page to the downloads directory. If it opens in a browser, you can copy all the text and paste it into a text file - save it in the downloads directory for now.
There are other ways to acquire the key, but let's keep it simple.
To look at the key, in the terminal (cmd for Windows), navigate to the downloads directory:
cd ~/Downloads
(For Windows, do cd \users\username\downloads , or if you open a fresh window, simply cd downloads should work)
(~ is a shortcut to /home/username/ on Linux and /Users/username/ on Macs)
Whatever the key file is called, probably "a5613b1902a4e2973f23fc67e7c061d4c5e5bc98.asc", then type
cat a567 <tab> (for windows replace "cat" with "type")
Don't type out <tab> ; that part means after the first few characters of the target filename (a567 for example), hit the <tab> key and the file name will autocomplete - don't type that long file name all out manually - ain't nobody got time for dat.
When you hit enter, the cat program will print the contents of the file. Cat will do that for anything, it's handy.
STEP 3:
Now we import the key to the computer's "key ring", giving it access when needed for verifying signatures.
In the terminal, go to where the file is, presumably downloads. (You can alternatively be anywhere in the file system, but then you have to type the full path of the file, not just its name)
cd ~/Downloads
then
gpg --import thefilename
Alternatively, from anywhere not just where the file is....
gpg --import /home/username/downloads/thefilename
OBVIOUSLY, type in the actual filename not "thefilename" as written (and use the <tab> autocomplete nearly always).
It should print some sort of success command.
Nice.
STEP 4:
Verifying my signature using the public key. Stay tuned for episode 3.
Easy AF and quick (I'll link episode 1 in the thread).
Preamble:
The keyring is just an abstract concept - it's a list of stored public keys (of other people).
The public keys are sort of like Bitcoin addresses with identity information embedded. That person has the private key and can sign with it. You, and anyone, have the public key. The owner would usually widely publish their public key, or share it personally with anyone who requests it.
You (the public) do signature checks for validity with the public key, the same way your Bitcoin node checks the validity of Bitcoin transactions and signatures. A discussion about Bitcoin signing another time. For now, let's just do the acquisition and importing of a public key.
Step 1 - get gpg, the program
Step 2 - get a key
Step 3 - import key
Step 4 - Another time; verify Parman's signature.
STEP 1:
First, you need to have gpg installed. Linux has it by default.
For Mac, download and install GPGsuite, gpgtools.org, click the friendly red download button, install, and uncheck all the bloat, just get a minimal installation.
For Windows, download and install gpg4win - gpg4win.org
STEP 2:
Next, let's get my public key. There are many ways, and for something you're super paranoid about, you could check different sources to make sure you're getting the right key and not an imposter's.
I'll show you the way from a "keyserver" which is analogous to a Bitcoin node that shares data with other nodes and stays in sync, like mempool.space.
Here, keyserver.ubuntu.com, you can enter names or emails and get lists of keys that hit your match.
Go there and enter "armatheparman".
(IMAGE below)
You'll see a database entry for my key. Click the link that starts with "(4) rsa..." - it might open in the browser, or it might download. If it opens in the browser, right-click and save the page to the downloads directory. If it opens in a browser, you can copy all the text and paste it into a text file - save it in the downloads directory for now.
There are other ways to acquire the key, but let's keep it simple.
To look at the key, in the terminal (cmd for Windows), navigate to the downloads directory:
cd ~/Downloads
(For Windows, do cd \users\username\downloads , or if you open a fresh window, simply cd downloads should work)
(~ is a shortcut to /home/username/ on Linux and /Users/username/ on Macs)
Whatever the key file is called, probably "a5613b1902a4e2973f23fc67e7c061d4c5e5bc98.asc", then type
cat a567 <tab> (for windows replace "cat" with "type")
Don't type out <tab> ; that part means after the first few characters of the target filename (a567 for example), hit the <tab> key and the file name will autocomplete - don't type that long file name all out manually - ain't nobody got time for dat.
When you hit enter, the cat program will print the contents of the file. Cat will do that for anything, it's handy.
STEP 3:
Now we import the key to the computer's "key ring", giving it access when needed for verifying signatures.
In the terminal, go to where the file is, presumably downloads. (You can alternatively be anywhere in the file system, but then you have to type the full path of the file, not just its name)
cd ~/Downloads
then
gpg --import thefilename
Alternatively, from anywhere not just where the file is....
gpg --import /home/username/downloads/thefilename
OBVIOUSLY, type in the actual filename not "thefilename" as written (and use the <tab> autocomplete nearly always).
It should print some sort of success command.
Nice.
STEP 4:
Verifying my signature using the public key. Stay tuned for episode 3.