Resources#

Documentation#

The official documentation for GnuPG

The GnuPG Blog is a good place to check for new posts.

The offical mailing lists (especially the gnupg-users list) is a good place to read or participate in discussions.

The specification is RFC-4880 and is worth a read for all the details.

Configuration options for GnuPG

Esoteric options for GnuPG

Third Party Resources#

The Call of the Open Sidewalk has a full section called PGP FAN with many interesting and informational articles.

Books#

O’Reilly published PGP: Pretty Good Privacy in 1995. (ISBN-10: 1565920988 / ISBN-13: 978-1565920989)

No Starch Press published PGP & GPG: Email for the Practical Paranoid in 2006. ( ISBN-10: 1593270712 / ISBN-13: 978-1593270711 )

Guides#

The Debian Wiki entry on GnuPG offers some good advice. There are additional pages on subkeys and offline master keys worth reading.

Alex Cabal has a guide called Creating the Perfect GPG Keypair that is a great starting point.

The drduh YubiKey Guide is a great resource for hardware keys. Some recommended settings are now default in more recent versions of GnuPG.

DEPRECATED - riseup.net OpenPGP Best Practices

Signing keys guide with single/multiple UIDs.

Importing signatures from Keyservers (SKS)#

Note

WKD is now suggested for hosting your own key pairs.

It’s broke. Basically, see the stackexchange question here and the follow-up answers. GnuPG release 2.2.17 ignores all key-signatures received from keyservers. There are some distributions that have patched this out.

Use something along the lines of the following to override if it hasn’t been patched out on your distribution:

$ gpg2 --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xDEADBEEFCAFEBABE

Keyservers#

  • http://keys.gnupg.net

  • https://keys.openpgp.org

  • https://keyserver.ubuntu.com

  • https://pgp.mit.edu

  • https://keybase.io

  • https://keyoxide.org