
GPG explained: from first key to daily use
GPG is one of those tools everyone keeps meaning to learn and never does. The docs are a wall of text, the terminology is its own dialect, and the error messages are cryptic in both senses of the word. I put it off for years myself. The thing is, you keep bumping into it. GPG sits under pass, under signed git commits, under encrypted email, under verifying that the binary you just downloaded is the one the maintainer actually shipped. If you care about owning your security instead of trusting a vendor to handle it for you, you end up here eventually. ...

