2024-02-18-05

Signed-off-by: GnomeZworc <nicolas.boufidjeline@g3e.fr>

source/tech_conf/gpg/generate_certify.rst

@@ -0,0 +1,46 @@
+Generate Certify Key
+====================
+
+.. warning::
+
+  Page a tradire en francais...
+
+.. warning::
+
+   No Internet from now on
+
+Introduction
+------------
+
+The primary key to generate is the Certify key, which will be used to issue Subkeys for encryption, signature and authentication operations.
+
+The Certify key should be kept offline at all times and only accessed from a secure environment to revoke or issue Subkeys. Keys can also be generated on the YubiKey itself to avoid duplication, however for usability and durability reasons this guide recommends against doing so.
+
+Generate a passphrase which will be needed throughout the guide to create Subkeys. The passphrase should be memorized or written down in a secure location, ideally separate from the portable storage device used for key material.
+
+The passphrase is recommended to consist of only upper case letters and numbers for improved readability.
+
+
+The following command will generate strong passphrases while avoiding ambiguous characters:
+
+.. code-block::
+
+   LC_ALL=C tr -dc 'A-Z1-9' < /dev/urandom | \
+       tr -d "1IOS5U" | fold -w 30 | head -n10 | \
+       sed "-es/./ /"{1..26..5} | cut -c2- | tr " " "-"
+
+
+Example output:
+
+.. code-block::
+
+   A4ZK-YRRJ-8WPM-82NY-CX9T-AGKT
+   PH9Z-HFDX-QDB9-YMMC-GQZB-Z3EV
+   EC3H-C42G-8E9K-VF7F-ZWT7-BTL6
+   B3CA-QCCE-JMNE-VAZG-ZEYD-J3XP
+   YKP4-M42X-4WWE-WEKR-C3J7-GZYF
+   ZQWC-E7MN-M7CT-4Y4Z-9QFV-44VY
+   KY4F-C83Q-BTYQ-V8EM-WGCR-DPZN
+   GYWQ-WNAC-ERWM-XGAD-6XVD-ZCLD
+   L8JL-EK8H-Z4ZF-MA93-NND8-FPKA
+   WM2J-XF7L-QV6D-AWLY-Y2D8-4TQQ

source/tech_conf/gpg/index.rst

@@ -1,12 +1,15 @@
 GPG
 ===
 
+.. note::
+
+   Une grande partie de ce tutoriel viens de ce repos `github`_.
+
 .. toctree::
-   :titlesonly:
 
    recomandation
    preparation
-   generate_gpg_key
+   generate_certify
 
 # Linux
 
@@ -171,4 +174,6 @@ $ cd $GNUPGHOME
 rebase older commit
 ```bash
 git rebase --exec 'git commit --amend --no-edit -n -S' -i development
-```
+```
+
+.. _`github`: https://github.com/drduh/YubiKey-Guide

source/tech_conf/gpg/preparation.rst

@@ -87,5 +87,44 @@ L'un deux est `Ventoy`_ je ferais un tuto sur celui-ci et comment l'utiliser bie
 
 Si vous voulez utiliser `Ventoy`_ il vous suffira juste de faire une copier coller de l'iso dans le bon peripherique.
 
+Le Live boot
+------------
+
+Maintenant on va donc boot sur l'iso qu'on a preparer.
+
+configurer le reseau, on va telecharger les paquer necessaire.
+
+.. code-block::
+
+   sudo apt update
+
+   sudo apt -y upgrade
+
+   sudo apt -y install \
+      wget gnupg2 gnupg-agent dirmngr \
+      cryptsetup scdaemon pcscd secure-delete \
+      yubikey-personalization
+    
+   curl http://ftp.fr.debian.org/debian/pool/main/h/haskell-hopenpgp-tools/hopenpgp-tools_0.23.7-1_amd64.deb -O
+
+   sudo dpkg -i hopenpgp-tools_0.23.7-1_amd64.deb
+
+   sudo apt -y install yubikey-manager
+
+   sudo service pcscd start
+
+   export GNUPGHOME=$(mktemp -d -t gnupg_$(date +%Y%m%d%H%M)_XXX)
+
+   wget -O $GNUPGHOME/gpg.conf https://doc.g3e.fr/_downloads/58a3422798d8fb93fc663cb2bb0b136c/gpg.conf
+
+   grep -ve "^#" $GNUPGHOME/gpg.conf
+
+.. warning::
+
+   A partir de maintenant on a plus besoin d'internet
+   /!\ On peut donc desactiver internet /!\
+
+
+
 .. _Verifying authenticity of Debian CDs: https://www.debian.org/CD/verify
 .. _Ventoy: https://www.ventoy.net/en/index.html