Simple Explanation for PGP

HI All,

I am struggling to understand the doco.

I am new to pgp and looking to use my onlykey for signing my git commits and emails using Thunderbird. I have created a pgp key pair manually using the gpg binary and copied the private key to the OnlyKey as per the doco. I am struggling to figure out how to actually use the pgp key now.

Ideally I would like to use native Fedora binaries such as gpg but the doco infers I need the onlykey-agent.

What I have done to far is:

  • installed onlykey-agent
  • when I execute “onlykey-gpg init “Adam” -sk ECC2 -dk ECC1 -i” it creates the “/var/home/adam/.gnupg/onlykey/pubring.kbx” file which I can see listed when I execute gpg --list-keys

I am stuck at this point - I am also using Fedora Silverblue which may complicate things.

Appreciate any giudance to get closer to achieving my goals.



It sounds like you are almost there. You can test if GPG is set up correctly by signing and encrypting like this:

To use GPG with git next you need to add export GNUPGHOME=~/.gnupg/onlykey to your .bashrc or other environment file.

This GNUPGHOME contains your hardware keyring and agent settings. This agent software assumes all keys are backed by hardware devices so you can’t use standard GPG keys in GNUPGHOME (if you do mix keys you’ll receive an error when you attempt to use them).

If you wish to switch back to your software keys unset GNUPGHOME.

Log out and back into your session to ensure your environment is updated everywhere.

To use OnlyKey to sign git commits next you would do this:

To use OnlyKey with Thunderbird you would follow instructions here:

Thank you very much. I had everything working but I either hadn’t rebooted the key or had a GNUPGHOME path issue in that session. I still havent resolved Thunderbird but that’s not critical - could be a flatpak related issue and it looks like enigma mail is no longer required