You should have received a GNU Privacy Guard (GPG) public key from the sender in GPGs default binary file format, such as example.gpg, or in a armored text format, such as example.pub, for cross platform compatibility. You might have downloaded it from senders website or you might have received in another way.
Thunderbird Mail.
If you will be using Thunderbird Mail, then you will open the Tools drop down menu and select OpenPGP Key Manager. If you have your own key, you should see it in the list of keys, that is already loaded. Open the drop down menu File and select Import Public Key(s) From File. Find the key file and open it. A window will ask you to confirm the key. If this is in fact the correct key for the sender, then click OK. You will now se a window, that confirms, that the key has been loaded. You can see its bit length, its date of creation and its unique fingerprint. Click OK.
You have now imported the key and it should be visible in the list of loaded keys. Open the imported key by double clicking it. Select Yes, I’ve verified in person this key has the correct fingerprint.
A GNU Privacy Guard OpenPGP public key has been imported into Thunderbird Mail and accepted for use with verifying and encrypting messages.
You can now verify signatures from this sender and encrypt your messages to this sender using the imported public key.
A lock and a diploma indicates, that this message has been encrypted and signed by the sender. GNU Privacy Guard was used with Thunderbird Mail to protect privacy.
If you look in the upper right corner, you can see, that a lock indicates, that this message was encrypted, and, that a diploma indicates, that this message was signed by the sender.
The GNU Privacy Guard, or just GnuPG or GPG, is a complete and free implementation of the OpenPGP standard. GPG can be used to sign and encrypt email messages and other data and communication.
The OpenPGP lock and a diploma indicates, that this message has been encrypted and signed by the sender. The GNU Privacy Guard keys was used with Thunderbird Mail to protect privacy.
If you implement GPG for use with email, then you can digitally sign your message, so your recipient will know, that the message has in fact been sent by you. The recipient will also know, that your messsage has not been modified. If you have the public key of the recipient, then you can encrypt and sign your message. You and your recipient can now safely assume, that your message has been protected against surveillance systems and other kinds of breach of privacy.
Create your new signing and encryption key.
The following GPG command will create a new key, that will be based on your selections from the menu. You will want RSA keys for signing and encryption. You might not want the key to expire. You will want maximum RSA key strength. Enter your name as it appears, when you send email. Enter your email address. Enter a passphrase. The passphrase should not just be a single password, but rather a phrase or complex password.
$ gpg --full-generate-key
You have now created a GPG key, that can be used for signing and encrypting data and communication. It has been inserted into the GPG key ring on your computer. If you did not have a key ring, then one has been created for you in a hidden directory in your home directory. You might want to ensure, that it is backup up.
$ ls .gnupg
The following command lists the key, and other keys, that exist in your key ring. The key will have a key for signing, a user identification and a subkey for encryption. The email address is used for identifying a key, if you later should want to make changes.
$ gpg --list-keys
The following command lists other options, that will help you find out, what you can do with the GPG command line tool.
$ gpg --help
Import your secret key into your email client.
The final step is to import your new key into your own email client, such as Thunderbird Mail. This key, which is your secret key and not the shared public key, will then be used by your email client to sign your messages. If you also have the public key of your recipient, you can also encrypt your messages.
The following example will export the secret key, that is identified by the email address , to a file private.gpg, that can be imported to your email client.
$ gpg --output private.gpg --export-secret-key
If your email client is Thunderbird Mail, you can import it by adding your key as an OpenPGP key from the encryption section in your account settings. You will need to enter the passphrase, that you entered during the creation of the key.
Note: Thunderbird Mail has its own PGP built-in system, that replaces the former EnigMail add-on, and stores its keys in its own key ring, that is different from the main GPG key ring. Thunderbird can also create a key for you, but in this example, you will create your own key with GPG and import it.
Export your public key to your recipients.
You can now generate a public key from your private key. If you share the puplic key with your recipient, then your recipient can import it and it will be used for validating your signatures and encrypting messages to you. I wrote a guide about this in How to import a GNU Privacy Guard (GPG) public key into email client.
The following example will export a public key from the key, that is identified by the email address . The public key will be written in the default GPG format to the file example.gpg.
$ gpg --output example.gpg --export
The following example will export a public key from the key, that is identified by the email address . The public key will be written in armored text format to the file example.pub. This format is can be used for copy and paste operations.
$ gpg --output example.pub --armor --export
The file can now be shared with your recipient, who can import it to an email client, such as Thunderbird Mail, that support signing and encryption with GPG. You can safely share your public key via email or other medium. The public key can only be used to encrypt messages to you. The message can only be decrypted by the one, who has the private key.
Sign and encrypt your message.
That’s all there is to it. You can now sign and encrypt messages with GNU Privacy Guard.
If your email client is Thunderbird Mail, then you will compose a new message as normal. When you are ready to send your message, you will open the drop down security menu and enable encryption. This will automatically sign your message too. If you only want to sign your message, you can do so too by just enabling your digital signature. Note, that you can only encrypt the message, if you have received a public key from the recipient.
Example of a signed and encrypted email message.
The following picture is an example of a signed and encrypted message, that has been received and opened in Thunderbird Mail.
A lock and a diploma indicates, that this message has been encrypted and signed by the sender. The GNU Privacy Guard was used with Thunderbird Mail to protect privacy.
If you look in the upper right corner, you can see, that a lock indicates, that this message was encrypted, and, that a diploma indicates, that this message was signed by the sender.
The supported releases comes with an announcement, release notes, installation instructions, hardware compatibility list, readme, errata and more, which I recommend looking into before upgrading.
Determine the version of FreeBSD kernel and userland.
The built-in freebsd-version utility can determine the installed, running and userland version and patch level of FreeBSD. These should all match.
# freebsd-version -k -r -u
Confirm, that the system can be restored in case of failure.
You might want to ensure, that the system can be restored, if something goes wrong during the upgrade.
If the FreeBSD in question runs on a virtual host, then an offline snapshot at this point in time will make you able to do a quick and easy restore. If the system uses ZFS, then a snapshot can also be used to do a quick restore of one or more datasets. This requires, that the file system and partitions are still working.
In any case you should be able to restore the data from a regular backup repository.
Upgrade FreeBSD to new minor or major version.
FreeBSD can be upgraded to a new minor or major release by using the built-in freebsd-update utility, which can fetch, install and rollback binary updates to the FreeBSD base system. The current patch level does not matter. The upgraded system will have the current patch level.
The update utility will first inspect the system before it will fetch patches, apply patches, fetch files and merges changes in configuration files. The patches and files depends on the internet speed and can take a long time. In the following example FreeBSD is upgraded from 12.1 to 12.2.
# freebsd-update -r 12.2-RELEASE upgrade
When the first step has completed, then the kernel updates can be installed and the system can be rebooted into the installed kernel.
# freebsd-update install
# reboot
The userland updates, which is everything else than the kernel updates, can now be installed. This depends on hardware and can take some time.
# freebsd-update install
If a third party software rebuild is required.
If the upgrade requires, that old shared object files are removed, then third party software, such as packages and ports, needs to be rebuilt. This rebuild can also be done, if you experience problems with packages after the upgrade.
If packages are used, then a static version of pkg can be used to upgrade itself and packages.
If ports are used, then portmaster can be used to upgrade the ports, but the recommended practice is, that the package builder poudriere and pkg-static is used. Follow the last procedure, that is given in the manual.
# man portmaster
If a mix is used, then portmaster can be used to rebuild the ports after the packages has been rebuilt. They will overwrite the target files. An example of this could be a desktop computer, which has to use a special port, that replaces a default package, such as a graphics driver.
When third party software has been rebuilt, then the freebsd-update utility can finish the upgrade.
# freebsd-update install
If the running kernel can not be identified.
If the running kernel can not be identified, then a symbolic link can be created as a work-around and the upgrade can be continued. This is a problem, that is related to encryption and ZFS. The issue is described in FreeBSD Forums.
If the upgrade failed, then the upgrade can be rolled back by using the rollback feature of the freebsd-update utility.
# freebsd-update rollback
# reboot
If the upgrade was succesful.
If the upgrade was succesful, then the new version and patch level of FreeBSD can be confirmed with the freebsd-version utility. These should all match.
# freebsd-version -k -r -u
You might want to update packages at this point. This would ensure, that your FreeBSD system is completely updated.
I needed an eye friendly and neat wallpaper for a laptop computer, that runs the FreeBSD operating system, but a quick search for FreeBSD themed wallpapers did not result in a suitable one. I downloaded a free wallpaper and modified it with the Gimp graphics editor to meet my requirements: The BSD daemon on a dark red background.
I exported it to the widely used 1920×1080 Full HD (16:9) resolution, 1920×1200 Ultra HD (16:10) resolution and 2560×1600 WQXGA (16:10) resolution and made it available for free download via the thumbnail links below. Enjoy.
FreeBSD themed wallpaper with the BSD daemon on dark red background for 1920×1080 resolution.FreeBSD themed wallpaper with the BSD daemon on dark red background for 1920×1200 resolution.FreeBSD themed wallpaper with the BSD daemon on dark red background for 2560×1600 resolution.
Learn the correct procedure for upgrading and auditing installed packages using the built-in pkg interface in FreeBSD.
Packages are applications, that has been precompiled with a default set of options. The packages are tested to work with the current version FreeBSD and the current packages in the repository. The advantage of packages over ports, which has to be compiled, are the simplification of installing. Updating of packages are done with the built-in pkg interface.
# man pkg
Determine the version and patch level of FreeBSD.
Confirm, that you are running the current version and patch level of FreeBSD. The built-in freebsd-version utility can determine the installed, running and userland version and patch level of FreeBSD. These should all match.
You might want to backup the current local package database. If the update proces should fail and the package datase became corrupted, then you will be able to restore it. FreeBSD also keeps its own rotated backups via the periodic runs.
# pkg backup -d pkg-backup.db
Update the packages in the FreeBSD repository catalogue.
# pkg update -f
Update the installed packages.
# pkg upgrade
You might want to audit the installed packages against known vulnerabilities.
# pkg audit -F
If upgrading failed or applications no longer work.
I have experienced, that upgrading larger desktop computers can break after an upgrade of packages. You should read into error messages on the console and in the logs and try to pin point the actual cause of the problem and look to solve that. The members of The FreeBSD Forums are very kind and competent.
However it is also my experience, that some of the error messages, that are produced, can lead to many forum discussions with more or less helpful solutions. An example is the following failed upgrade, that had an error message about installing files into the same place.
[4/285] Installing librsvg2-rust-2.50.2… pkg: librsvg2-rust-2.50.2 conflicts with librsvg2-2.40.21 (installs files into the same place). Problematic file: /usr/local/bin/rsvg-convert #
This problem, as well as other related problems, was solved by issuing a rebuild of all installed packages with the static version of pkg, which is known from upgrading the base system.
You might want to remove dependencies, that are no longer required by other packages. This kind of packages are also known as leaf dependencies. The pkg interface will list leaf dependencies before removing them.
# pkg autoremove
You might want to clean or delete the local cache of fetched remote packages. This is relevant, if you have limited storage space.
# pkg clean
Reboot.
If this upgrade was performed on a server or other critical production system, then a reboot and test is recommended.
# reboot
If upgrading was succesful.
The packages on your FreeBSD system is now upgraded, audited and tested.
