2024-02-17-03

source/tech_conf/gpg/index.rst

@@ -0,0 +1,183 @@
+GPG
+===
+
+.. toctree::
+   :titlesonly:
+
+   recomandation
+
+# Sommaire
+
+- [Recommandation](#Recommandation)
+- [Linux](#Linux)
+- [Link](#Link)
+
+# Recommandation
+Always use Linux on a live usb to generate and manipulate gpg key
+
+maybe autogenerate an iso with this [tuto](https://debian-live-config.readthedocs.io/en/latest/custom.html)
+
+# Linux
+
+## generate primary key
+
+```
+gpg --full-generate-key --expert
+11
+A
+Q
+1
+0
+y
+< your name >
+< your mail >
+< a comment >
+O
+< use a generate passphrase >
+```
+
+## show keys
+
+```bash
+gpg -k
+```
+
+ex:
+```
+gpg -k
+gpg: checking the trustdb
+gpg: marginals needed: 3  completes needed: 1  trust model: pgp
+gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
+gpg: next trustdb check due at 2024-06-11
+/home/nicolas/.gnupg/pubring.kbx
+--------------------------------
+pub   ed25519 2024-02-10 [SCA]
+      812185F25A67E5296643DD19BDBE4CDB45828C70
+uid           [ultimate] Totor (valou) <totor@del.fr>
+```
+
+## generate  every subkey
+
+```
+gpg --edit-key --expert < key id >
+addkey
+11
+< select for authenticate >
+Q
+1
+2y
+y
+y
+< primary key passphrase >
+addkey
+11
+< select for sign >
+Q
+1
+2y
+y
+y
+< primary key passphrase >
+addkey
+12
+< select for sign >
+Q
+1
+2y
+y
+y
+< primary key passphrase >
+save
+```
+
+ex:
+```
+gpg --edit-key --expert 812185F25A67E5296643DD19BDBE4CDB45828C70
+```
+
+## export and backup keys
+
+Now we would like to export and backup private and public keys
+
+start by listing key with keygrip:
+```
+gpg --keyid-format long --with-fingerprint --list-key
+```
+
+then export keys:
+```
+gpg --export --armor --output public-key.asc < key id >
+gpg --export-secret-keys --output secret-key.asc < key id >
+```
+
+## yubikey configure
+
+default admin pin: 12345678
+default pin: 123456
+
+entrer admin  mode:
+```
+gpg --card-edit
+admin
+kdf-setup
+passwd
+3
+1
+q
+name
+lang
+login
+list
+quit
+```
+
+## send keys
+
+```
+gpg --edit-key < key id >
+key 1
+keytocard
+< select acording to key role >
+key 1
+key 2
+keytocard
+< select acording to key role >
+key 2
+key 3
+keytocard
+< select acording to key role >
+key 3
+save
+```
+
+## Multiple yubikey
+
+```
+$ mv -vi $GNUPGHOME $GNUPGHOME.1
+renamed '/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM.1'
+
+$ cp -avi /mnt/encrypted-storage/tmp.XXX $GNUPGHOME
+'/mnt/encrypted-storage/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM'
+
+$ cd $GNUPGHOME
+```
+
+# Link
+ - [deja fait vite fait](https://gitlab.g3e.fr/-/snippets/1)
+ - [global tuto](https://r-pufky.github.io/docs/apps/gpg/index.html)
+ - [ssh-agent forward](https://superuser.com/questions/1388851/how-to-set-up-ssh-key-forwarding-with-gpg-agent)
+ - [putty](https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-key-login-passwordless-ssh/windows-putty)
+ - [github tuto yubikey + gpg](https://github.com/drduh/YubiKey-Guide#yubikey)
+ - [orphaned pagent windows](https://gist.github.com/kamermans/adae2aae83b60e20b399744d56156877)
+ - [import ssh key to gpg key](https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples)
+ - [use gpg smartcart for luks](https://cryptsetup-team.pages.debian.net/cryptsetup/README.gnupg-sc.html)
+ - [gpg key to dns ?](https://www.gushi.org/make-dns-cert/howto.html)
+ - [wsl2](https://gist.github.com/dinvlad/a62d44325fa2b989a046fe984a06e140)
+
+
+# Git
+
+rebase older commit
+```bash
+git rebase --exec 'git commit --amend --no-edit -n -S' -i development
+```

source/tech_conf/gpg/recomandation.rst

@@ -0,0 +1,6 @@
+Recommandation
+==============
+
+Pour suivre ce tutoriel il est conseiller d'utiliser un linux live qui n'a pas internet, pour pouvoir generer et manipuler les clees gpg en toutes securiter
+
+Dans le futur je travaillerais sur le faite d'avoir un iso cles en main [tuto](https://debian-live-config.readthedocs.io/en/latest/custom.html)

source/tech_conf/index.rst

@@ -4,4 +4,5 @@ Tech Configuration
 .. toctree::
    :titlesonly:
 
-   ssh
+   ssh
+   gpg/index