Re: Migrating to GPG - A mini-HOWTO
Ok, this is a real Mini-HOWTO, please edit and distribute.
Debian GnuPG Mini-Howto
People from debian-devel, Martin Schulze.
Proper format (SGML), proper location (web, ftp)
This Mini-HOWTO is intended to help debian people converting from
using PGP to GnuPG for their work within the Debian Project.
Where is signing done?
. .dsc files are signed
. .changes files are signed
. Mutt is used to read and write mails, partially signed
. Votes are signed
Setting up GnuPG
Here is a sample ~/.gnupg/options file.
# Options for GnuPG
# Unless you you specify which option file to use (with the
# commandline option "--options filename"), GnuPG uses the
# file ~/.gnupg/options by default.
# An option file can contain all long options which are
# available in GnuPG. If the first non white space character of
# a line is a '#', this line is ignored. Empty lines are also
# See the man page for a list of options.
# If you have more than 1 secret key in your keyring, you may want
# to uncomment the following option and set your preffered keyid
# default-key 621CC013
## Compatibility options
# PGPv2/5 compatibility
# digest-algo md5
# Screw PGP, let's be RFC compatible =>
## These extensions have patents or other issues, these are only
# required if you want to use pgp signatures and keys as well. If
# you're only using the free and patent-less GnuPG you don't need
# Not for use in the States
# Patented in much of Europe
## Other fun options
Setting up Mutt
The following configuration will switch from PGP to GnuPG as
default signing method. There are ways both can coexist, though.
# Adjust the PGP method
# Some detailed adjustments
#set pgp_strict_enc # use Q-P encoding when needed for PGP
# Adjust highlighting of good and bad signatures
color body brightyellow black "^(gpg: )?Good signature"
mono body bold "^(gpg: )?Good signature"
color body brightwhite red "^(gpg: )?(Bad|BAD) signature from.*"
mono body bold "^(gpg: )?(Bad|BAD) signature from.*"
Signing .dsc and .changes files
The Debian Installation routine (dinstall) is already prepared to
accept GnuPG keys. Your key has to be included in the keyring.gpg,
though. If this isn't done yet, send it to the keyring maintainer
at firstname.lastname@example.org. If your GnuPG key doesn't have a
proper signature, you should sign that mail using your old PGP key,
so the keyring maintainer can ensure that he's not adding an
Since GnuPG behaves differently to PGP you need to add a newline to
a .dsc file before signing it with GnuPG. The command to sign is
»gpg --clearsign foo.dsc«.
Voting in Debian
Is our UseVote already prepared to accept GnuPG keys?
GNU GPL: "The source will be with you... always."
Please always Cc to me when replying to me on the lists.