{"id":13530309,"url":"https://github.com/firstlookmedia/gpgsync","last_synced_at":"2025-04-01T18:31:33.183Z","repository":{"id":45318223,"uuid":"51545497","full_name":"firstlookmedia/gpgsync","owner":"firstlookmedia","description":":lock: GPG Sync is designed to let users always have up-to-date public keys for other members of their organization","archived":true,"fork":false,"pushed_at":"2022-12-08T08:47:23.000Z","size":1326,"stargazers_count":345,"open_issues_count":22,"forks_count":27,"subscribers_count":15,"default_branch":"develop","last_synced_at":"2024-11-02T17:35:59.286Z","etag":null,"topics":["encrypted-email","gpg","gpg-sync","linux","openpgp","osx","pgp","techie"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/firstlookmedia.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2016-02-11T20:40:18.000Z","updated_at":"2024-10-03T05:12:13.000Z","dependencies_parsed_at":"2023-01-24T20:15:17.250Z","dependency_job_id":null,"html_url":"https://github.com/firstlookmedia/gpgsync","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firstlookmedia%2Fgpgsync","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firstlookmedia%2Fgpgsync/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firstlookmedia%2Fgpgsync/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firstlookmedia%2Fgpgsync/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/firstlookmedia","download_url":"https://codeload.github.com/firstlookmedia/gpgsync/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246691573,"owners_count":20818534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encrypted-email","gpg","gpg-sync","linux","openpgp","osx","pgp","techie"],"created_at":"2024-08-01T07:00:47.802Z","updated_at":"2025-04-01T18:31:32.870Z","avatar_url":"https://github.com/firstlookmedia.png","language":"Python","readme":"![GPG Sync](./logo/logo.png)\n\n# GPG Sync\n\nGPG Sync is designed to let users always have up-to-date OpenPGP public\nkeys for other members of their organization.\n\nIf you're part of an organization that uses GPG internally you might\nnotice that it doesn't scale well. New people join and create new keys\nand existing people revoke their old keys and transition to new ones.\nIt quickly becomes unwieldy to ensure that everyone has a copy of everyone\nelse's current key, and that old revoked keys get refreshed to prevent\nusers from accidentally using them.\n\nGPG Sync solves this problem by offloading the complexity of GPG to a\nsingle trusted person in your organization. As a member of an organization,\nyou install GPG Sync on your computer, configure it with a few settings,\nand then you forget about it. GPG Sync takes care of everything else.\n\nA single keylist is used by GPG Sync to keep keys in sync. This keylist\nmust follow a specific JSON format, see [our example](https://github.com/firstlookmedia/gpgsync/blob/develop/example-keylist/keylist.json)\nfor guidance on creating one for your organization if it does not already\nexist. GPG Sync complies with the in-progress\n[Distributing OpenPGP Keys with Signed Keylist Subscriptions](https://datatracker.ietf.org/doc/draft-mccain-keylist/)\ninternet standard draft.\n\n## Learn More\n\nTo learn how GPG Sync works and how to use it, check out the [Wiki](https://github.com/firstlookmedia/gpgsync/wiki).\n\n## Getting GPG Sync\n\nTo install GPG Sync, follow [these instructions](https://github.com/firstlookmedia/gpgsync/wiki/Installing-GPG-Sync).\n\n## Important note about keyservers\n\nBy default, GPG Sync downloads PGP public keys from [keys.openpgp.org](https://keys.openpgp.org/about), a modern abuse-resistent keyserver. (The old SKS keyserver pool is vulnerable to [certificate flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html) attacks, and it's based on unmaintained software that will likely never get fixed.)\n\nFor this reason, **it's important that your authority key, as well as every key on your keylist, has a user ID that contains an email address** and that **all users must opt-in to allowing their email addresses** on this keyserver. You can opt-in by uploading your public key [here](https://keys.openpgp.org/upload), requesting to verify each email address on it, and then clicking the links you receive in those verification emails.\n\nIf a member of your organization doesn't opt-in to allowing their email addresses on this keyserver, then when subscribers of your keylist refresh it, the public key that GPG Sync will import won't contain the information necessary to be able to send that member an encrypted email. GPG Sync still supports the legacy, vulnerable SKS keyserver network; this can be enabled in the advanced settings of each keylist.\n\n## Test Status\n\n[![CircleCI](https://circleci.com/gh/firstlookmedia/gpgsync.svg?style=shield\u0026circle-token=8c35e705699711e0aff4934b4adef5b9e02e738d)](https://circleci.com/gh/firstlookmedia/gpgsync)\n\n![Screenshot](./logo/screenshot.png)\n","funding_links":[],"categories":["Communications security (COMSEC)","Python","通讯安全"],"sub_categories":["Service meshes","安全编排自动化与响应"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirstlookmedia%2Fgpgsync","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffirstlookmedia%2Fgpgsync","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirstlookmedia%2Fgpgsync/lists"}