System login with gnupg smartcard (yubikey, p-card, rsa token, etc)
gnupg with poldi can be used for system login. There is a thread asking whether it is possible to use gpg for system login. A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.
User configuration files not created
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it.
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.
The keys used for encryption and signatures
GnuPG#Signatures states that
Unlike encryption which uses public keys to encrypt a document, signatures are created with the user's private key.
Isn't it misleading? Doesn't the user encrypt his document with his private key too?
- No, the according section is correct. Asymmetric cryptography works by having two keys, each being able to decrypt messages which were encrypted by the other one.
- Hence you would encrypt a message which you want to send to person A with A 's public key, thereby enabling only A to decrypt the content with her private key. However if you want to ensure others that you send the message, one would encrypt it with the private key and therefore enabling anyone to validate it by using your public key.
- Encrypting documents with your private key would allow anyone to decrypt them with your public key.
- I highly recommend you to read the above linked Wikipedia article to get a better understanding of GPG. -- Edh (talk) 09:29, 29 May 2017 (UTC)