System login with gnupg smartcard (yubikey, p-card, rsa token, etc)
gnupg with poldi can be used for system login. There is a thread asking whether it is possible to use gpg for system login. A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.
User configuration files not created
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it.
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.
How to revoke a key
The accuracy flag indicates that a key cannot be revoked simply uploading a revocation certificate to a key server. But, the GnuPG FAQ does seem to indicate that one can do that :
- If you can’t remember your passphrase, the best thing to do is use your pre-made revocation certificate to revoke your old certificate, upload the revocation to the keyserver network, and start anew with a fresh certificate.
Thus, the current text on the page seems to be correct. But, the manpage does indicate another process (import the revocation certificate into the key and then send the key). -- Rdeckard (talk) 13:31, 23 March 2019 (UTC)
- After doing some tests, you only need the public key to import a revocation certificate. Thus, the wiki is correct. Generate a revocation certificate using your private key. Then if you lose your private key and or passphrase (assuming you backed up the revocation certificate), just retrieve the public key from a keyserver or colleague. Then import your public key and then the revocation certifcate. After that send the now-revoked key to the keyserver and/or colleagues. -- Rdeckard (talk) 13:55, 23 March 2019 (UTC)
- I've made several more edits to clarify how revoking actually works. Please discuss here if it is still unclear or deemed inaccurate. -- Rdeckard (talk) 20:09, 23 March 2019 (UTC)