From e058f1c494fd12b9fbab38e2062a722ef5effe0d Mon Sep 17 00:00:00 2001 From: GnomeZworc Date: Sun, 18 Feb 2024 21:39:12 +0100 Subject: [PATCH] 2024-02-18-08 Signed-off-by: GnomeZworc --- source/tech_conf/gpg/generate_certify.rst | 109 +++++++++++++++++++++- 1 file changed, 108 insertions(+), 1 deletion(-) diff --git a/source/tech_conf/gpg/generate_certify.rst b/source/tech_conf/gpg/generate_certify.rst index 97c4138..816a95b 100644 --- a/source/tech_conf/gpg/generate_certify.rst +++ b/source/tech_conf/gpg/generate_certify.rst @@ -43,4 +43,111 @@ Example output: KY4F-C83Q-BTYQ-V8EM-WGCR-DPZN GYWQ-WNAC-ERWM-XGAD-6XVD-ZCLD L8JL-EK8H-Z4ZF-MA93-NND8-FPKA - WM2J-XF7L-QV6D-AWLY-Y2D8-4TQQ \ No newline at end of file + WM2J-XF7L-QV6D-AWLY-Y2D8-4TQQ + +Generate Certify +---------------- + +On lance gpg en mode expert + +.. code-block:: + + gpg --expert --full-generate-key + +Voila la liste des commandes a suivre. + +Deja on choisi ECC et on choisi la capaciter 'Certify' + +.. code-block:: + + Please select what kind of key you want: + (1) RSA and RSA + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (7) DSA (set your own capabilities) + (8) RSA (set your own capabilities) + (9) ECC (sign and encrypt) *default* + (10) ECC (sign only) + (11) ECC (set your own capabilities) + (13) Existing key + (14) Existing key from card + Your selection? 11 + + Possible actions for this ECC key: Sign Certify Authenticate + Current allowed actions: Sign Certify + + (S) Toggle the sign capability + (A) Toggle the authenticate capability + (Q) Finished + + Your selection? S + + Possible actions for this ECC key: Sign Certify Authenticate + Current allowed actions: Certify + + (S) Toggle the sign capability + (A) Toggle the authenticate capability + (Q) Finished + + Your selection? Q + +Ensuite on choisi l'algorythme de chiffrement, personnelement je laisse l'option par defaut. + +.. code-block:: + + Please select which elliptic curve you want: + (1) Curve 25519 *default* + (2) Curve 448 + (3) NIST P-256 + (4) NIST P-384 + (5) NIST P-521 + (6) Brainpool P-256 + (7) Brainpool P-384 + (8) Brainpool P-512 + (9) secp256k1 + Your selection? 1 + +Et ensuite on dois choisir la date d'expiration, personnelement je choisi de facon indefini. + +.. code-block:: + + Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years + Key is valid for? (0) 0 + Key does not expire at all + Is this correct? (y/N) y + +Et pour finir on choisi, les infos tel que le nom, l'email ou un commentaire. + +.. code-block:: + + GnuPG needs to construct a user ID to identify your key. + + Real name: YubiKey User + Email address: yubikey@example + Comment: + You selected this USER-ID: + "YubiKey User " + + Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O + We need to generate a lot of random bytes. It is a good idea to perform + some other action (type on the keyboard, move the mouse, utilize the + disks) during the prime generation; this gives the random number + generator a better chance to gain enough entropy. + gpg: revocation certificate stored as '/Users/nicolas.boufidjeline/.gnupg/openpgp-revocs.d/3D98DEB92C1F530B076DA2CBE8091C4510077F5A.rev' + public and secret key created and signed. + + pub ed25519/0xE8091C4510077F5A 2024-02-18 [C] + Key fingerprint = 3D98 DEB9 2C1F 530B 076D A2CB E809 1C45 1007 7F5A + uid YubiKey User + +Puis on copy l'id de la clees et on l'export en variable d'environment + +.. code-block:: + + export KEYID=0xE8091C4510077F5A \ No newline at end of file