diff --git a/source/tech_conf/gpg/index.rst b/source/tech_conf/gpg/index.rst new file mode 100644 index 0000000..fcc820d --- /dev/null +++ b/source/tech_conf/gpg/index.rst @@ -0,0 +1,183 @@ +GPG +=== + +.. toctree:: + :titlesonly: + + recomandation + +# Sommaire + +- [Recommandation](#Recommandation) +- [Linux](#Linux) +- [Link](#Link) + +# Recommandation +Always use Linux on a live usb to generate and manipulate gpg key + +maybe autogenerate an iso with this [tuto](https://debian-live-config.readthedocs.io/en/latest/custom.html) + +# Linux + +## generate primary key + +``` +gpg --full-generate-key --expert +11 +A +Q +1 +0 +y +< your name > +< your mail > +< a comment > +O +< use a generate passphrase > +``` + +## show keys + +```bash +gpg -k +``` + +ex: +``` +gpg -k +gpg: checking the trustdb +gpg: marginals needed: 3 completes needed: 1 trust model: pgp +gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u +gpg: next trustdb check due at 2024-06-11 +/home/nicolas/.gnupg/pubring.kbx +-------------------------------- +pub ed25519 2024-02-10 [SCA] + 812185F25A67E5296643DD19BDBE4CDB45828C70 +uid [ultimate] Totor (valou) +``` + +## generate every subkey + +``` +gpg --edit-key --expert < key id > +addkey +11 +< select for authenticate > +Q +1 +2y +y +y +< primary key passphrase > +addkey +11 +< select for sign > +Q +1 +2y +y +y +< primary key passphrase > +addkey +12 +< select for sign > +Q +1 +2y +y +y +< primary key passphrase > +save +``` + +ex: +``` +gpg --edit-key --expert 812185F25A67E5296643DD19BDBE4CDB45828C70 +``` + +## export and backup keys + +Now we would like to export and backup private and public keys + +start by listing key with keygrip: +``` +gpg --keyid-format long --with-fingerprint --list-key +``` + +then export keys: +``` +gpg --export --armor --output public-key.asc < key id > +gpg --export-secret-keys --output secret-key.asc < key id > +``` + +## yubikey configure + +default admin pin: 12345678 +default pin: 123456 + +entrer admin mode: +``` +gpg --card-edit +admin +kdf-setup +passwd +3 +1 +q +name +lang +login +list +quit +``` + +## send keys + +``` +gpg --edit-key < key id > +key 1 +keytocard +< select acording to key role > +key 1 +key 2 +keytocard +< select acording to key role > +key 2 +key 3 +keytocard +< select acording to key role > +key 3 +save +``` + +## Multiple yubikey + +``` +$ mv -vi $GNUPGHOME $GNUPGHOME.1 +renamed '/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM.1' + +$ cp -avi /mnt/encrypted-storage/tmp.XXX $GNUPGHOME +'/mnt/encrypted-storage/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM' + +$ cd $GNUPGHOME +``` + +# Link + - [deja fait vite fait](https://gitlab.g3e.fr/-/snippets/1) + - [global tuto](https://r-pufky.github.io/docs/apps/gpg/index.html) + - [ssh-agent forward](https://superuser.com/questions/1388851/how-to-set-up-ssh-key-forwarding-with-gpg-agent) + - [putty](https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-key-login-passwordless-ssh/windows-putty) + - [github tuto yubikey + gpg](https://github.com/drduh/YubiKey-Guide#yubikey) + - [orphaned pagent windows](https://gist.github.com/kamermans/adae2aae83b60e20b399744d56156877) + - [import ssh key to gpg key](https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples) + - [use gpg smartcart for luks](https://cryptsetup-team.pages.debian.net/cryptsetup/README.gnupg-sc.html) + - [gpg key to dns ?](https://www.gushi.org/make-dns-cert/howto.html) + - [wsl2](https://gist.github.com/dinvlad/a62d44325fa2b989a046fe984a06e140) + + +# Git + +rebase older commit +```bash +git rebase --exec 'git commit --amend --no-edit -n -S' -i development +``` \ No newline at end of file diff --git a/source/tech_conf/gpg/recomandation.rst b/source/tech_conf/gpg/recomandation.rst new file mode 100644 index 0000000..15901e6 --- /dev/null +++ b/source/tech_conf/gpg/recomandation.rst @@ -0,0 +1,6 @@ +Recommandation +============== + +Pour suivre ce tutoriel il est conseiller d'utiliser un linux live qui n'a pas internet, pour pouvoir generer et manipuler les clees gpg en toutes securiter + +Dans le futur je travaillerais sur le faite d'avoir un iso cles en main [tuto](https://debian-live-config.readthedocs.io/en/latest/custom.html) \ No newline at end of file diff --git a/source/tech_conf/index.rst b/source/tech_conf/index.rst index 31fff71..fb126bf 100644 --- a/source/tech_conf/index.rst +++ b/source/tech_conf/index.rst @@ -4,4 +4,5 @@ Tech Configuration .. toctree:: :titlesonly: - ssh \ No newline at end of file + ssh + gpg/index \ No newline at end of file