GPG
===

.. toctree::
   :titlesonly:

   recomandation
   preparation
   generate_gpg_key

# Linux

## generate primary key

```
gpg --full-generate-key --expert
11
A
Q
1
0
y
< your name >
< your mail >
< a comment >
O
< use a generate passphrase >
```

## show keys

```bash
gpg -k
```

ex:
```
gpg -k
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2024-06-11
/home/nicolas/.gnupg/pubring.kbx
--------------------------------
pub   ed25519 2024-02-10 [SCA]
      812185F25A67E5296643DD19BDBE4CDB45828C70
uid           [ultimate] Totor (valou) <totor@del.fr>
```

## generate  every subkey

```
gpg --edit-key --expert < key id >
addkey
11
< select for authenticate >
Q
1
2y
y
y
< primary key passphrase >
addkey
11
< select for sign >
Q
1
2y
y
y
< primary key passphrase >
addkey
12
< select for sign >
Q
1
2y
y
y
< primary key passphrase >
save
```

ex:
```
gpg --edit-key --expert 812185F25A67E5296643DD19BDBE4CDB45828C70
```

## export and backup keys

Now we would like to export and backup private and public keys

start by listing key with keygrip:
```
gpg --keyid-format long --with-fingerprint --list-key
```

then export keys:
```
gpg --export --armor --output public-key.asc < key id >
gpg --export-secret-keys --output secret-key.asc < key id >
```

## yubikey configure

default admin pin: 12345678
default pin: 123456

entrer admin  mode:
```
gpg --card-edit
admin
kdf-setup
passwd
3
1
q
name
lang
login
list
quit
```

## send keys

```
gpg --edit-key < key id >
key 1
keytocard
< select acording to key role >
key 1
key 2
keytocard
< select acording to key role >
key 2
key 3
keytocard
< select acording to key role >
key 3
save
```

## Multiple yubikey

```
$ mv -vi $GNUPGHOME $GNUPGHOME.1
renamed '/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM.1'

$ cp -avi /mnt/encrypted-storage/tmp.XXX $GNUPGHOME
'/mnt/encrypted-storage/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM'

$ cd $GNUPGHOME
```

# Link
 - [deja fait vite fait](https://gitlab.g3e.fr/-/snippets/1)
 - [global tuto](https://r-pufky.github.io/docs/apps/gpg/index.html)
 - [ssh-agent forward](https://superuser.com/questions/1388851/how-to-set-up-ssh-key-forwarding-with-gpg-agent)
 - [putty](https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-key-login-passwordless-ssh/windows-putty)
 - [github tuto yubikey + gpg](https://github.com/drduh/YubiKey-Guide#yubikey)
 - [orphaned pagent windows](https://gist.github.com/kamermans/adae2aae83b60e20b399744d56156877)
 - [import ssh key to gpg key](https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples)
 - [use gpg smartcart for luks](https://cryptsetup-team.pages.debian.net/cryptsetup/README.gnupg-sc.html)
 - [gpg key to dns ?](https://www.gushi.org/make-dns-cert/howto.html)
 - [wsl2](https://gist.github.com/dinvlad/a62d44325fa2b989a046fe984a06e140)


# Git

rebase older commit
```bash
git rebase --exec 'git commit --amend --no-edit -n -S' -i development
```