diff --git a/dev_guides/commit_signing.md b/dev_guides/commit_signing.md index 5f94ee6..70f744b 100644 --- a/dev_guides/commit_signing.md +++ b/dev_guides/commit_signing.md @@ -34,13 +34,13 @@ rc: # Create revocation certificate - gpg --output \.gpg-revocation-certificate --gen-revoke my@email.addr + gpg --output my_email_addr.gpg-revocation-certificate --gen-revoke my@email.addr # Back up your keypair Export the *primary keypair* (put these somewhere very safe along with revocation certificate) - gpg --export-secret-keys --armor my@email.addr > \.private.gpg-key - gpg --export --armor my@email.addr > \.public.gpg-key + gpg --export-secret-keys --armor my@email.addr > my_email_addr.private.gpg-key + gpg --export --armor my@email.addr > my_email_addr.public.gpg-key # Remove the *primary keypair* from your keyring Export all subkeys from the new keypair to a file - use ramfs instead of tmpfs/ or /dev/shm/ because ramfs doesn't write to swap @@ -66,7 +66,7 @@ Look for `sec#` instead of `sec` in the output - pound sign means signing subkey # Revoking a *signing keypair* Find the *primary keypair* and import it (preferably into an ephemeral system like a liveUSB) - gpg --import /path/to/\.public.gpg-key /path/to/\.private.gpg-key + gpg --import /path/to/my_email_addr.public.gpg-key /path/to/my_email_addr.private.gpg-key gpg --edit-key my@email.addr gpg> revkey [ passphrase twice ]