2024-02-18-08

Signed-off-by: GnomeZworc <nicolas.boufidjeline@g3e.fr>
2024-02-18 21:39:12 +01:00 · 2024-02-18 21:39:12 +01:00 · e058f1c494
commit e058f1c494
parent 554d4c3a1d
1 changed files with 108 additions and 1 deletions
--- a/source/tech_conf/gpg/generate_certify.rst
+++ b/source/tech_conf/gpg/generate_certify.rst
@ -43,4 +43,111 @@ Example output:
   KY4F-C83Q-BTYQ-V8EM-WGCR-DPZN
   GYWQ-WNAC-ERWM-XGAD-6XVD-ZCLD
   L8JL-EK8H-Z4ZF-MA93-NND8-FPKA
-   WM2J-XF7L-QV6D-AWLY-Y2D8-4TQQ
+   WM2J-XF7L-QV6D-AWLY-Y2D8-4TQQ
+
+Generate Certify
+----------------
+
+On lance gpg en mode expert
+
+.. code-block::
+
+   gpg --expert --full-generate-key
+
+Voila la liste des commandes a suivre.
+
+Deja on choisi ECC et on choisi la capaciter 'Certify' 
+
+.. code-block::
+
+   Please select what kind of key you want:
+      (1) RSA and RSA
+      (2) DSA and Elgamal
+      (3) DSA (sign only)
+      (4) RSA (sign only)
+      (7) DSA (set your own capabilities)
+      (8) RSA (set your own capabilities)
+      (9) ECC (sign and encrypt) *default*
+     (10) ECC (sign only)
+     (11) ECC (set your own capabilities)
+     (13) Existing key
+     (14) Existing key from card
+   Your selection? 11
+   
+   Possible actions for this ECC key: Sign Certify Authenticate
+   Current allowed actions: Sign Certify
+   
+      (S) Toggle the sign capability
+      (A) Toggle the authenticate capability
+      (Q) Finished
+   
+   Your selection? S
+   
+   Possible actions for this ECC key: Sign Certify Authenticate
+   Current allowed actions: Certify
+   
+      (S) Toggle the sign capability
+      (A) Toggle the authenticate capability
+      (Q) Finished
+   
+   Your selection? Q
+
+Ensuite on choisi l'algorythme de chiffrement, personnelement je laisse l'option par defaut.
+
+.. code-block::
+
+   Please select which elliptic curve you want:
+      (1) Curve 25519 *default*
+      (2) Curve 448
+      (3) NIST P-256
+      (4) NIST P-384
+      (5) NIST P-521
+      (6) Brainpool P-256
+      (7) Brainpool P-384
+      (8) Brainpool P-512
+      (9) secp256k1
+   Your selection? 1
+
+Et ensuite on dois choisir la date d'expiration, personnelement je choisi de facon indefini.
+
+.. code-block::
+
+   Please specify how long the key should be valid.
+            0 = key does not expire
+         <n>  = key expires in n days
+         <n>w = key expires in n weeks
+         <n>m = key expires in n months
+         <n>y = key expires in n years
+   Key is valid for? (0) 0
+   Key does not expire at all
+   Is this correct? (y/N) y
+
+Et pour finir on choisi, les infos tel que le nom, l'email ou un commentaire.
+
+.. code-block::
+
+   GnuPG needs to construct a user ID to identify your key.
+   
+   Real name: YubiKey User
+   Email address: yubikey@example
+   Comment:
+   You selected this USER-ID:
+       "YubiKey User <yubikey@example>"
+   
+   Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+   We need to generate a lot of random bytes. It is a good idea to perform
+   some other action (type on the keyboard, move the mouse, utilize the
+   disks) during the prime generation; this gives the random number
+   generator a better chance to gain enough entropy.
+   gpg: revocation certificate stored as '/Users/nicolas.boufidjeline/.gnupg/openpgp-revocs.d/3D98DEB92C1F530B076DA2CBE8091C4510077F5A.rev'
+   public and secret key created and signed.
+   
+   pub   ed25519/0xE8091C4510077F5A 2024-02-18 [C]
+         Key fingerprint = 3D98 DEB9 2C1F 530B 076D  A2CB E809 1C45 1007 7F5A
+   uid                              YubiKey User <yubikey@example>
+
+Puis on copy l'id de la clees et on l'export en variable d'environment
+
+.. code-block::
+
+   export KEYID=0xE8091C4510077F5A