1 files changed, 40 insertions, 40 deletions

diff --git a/content/blog/2022-07-14-gnupg.md b/content/blog/2022-07-14-gnupg.md
index 8daba99..77e0623 100644
--- a/content/blog/2022-07-14-gnupg.md
+++ b/content/blog/2022-07-14-gnupg.md
@@ -47,45 +47,45 @@ I am not doing an in-depth explanation here in order to keep the focus on GPG
 and not encryption algorithms. If you want a deep dive into cryptography or
 encryption algorithms, please read my other posts:
 
-- [AES Encryption](../aes-encryption/) (2018)
-- [Cryptography Basics](../cryptography-basics/) (2020)
+-   [AES Encryption](../aes-encryption/) (2018)
+-   [Cryptography Basics](../cryptography-basics/) (2020)
 
 ## Vulnerabilities
 
 As of 2022-07-14, there are a few different vulnerabilities associated with GPG
 or the libraries it uses:
 
-- GPG versions 1.0.2--1.2.3 contains a bug where "as soon as one
-  (GPG-generated) ElGamal signature of an arbitrary message is released, one can
-  recover the signer's private key in less than a second on a PC."
-  ([Source](https://www.di.ens.fr/~pnguyen/pub_Ng04.htm))
-- GPG versions prior to 1.4.2.1 contain a false positive signature verification
-  bug.
-  ([Source](https://lists.gnupg.%20org/pipermail/gnupg-announce/2006q1/000211.html))
-- GPG versions prior to 1.4.2.2 cannot detect injection of unsigned data. (
-  [Source](https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000218.html))
-- Libgcrypt, a library used by GPG, contained a bug which enabled full key
-  recovery for RSA-1024 and some RSA-2048 keys. This was resolved in a GPG
-  update in 2017. ([Source](https://lwn.net/Articles/727179/))
-- The [ROCA Vulnerability](https://en.wikipedia.org/wiki/ROCA_vulnerability)
-  affects RSA keys generated by YubiKey 4 tokens.
-  ([Source](https://crocs.fi.%20muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf))
-- The [SigSpoof Attack](https://en.wikipedia.org/wiki/SigSpoof) allows an
-  attacker to spoof digital signatures.
-  ([Source](https://arstechnica.%20com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/))
-- Libgcrypt 1.9.0 contains a severe flaw related to a heap buffer overflow,
-  fixed in Libgcrypt 1.9.1
-  ([Source](https://web.archive.%20org/web/20210221012505/https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/))
+-   GPG versions 1.0.2--1.2.3 contains a bug where "as soon as one
+    (GPG-generated) ElGamal signature of an arbitrary message is released, one
+    can recover the signer's private key in less than a second on a PC."
+    ([Source](https://www.di.ens.fr/~pnguyen/pub_Ng04.htm))
+-   GPG versions prior to 1.4.2.1 contain a false positive signature
+    verification bug.
+    ([Source](https://lists.gnupg.%20org/pipermail/gnupg-announce/2006q1/000211.html))
+-   GPG versions prior to 1.4.2.2 cannot detect injection of unsigned data. (
+    [Source](https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000218.html))
+-   Libgcrypt, a library used by GPG, contained a bug which enabled full key
+    recovery for RSA-1024 and some RSA-2048 keys. This was resolved in a GPG
+    update in 2017. ([Source](https://lwn.net/Articles/727179/))
+-   The [ROCA Vulnerability](https://en.wikipedia.org/wiki/ROCA_vulnerability)
+    affects RSA keys generated by YubiKey 4 tokens.
+    ([Source](https://crocs.fi.%20muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf))
+-   The [SigSpoof Attack](https://en.wikipedia.org/wiki/SigSpoof) allows an
+    attacker to spoof digital signatures.
+    ([Source](https://arstechnica.%20com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/))
+-   Libgcrypt 1.9.0 contains a severe flaw related to a heap buffer overflow,
+    fixed in Libgcrypt 1.9.1
+    ([Source](https://web.archive.%20org/web/20210221012505/https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/))
 
 ### Platforms
 
-Originally developed as a command-line program for *nix systems, GPG now has a
+Originally developed as a command-line program for \*nix systems, GPG now has a
 wealth of front-end applications and libraries available for end-users. However,
 the most recommended programs remain the same:
 
-- [GnuPG](https://gnupg.org) for Linux (depending on distro)
-- [Gpg4win](https://gpg4win.org) for Windows
-- [GPGTools](https://gpgtools.org) for macOS
+-   [GnuPG](https://gnupg.org) for Linux (depending on distro)
+-   [Gpg4win](https://gpg4win.org) for Windows
+-   [GPGTools](https://gpgtools.org) for macOS
 
 # Creating a Key Pair
 
@@ -170,11 +170,11 @@ interface.
 
 As noted in RFC 4880, the general functions of OpenPGP are as follows:
 
-- digital signatures
-- encryption
-- compression
-- Radix-64 conversion
-- key management and certificate services
+-   digital signatures
+-   encryption
+-   compression
+-   Radix-64 conversion
+-   key management and certificate services
 
 From this, you can probably gather that the main use of GPG is for encrypting
 data and/or signing the data with a key. The purpose of encrypting data with GPG
@@ -195,10 +195,10 @@ public key, the recipient(s) of the message can verify that the message was
 signed with my personal key.
 
 The second process, regarding the actual encryption of the message and its
-contents, works by using a combination of the sender's keys and the
-recipient's keys. This process may vary slightly by implementation, but it most
-commonly uses asymmetric cryptography, also known as public-key cryptography. In
-this version of encryption, the sender's private key to sign the message and a
+contents, works by using a combination of the sender's keys and the recipient's
+keys. This process may vary slightly by implementation, but it most commonly
+uses asymmetric cryptography, also known as public-key cryptography. In this
+version of encryption, the sender's private key to sign the message and a
 combination of the sender's keys and the recipient's public key to encrypt the
 message.
 
@@ -275,8 +275,8 @@ In order to verify signed data, a user needs to have:
 2.  A signature file
 3.  The public GPG key of the signer
 
-Once the signer's public key is imported on the user's system, and they have
-the data and signature, they can verify the data with the following commands:
+Once the signer's public key is imported on the user's system, and they have the
+data and signature, they can verify the data with the following commands:
 
 ```sh
 # If the signature is attached to the data
@@ -296,5 +296,5 @@ them.
 
 Otherwise, the best option is to use a keyserver, such as:
 
-- [pgp.mit.edu](https://pgp.mit.edu)
-- [keys.openpgp.org](https://keys.openpgp.org)
+-   [pgp.mit.edu](https://pgp.mit.edu)
+-   [keys.openpgp.org](https://keys.openpgp.org)