Using GPG in the FSFE
Identity is guaranteed by digital signature, privacy is guaranteed by encryption. To digitally sign and encrypt your e-mail messages with GPG, you need your own GPG keypair, keep your GPG private key safe on your system, and distribute your GPG public key.
In this page you will find basic instructions to create your GPG key and use it in your FSFE-related communications.
If you are new to GPG, or want to know more, you can read an introduction at:
Install required software
To use GPG in your e-mail communication, you need to install:
- GPG itself
Install the gnupg package from your preferred distribution; this will provide the gpg command.
- (optional) A graphical interface to GPG, can be useful for key generation and management
See other graphical interfaces: http://www.gnupg.org/related_software/frontends.en.html#gui
- An e-mail client:
Generate your GPG keypair
If you already have a GPG keypair, you can just add a new user-id to it (using your USERNAME@fsfe.org mail address). But if you prefer to create a separate GPG key to be only used for FSFE, that's fine too.
If you need to create your own keypair, follow these instructions:
- Most of the graphical interfaces listed above provide a guided procedure
You can use the gpg command line tool, as described at: https://www.gnupg.org/gph/en/manual.html#AEN26
As user-id, please use YOURNAME YOURSURNAME <USERNAME@fsfe.org>
- Generate a key with the strongest encryption available to you. This means choosing the largest number of bits when selecting the encryption method (this may be concealed within advanced options of graphical programs).
Share your GPG key
Core team members, GA members and employees are supposed to send their public keys to other members in their respective teams so they can communicate securely with you. Volunteers of others teams could attach their keys to their messages or upload their key to keyservers.
Find out your fingerprint, e.g. ABCDCD00386B3CB26BA123452704E4AB371E2E77, by having a look at the secret keys you own.
- Export your public key to an ascii file; run
gpg -a --export ABCDCD00386B3CB26BA123452704E4AB371E2E77 > yourkey.asc
- It is recommended to upload your key to a keyserver to enable others to fetch your key based on your fingerprint or GPG signature.
gpg --send-key ABCDCD00386B3CB26BA123452704E4AB371E2E77
You are encouraged to have your GPG key verified and signed by other FSFE team members or other GPG users; community meetings or FSFE-related events are usually a good occasion for it.