The only reason I know the little I do is purely through making mistake :) I went through heaps of keys myself (I forget why) before I finally settled on my current one.
#Gpg suite ios password#
That wouldn't do anything to get your password back though, it would just signal to anyone looking up your key, that they shouldn't trust it.Īnyway, that was a bit of a tangent but the best way to learn is to just play around with GPG keys. But whats more, it delivers enterprise-grade email security in a way legacy tools just cant. From what it says on the tin, I imagine you can keep that safe and if you did lose your key, use it to tell any of the popular key servers that it's gone.
#Gpg suite ios android#
Using Mailvelope on mobile devices with the Android or iOS operating systems isnt possible at the moment. I didn't realize until I looked it up just now but you can apparently generate a revocation certificate, separate from your key. Can I use GnuPG backend instead of OpenPGP.js. Presumably I'd lose all of my passwords but once again, that's no different than the single master password setup of those cloud based password managers. At least losing the key would be my fault, and not that of a third party I suppose. Once again, no different than any other password manager. I would still own my email account so I'd still be able to reset the majority of my passwords.Īctually, I don't know my email password (since it's randomly generated) so I'd have to cross my fingers and hope the attacker hasn't revoked any of my sessions. Personally, I have no strong investment in my GPG key, nor am I someone well known so this would have little to no effect beyond being a big annoyance. Presumably they could take all of my passwords and sign my Git commits as if they were me. > What would happen if someone got your gpg key? For my android device, I have to do it once every restart but after that, a process keeps my "store" open for example. It may also require entering your password anywhere from everytime to never depending on your settings. > Does your setup require copying the same key to each device? I would have thought it'd be much more painful with all the GPG nonsense in play! Pass on my iPad is quite literally just a pull to refresh. Whether that's a good idea security wise aside, it works fairly seamlessly. Similarly, Pass automatically encrypts and decrypts everything without my interaction.
I think I saved my password to my laptops keychain so it automatically signs my commits without my interaction. Once I imported my keys (public + private) into each application, I never really had to touch them again.Īs I mentioned, I use my GPG key for signing my commits. Phew, that's a lotta apps but you can just pick and choose whatever you prefer. Personally, I use OpenKeychain on Android, Kleopatra on Linux, GPG Suite on macOS and Pass for iOS/iPadOS I don't use mine for anything more than signing commits and (rarely) encrypting secrets
The nature of them having to remain secret, makes managing them a bit confusing.
I think GPG keys get a lot of flack for not being the most user friendly thing and probably fair enough.