Leanpub Header

Skip to main content
Go to Leanpub.com

The GPG Guide

Modern OpenPGP for Every Workflow

Tony Gies

The comprehensive, current PGP/GnuPG reference: from air-gapped key generation to YubiKey provisioning, Git signing, email encryption, and emergency recovery.

Minimum price

$24.99

$34.99

You pay

$34.99

Author earns

$25.19

Cause gets

$2.80
$

...Or Buy With Credits!

You can get credits with a paid monthly or annual Reader Membership, or you can buy them here.
PDF
EPUB
377
Pages
About

About

About the Book

This is The GPG Guide

Most PGP/GPG guides were written for a world that no longer exists. They recommend RSA keys, reference the defunct SKS keyserver pool, and ignore the tools that have reshaped the ecosystem since 2020 -- Sequoia PGP, age, Sigstore, FIDO2. Meanwhile, the OpenPGP standard itself has forked into two competing specifications (RFC 9580 and LibrePGP), and GnuPG has released a new stable series. If you're setting up PGP today, the old guides will actively steer you wrong.

The GPG Guide is the comprehensive, opinionated reference that replaces them. It covers the full lifecycle of a modern PGP identity: from generating your first key on an air-gapped machine, through hardware token provisioning and daily use, to maintenance, rotation, and emergency recovery years later. Every command has been tested against GnuPG 2.5.x and Sequoia sq 1.3.1. Where PGP is the wrong tool for the job, this guide says so and points you to what works better.

What's inside

Sixteen parts and six appendices covering:

- Key generation with both GnuPG and Sequoia, including air-gapped setup

- Backup and recovery -- Paperkey, QR codes, encrypted USB, revocation certificates

- Hardware tokens -- YubiKey configuration, touch policies, alternative devices

- SSH authentication -- GPG-agent, FIDO2, and PIV paths compared side by side

- Git commit signing -- GPG and SSH signing, GitHub/GitLab/Codeberg integration, CI/CD verification

- Email encryption -- Thunderbird (and its RNP quirks), Mutt/NeoMutt, Autocrypt, ProtonMail

- Password management with pass, gopass, and passage

- Secrets management -- SOPS, git-crypt, and when to use age instead

- Key distribution -- keyservers, WKD, Keyoxide, decentralized identity proofs

- Web of Trust -- including the Debian Developer path

- Package and container signing -- deb, RPM, release tarballs, cosign

- Maintenance -- expiry renewal, YubiKey replacement, the stub problem, emergency recovery

- Complementary tools -- Sequoia, age, SOP, and when NOT to use PGP at all

Plus appendices with a complete GnuPG config reference, troubleshooting guide, cheat sheet, glossary, and migration guides from older setups.

The approach

The guide is opinionated. Not because there are no other valid choices, but because you have actual work to do, and a clear "just do this" path is more useful than a survey of every option.

Three reader tracks

You don't have to read all 60,000 words. Pick the track that matches your goal:

- Track A -- "I just need Git signing and SSH." Five parts, done in an afternoon.

- Track B -- "Full identity setup with YubiKey." The core path plus whatever workflows you need.

- Track C -- "Debian Developer / high-assurance identity." The whole guide, especially key distribution, Web of Trust, and package signing.

Who this book is for

Software engineers, system administrators, security professionals, and open-source maintainers who need to use PGP in 2026 and want a single reference that's both current and complete. Linux, macOS, and Windows (WSL2) are all first-class platforms throughout; every command includes platform-specific tabs where behavior differs.

About this edition

This is an early access edition. The full content is complete and technically reviewed, but editing and formatting tweaks are ongoing, and updates will continue as the ecosystem evolves. As a Leanpub reader, you receive all future updates at no additional cost.

Share this book

Categories

Computer SecurityCryptographySoftwareComputer ScienceReference

Feedback

Email the Author

Author

About the Author

Tony Gies

Tony Gies lives in the Dissected Till Plains atop an erosional escarpment in EPA Level IV Ecoregion 47h, with his computer.

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUB

Causes

Causes Supported

Free Software Foundation

Free Software Foundation FSF

http://www.fsf.org
The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.
As our society grows more dependent on computers, the software we run is of critical importance to securing the future of a free society. Free software is about having control over the technology we use in our homes, schools and businesses, where computers work for our individual and communal benefit, not for proprietary software companies or governments who might seek to restrict and monitor us.

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub