Return to note index?

Quick GPG notes where I may find them

Automaattinen sisällysluettelo / Automatically generated Table of Contents

Ed25519 (or future default) key creation

To create an Ed25519 key, or whatever will be the default version in the future as defined by your GPG version:

gpg2 --quick-gen-key address@domain.example future-default

Note the keyid and edit it

gpg2 --edit-key KEYID
adduid # here fill your name and details as asked no comments\*
1 # to select the uid the first command generated
deluid # to delete the uid which doesn't contain your name

* OpenPGP User ID Comments considered harmful by dkg on (via

Then you are ready to publish the public key however you generally publish it, preferably in multiple places from where some recognise revokation certificates if the time ever comes.

NOTE: You can extend the expiry time of an expired gpg signature by issuing the expire command in --edit-key and the key is valid again when the update is reimported to gpg keyrings by other people.


To publish the key keybase pgp select --multi (where multi is required for multiple PGP keys per account) and to submit changes to it, keybase pgp update --all (where –all is again necessary only if you have multiple keys).

Debian: sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin

Load plugins from Configuration (menu) –> Plugins –> Load, they are all somewhere in /usr/lib/x86_64-linux-gnu/claws-mail/plugins or similar path.

It wants to read ~/.signature which I have like:

Aminda Suomalainen
69FF 455A 869F 9031 A691  E0F1 9939 2F62 BAE3 0723

My other hats have like:

Aminda Suomalainen
position, where, wwwpage
email address
xxx xxx xxxx
xxxx xxxx xxxx xxxx xxxx  xxxx xxxx xxxx xxxx xxxx

Note the empty line in the end, as PGP/INLINE is the way to sign emails, it the PGP signature comes after it and in my opinion looks a bit cleaner with the signature ending to an empty line.


Setting up GPG WKD (Web Key Directory), mostly stripped/adjusted from Matt Rude whose page is NXDOMAIN and not in Wayback Machine. What I find is pointers to 1 2 3

Requires a control over domain/.well-known and email under that domain.

  1. cd into site root
  2. mkdir -p .well-known/openpgpkey/hu
  3. touch .well-known/openpgpkey/policy
  4. gpg --list-keys --with-wkd <search-that-matches-your-key>
  5. gpg --no-armor --export <YourKeyID> > .well-known/openpgpkey/hu/<YourWKD>
  6. repeat 5. for +git address and similar if applicable
  7. in Jekyll _config.yml ensure existence of include: [.well-known] if applicable.
  8. deploy
  9. test with gpg -v --auto-key-locate clear,wkd,nodefault --locate-key

NOTE: The empty policy goes to the openpgpkey directory, not hu (I initially failed at this part)

NOTE: only one key/WKD/email.


Keyoxide can use PGP keys as profiles and looks at their notations. Useful commands in gpg --edit-key "key fingerprint here":

Don’t forget to gpg --keyserver hkps:// --send-keys "your keyid here" !

Keyoxide docs

Return to note index?

Dear reader, you may be missing a content blocker! 🙀 Please consider installing one to protect yourself, and your close ones, from manipulation and targeted malvertising! Personally I love both Privacy Badger and uBlock Origin (with EFF DNT Policy Allowlist) together, while AdNauseam alone would be more direct protest tool to oppose how the internet is nowadays. Android users may be better served by Rethink while for iOS there is AdGuard. Learn more about targeted advertising! PS. I am sorry if you are already protected and this silly EasyList targeting(?) script doesn't detect that, thank you for taking the steps towards a safer internet! 💜