Hi! I found the following article about PGP/GnuPG: https://latacora.singles/2019/07/16/the-pgp-problem.html
In short you should drop GnuPG because it doesn’t do anything really the right way. It should be replaced with different tools for different situations.
Debian is using GnuPG for signing files. From the article: Signing Packages Use Signify/Minisign. Ted Unangst will tell you all about it. It’s whatOpenBSD uses to sign packages. It’s extremely simple and uses modern signing. Minisign, from Frank Denis, the libsodium guy, brings the same design to Windows and macOS; it has bindings for Go, Rust, Python, Javascript, and .NET; it’s even compatible with Signify.
What do you think? Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html |
smime.p7s
Description: S/MIME cryptographic signature