nicolas.boufideline/doc-public
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
doc-public/source/tech_conf/gpg/index.rst
GnomeZworc 240730770c 2024-02-18-05 
Signed-off-by: GnomeZworc <nicolas.boufidjeline@g3e.fr>
2024-02-18 19:13:35 +01:00

179 lines
No EOL
3.1 KiB
ReStructuredText
Raw Blame History

GPG
===
.. note::
Une grande partie de ce tutoriel viens de ce repos `github`_.
.. toctree::
recomandation
preparation
generate_certify
# Linux
## generate primary key
```
gpg --full-generate-key --expert
11
A
Q
1
0
y
< your name >
< your mail >
< a comment >
O
< use a generate passphrase >
```
## show keys
```bash
gpg -k
```
ex:
```
gpg -k
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2024-06-11
/home/nicolas/.gnupg/pubring.kbx
--------------------------------
pub ed25519 2024-02-10 [SCA]
812185F25A67E5296643DD19BDBE4CDB45828C70
uid [ultimate] Totor (valou) <totor@del.fr>
```
## generate every subkey
```
gpg --edit-key --expert < key id >
addkey
11
< select for authenticate >
Q
1
2y
y
y
< primary key passphrase >
addkey
11
< select for sign >
Q
1
2y
y
y
< primary key passphrase >
addkey
12
< select for sign >
Q
1
2y
y
y
< primary key passphrase >
save
```
ex:
```
gpg --edit-key --expert 812185F25A67E5296643DD19BDBE4CDB45828C70
```
## export and backup keys
Now we would like to export and backup private and public keys
start by listing key with keygrip:
```
gpg --keyid-format long --with-fingerprint --list-key
```
then export keys:
```
gpg --export --armor --output public-key.asc < key id >
gpg --export-secret-keys --output secret-key.asc < key id >
```
## yubikey configure
default admin pin: 12345678
default pin: 123456
entrer admin mode:
```
gpg --card-edit
admin
kdf-setup
passwd
3
1
q
name
lang
login
list
quit
```
## send keys
```
gpg --edit-key < key id >
key 1
keytocard
< select acording to key role >
key 1
key 2
keytocard
< select acording to key role >
key 2
key 3
keytocard
< select acording to key role >
key 3
save
```
## Multiple yubikey
```
$ mv -vi $GNUPGHOME $GNUPGHOME.1
renamed '/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM.1'
$ cp -avi /mnt/encrypted-storage/tmp.XXX $GNUPGHOME
'/mnt/encrypted-storage/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM'
$ cd $GNUPGHOME
```
# Link
- [deja fait vite fait](https://gitlab.g3e.fr/-/snippets/1)
- [global tuto](https://r-pufky.github.io/docs/apps/gpg/index.html)
- [ssh-agent forward](https://superuser.com/questions/1388851/how-to-set-up-ssh-key-forwarding-with-gpg-agent)
- [putty](https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-key-login-passwordless-ssh/windows-putty)
- [github tuto yubikey + gpg](https://github.com/drduh/YubiKey-Guide#yubikey)
- [orphaned pagent windows](https://gist.github.com/kamermans/adae2aae83b60e20b399744d56156877)
- [import ssh key to gpg key](https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples)
- [use gpg smartcart for luks](https://cryptsetup-team.pages.debian.net/cryptsetup/README.gnupg-sc.html)
- [gpg key to dns ?](https://www.gushi.org/make-dns-cert/howto.html)
- [wsl2](https://gist.github.com/dinvlad/a62d44325fa2b989a046fe984a06e140)
# Git
rebase older commit
```bash
git rebase --exec 'git commit --amend --no-edit -n -S' -i development
```
.. _`github`: https://github.com/drduh/YubiKey-Guide
Reference in a new issue View git blame Copy permalink