notes on GPG for herbline
=========================

Algorithms:

Public key:
   RSA
   RSA-E
   ELG     El Gamal?
   ELG-E

Private key:
   3DES
   BLOWFISH

Hash:
   MD5
   SHA1

(etc)


Need to know commands for:

(1) generate keypair for herbivore

(2) store someone's public key in a database, indexed on
their email address

(3) access a public key given an email address

(4) perform encryption

(5) perform decryption

(6) list all in public keyring


Commands

gpg --gen-key
~~~~~~~~~~~~~
to generate a public/private key pair
by default uses DSA and El Gamal
   
A keypair is associated with a User ID. This has 3 components:
name, comment, and email address. Therefore a user can 
have more than one keypair, by using different Comments.
   
(Use comment value of "herbivore" for herbline?)
   
 
gpg --list-keys
~~~~~~~~~~~~~~~
lists both public and secret keys you have, in human-readable
format. Keys are stored in file ~/ .gnupg/pubring.gpg


gpg --export <key's-User-ID>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Outputs the public key, for the User ID. Output goes to stdout
as binary data. There are options to ascii-Armor it and send to
a file, e.g:

   gpg --armor --output ph.gpg --export "Philip Hunt" 


(used this with Demo User)


gpg --import blake.gpg
~~~~~~~~~~~~~~~~~~~~~~
Imports a public key. This includes the identity, apparently.


gpg --encrypt 
~~~~~~~~~~~~~
Does encryption, using someone else's public key, e.g.:

  gpg --output doc.gpg --encrypt --recipient blake@cyb.org plaintext
   
   
gpg --decrypt
~~~~~~~~~~~~~
Does decryption   


Generating keys in batch mode. (For details about this, see
file /usr/share/doc/packages/gpg/DETAILS).

gpg --batch --gen-key -a foo

where foo contains e.g:

------------begin-------------
%secring sec_keys.gpg
%pubring pub_keys.gpg
Key-Type: 20
Name-Real: Philip Hunt
Name-Comment: herbivore
Name-Email: philh@comuno.freeserve.co.uk 
%commit
...add some stuff here to get extra entropy...
-------------end--------------


GPG options
===========

--batch
run in batch mode

--no-default-keyring
don't use a default keyring (often used with the below)

--keyring <file>
define which keyring to use

--secret-keyring <file>


;end
