initial migration to test org-mode

1 files changed, 0 insertions, 313 deletions

diff --git a/content/blog/2022-07-14-gnupg.md b/content/blog/2022-07-14-gnupg.md
deleted file mode 100644
index 229e1c6..0000000
--- a/content/blog/2022-07-14-gnupg.md
+++ /dev/null
@@ -1,313 +0,0 @@
-+++
-date = 2022-07-14
-title = "GNU Privacy Guard (GPG)"
-description = "Learn how to create a PGP key with GNU Privacy Guard (GPG)."
-+++
-
-## The History of GPG
-
-[GNU Privacy Guard](https://gnupg.org/), also known as GnuPG and GPG, is
-a free ("free" as in both speech and beer) software that fully
-implements the OpenPGP Message Format documented in [RFC
-4880](https://www.rfc-editor.org/rfc/rfc4880).
-
-I won't go in-depth on the full history of the software in this post,
-but it is important to understand that GPG is not the same as PGP
-(Pretty Good Privacy), which is a different implementation of RFC 4880.
-However, GPG was designed to interoperate with PGP.
-
-GPG was originally developed in the late 1990s by [Werner
-Koch](https://en.wikipedia.org/wiki/Werner_Koch) and has historically
-been funded generously by the German government.
-
-Now that we have all the high-level info out of the way, let's dive
-into the different aspects of GPG and its uses.
-
-## Encryption Algorithms
-
-GPG supports a wide range of different encryption algorithms, including
-public-key, cipher, hash, and compression algorithms. The support for
-these algorithms has grown since the adoption of the Libgcrypt library
-in the 2.x versions of GPG.
-
-As you will be able to see below in an example of a full key generation
-with the GPG command line tool, GPG recommends the following algorithms
-to new users:
-
-```sh
-Please select what kind of key you want:
-   (1) RSA and RSA
-   (2) DSA and Elgamal
-   (3) DSA (sign only)
-   (4) RSA (sign only)
-   (9) ECC (sign and encrypt) *default*
-  (10) ECC (sign only)
-```
-
-I am not doing an in-depth explanation here in order to keep the focus
-on GPG and not encryption algorithms. If you want a deep dive into
-cryptography or encryption algorithms, please read my other posts:
-
--   [AES Encryption](/blog/aes-encryption/) (2018)
--   [Cryptography Basics](/blog/cryptography-basics/) (2020)
-
-### Vulnerabilities
-
-As of 2022-07-14, there are a few different vulnerabilities associated
-with GPG or the libraries it uses:
-
--   GPG versions 1.0.2--1.2.3 contains a bug where "as soon as one
-    (GPG-generated) ElGamal signature of an arbitrary message is
-    released, one can recover the signer's private key in less than a
-    second on a PC."
-    ([Source](https://www.di.ens.fr/~pnguyen/pub_Ng04.htm))
--   GPG versions prior to 1.4.2.1 contain a false positive signature
-    verification bug.
-    ([Source](https://lists.gnupg.%20org/pipermail/gnupg-announce/2006q1/000211.html))
--   GPG versions prior to 1.4.2.2 cannot detect injection of unsigned
-    data. (
-    [Source](https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000218.html))
--   Libgcrypt, a library used by GPG, contained a bug which enabled full
-    key recovery for RSA-1024 and some RSA-2048 keys. This was resolved
-    in a GPG update in 2017.
-    ([Source](https://lwn.net/Articles/727179/))
--   The [ROCA
-    Vulnerability](https://en.wikipedia.org/wiki/ROCA_vulnerability)
-    affects RSA keys generated by YubiKey 4 tokens.
-    ([Source](https://crocs.fi.%20muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf))
--   The [SigSpoof Attack](https://en.wikipedia.org/wiki/SigSpoof) allows
-    an attacker to spoof digital signatures.
-    ([Source](https://arstechnica.%20com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/))
--   Libgcrypt 1.9.0 contains a severe flaw related to a heap buffer
-    overflow, fixed in Libgcrypt 1.9.1
-    ([Source](https://web.archive.%20org/web/20210221012505/https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/))
-
-## Platforms
-
-Originally developed as a command-line program for *nix systems, GPG
-now has a wealth of front-end applications and libraries available for
-end-users. However, the most recommended programs remain the same:
-
--   [GnuPG](https://gnupg.org) for Linux (depending on distro)
--   [Gpg4win](https://gpg4win.org) for Windows
--   [GPGTools](https://gpgtools.org) for macOS
-
-## Creating a Key Pair
-
-In order to create a GPG key pair, a user would first need to install
-GPG on their system. If we're assuming that the user is on Fedora
-Linux, they would execute the following:
-
-```sh
-sudo dnf install gpg
-```
-
-Once installed, a user can create a new key pair with the following
-command(s):
-
-```sh
-gpg --full-generate-key
-```
-
-GPG will walk the user through an interactive setup that asks for an
-algorithm preference, expiration date, name, and email to associate with
-this key.
-
-See the following example key set-up for a default key generation using
-the GnuPG command-line interface:
-
-```sh
-gpg (GnuPG) 2.3.6; Copyright (C) 2021 Free Software Foundation, Inc.
-This is free software: you are free to change and redistribute it.
-There is NO WARRANTY, to the extent permitted by law.
-
-Please select what kind of key you want:
-   (1) RSA and RSA
-   (2) DSA and Elgamal
-   (3) DSA (sign only)
-   (4) RSA (sign only)
-   (9) ECC (sign and encrypt) *default*
-  (10) ECC (sign only)
-  (14) Existing key from card
-Your selection? 9
-Please select which elliptic curve you want:
-   (1) Curve 25519 *default*
-   (4) NIST P-384
-Your selection? 1
-Please specify how long the key should be valid.
-         0 = key does not expire
-      <n>  = key expires in n days
-      <n>w = key expires in n weeks
-      <n>m = key expires in n months
-      <n>y = key expires in n years
-Key is valid for? (0) 0
-Key does not expire at all
-Is this correct? (y/N) y
-
-GnuPG needs to construct a user ID to identify your key.
-
-Real name: John Doe
-Email address: johndoe@example.com
-Comment: test key
-You selected this USER-ID:
-    "John Doe (test key) <johndoe@example.com>"
-
-Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
-We need to generate a lot of random bytes. It is a good idea to perform
-some other action (type on the keyboard, move the mouse, utilize the
-disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
-We need to generate a lot of random bytes. It is a good idea to perform
-some other action (type on the keyboard, move the mouse, utilize the
-disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
-gpg: revocation certificate stored as 'example.rev'
-public and secret key created and signed.
-
-pub   ed25519 2022-07-14 [SC]
-      E955B7700FFC11EF51C2BA1FE096AACDD4C32E9C
-uid                      John Doe (test key) <johndoe@example.com>
-sub   cv25519 2022-07-14 [E]
-```
-
-Please note that GUI apps may differ slightly from the GPG command-line
-interface.
-
-## Common Usage
-
-As noted in RFC 4880, the general functions of OpenPGP are as follows:
-
--   digital signatures
--   encryption
--   compression
--   Radix-64 conversion
--   key management and certificate services
-
-From this, you can probably gather that the main use of GPG is for
-encrypting data and/or signing the data with a key. The purpose of
-encrypting data with GPG is to ensure that no one except the intended
-recipient(s) can access the data.
-
-Let's explore some specific GPG use-cases.
-
-### Email
-
-One of the more popular uses of GPG is to sign and/or encrypt emails.
-With the use of a GPG keypair, you can encrypt a message, its subject,
-and even the attachments within.
-
-The first process, regarding the signing of a message without any
-encryption, is generally used to provide assurance that an email is
-truly coming from the sender that the message claims. When I send an
-email, and it's signed with my public key, the recipient(s) of the
-message can verify that the message was signed with my personal key.
-
-The second process, regarding the actual encryption of the message and
-its contents, works by using a combination of the sender's keys and the
-recipient's keys. This process may vary slightly by implementation, but
-it most commonly uses asymmetric cryptography, also known as public-key
-cryptography. In this version of encryption, the sender's private key
-to sign the message and a combination of the sender's keys and the
-recipient's public key to encrypt the message.
-
-If two people each have their own private keys and exchange their public
-keys, they can send encrypted messages back and forth with GPG. This is
-also possible with symmetric cryptography, but the process differs since
-there are no key pairs.
-
-Implementation of email encryption varies greatly between email clients,
-so you will need to reference your email client's documentation to
-ensure you are setting it up correctly for that specific client.
-
-### File Encryption
-
-As noted in the section above regarding emails, GPG enables users to be
-able to send a message to each other if they are both set-up with GPG
-keys. In this example, I am going to show how a user could send a file
-called `example_file.txt` to another user via the
-recipient's email.
-
-The sender would find the file they want to send and execute the
-following command:
-
-```sh
-gpg --encrypt --output example_file.txt.gpg --recipient \
-recipient@example.com example_file.txt
-```
-
-Once received, the recipient can decrypt the file with the following
-command:
-
-```sh
-gpg --decrypt --output example_file.txt example_file.txt.gpg
-```
-
-### Ownership Signatures
-
-One important aspect of GPG, especially for developers, is the ability
-to sign data without encrypting it. For example, developers often sign
-code changes when they commit the changes back to a central repository,
-in order to display ownership of who made the changes. This allows other
-users to look at a code change and determine that the change was valid.
-
-In order to do this using [Git](https://git-scm.com), the developer
-simply needs to alter the `git commit` command to include the
-`-S` flag. Here's an example:
-
-```sh
-git commit -S -m "my commit message"
-```
-
-As an expansion of the example above, Git users can configure their
-environment with a default key to use by adding their GPG signature:
-
-```sh
-git config --global user.signingkey XXXXXXXXXXXXXXXX
-```
-
-If you're not sure what your signature is, you can find it titled
-`sig` in the output of this command:
-
-```sh
-gpg --list-signatures
-```
-
-### File Integrity
-
-When a person generates a signature for data, they are allowing users
-the ability to verify the signature on that data in the future to ensure
-the data has not been corrupted. This is most common with software
-applications hosted on the internet - developers provide signatures so
-that users can verify a website was not hijacked and download links
-replaced with dangerous software.
-
-In order to verify signed data, a user needs to have:
-
-1.  The signed data
-2.  A signature file
-3.  The public GPG key of the signer
-
-Once the signer's public key is imported on the user's system, and
-they have the data and signature, they can verify the data with the
-following commands:
-
-```sh
-# If the signature is attached to the data
-gpg --verify [signature-file]
-
-# If the signature is detached as a separate file from the data
-gpg --verify [signature-file] [original-file]
-```
-
-## Finding Public Keys
-
-In order to use GPG with others, a user needs to know the other user(s)
-keys. This is easy to do if the user knows the other user(s) in person,
-but may be hard if the relationship is strictly digital. Luckily, there
-are a few options. The first option is to look at a user's web page or
-social pages if they have them.
-
-Otherwise, the best option is to use a keyserver, such as:
-
--   [pgp.mit.edu](https://pgp.mit.edu)
--   [keys.openpgp.org](https://keys.openpgp.org)