Weblog for dkg – HOWTO prep for migration off of SHA-1 in OpenPGP

In a nutshell:

Either, enter the following into a terminal…,

cat >>~/.gnupg/gpg.conf <<EOF
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
EOF

…or open gpg.conf in any text editor of your choice.

And then…,

## As I am on windows these days,
#  gpg4win
## I had to open a cmd, and use gpg2 instead of just gpg.
gpg --edit-key $YourKeyID
# To show your prefs.
showpref
# To set your new prefs.
setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

Tada, and Bob’s your uncle. 🙂

via Weblog for dkg – HOWTO prep for migration off of SHA-1 in OpenPGP.

Better late, than never. 😉

How to configure gpg to enter passphrase only once per session ?

Reblogging : Because the following has made my life — at the console, and beyond — a lot easier. 😉

How to configure gpg to enter passphrase only once per session

  1. Install gpg-agent and pinentry program :
    sudo apt-get install gnupg-agent pinentry-curses
  2. Add the lines below to ~/.profile. Any POSIX-confirming shell should include this file.

# Invoke GnuPG-Agent the first time we login.
# Does `~/.gpg-agent-info' exist and points to gpg-agent process accepting signals?
if test -f $HOME/.gpg-agent-info && \
    kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
    GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info | cut -c 16-`
else
    # No, gpg-agent not available; start gpg-agent
    eval `gpg-agent --daemon --no-grab --write-env-file $HOME/.gpg-agent-info`
fi
export GPG_TTY=`tty`
export GPG_AGENT_INFO

This little script will be activated when you login. If the agent is not running, it will be started. When the agent is started, it shows how to set environment variables in order to connect to it. The script saves these values in ~/.gpg-agent-info, so that when you start another login session the script can setup the variables correctly and thus use the agent.

You will only have to enter your passphrase once per boot. The agent will store your keys in memory, so you don’t have to enter the passphrase again.

Target : Self.

PS : Often, while I’m chasing for solutions — to this, or that problem — I “ forget ” to make notes. Yes — it’s a bad habit — I know. Point being : Me being focused, on fixing what lies in front of me. Which after all, is what I wanted to do.