rwx.work/rtfd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
rtfd/in/public/security/gpg/overview.rst

237 lines
2.8 KiB
ReStructuredText
Raw Normal View History

gpg overview,servers
2019-05-14 08:39:00 +00:00
********
OverView
********
.. todo::
* setpref, or elsehow at key generation
* ! suffix to exclude subkeys
* trust
* sign
* delete
Generate
========
master key
----------
.. code:: shell
gpg --expert --full-generate-key
::
8 → RSA (set your own capabilities)
s → toggle the sign capability
e → toggle the encrypt capability
q → finished
4096
1y → key expires in 1 year
y → this is correct
First Last
user@domain.tld
comment
o → ok
.. code:: shell
gpg --quick-generate-key 'First Last <user@domain.tld>' rsa4096 cert 1y
revocation certificate
----------------------
.. code:: shell
gpg --generate-revocation "KeyID" > "FFIINNGGEERRPPRRIINNTT.rev"
::
y
::
0 → no reason specified
1 → key has been compromised
2 → key is superseded
3 → key is no longer used
::
description
y
.. warning::
Hide this file in an encrypted container!
Search
======
.. code:: shell
gpg --search-keys "Key ID"
Download
========
.. code:: shell
gpg --receive-keys "KEY ID"
List
====
.. code:: shell
gpg --list-keys
Modify
======
.. code:: shell
gpg --expert --edit-key "KEY ID"
[…]
::
save
add a subkey to a master key
----------------------------
::
addkey
8 → RSA (set your own capabilities)
[…]
::
q → finished
4096
1y → key expires in 1 year
y → this is correct
y → really create
sign
^^^^
::
e → toggle the encrypt capability
.. code:: shell
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 auth 1y
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 encr 1y
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 sign 1y
encrypt
^^^^^^^
::
s → toggle the sign capability
authenticate
^^^^^^^^^^^^
::
s → toggle the sign capability
e → toggle the encrypt capability
a → toggle the authenticate capability
set expiration date
-------------------
::
expire
1y
y
add another UserID
------------------
::
adduid
First Last
user@domain.tld
comment
o
set primary UserID
------------------
::
uid 1
primary
Export
======
private key
-----------
.. code:: shell
gpg --armor --export-secret-keys FFIINNGGEERRPPRRIINNTT > key.gpg
private subkeys
---------------
.. code:: shell
gpg --armor --export-secret-subkeys FFIINNGGEERRPPRRIINNTT > subkeys.gpg
public key
----------
.. code:: shell
gpg --armor --export "Key ID" > id.asc
public SSH key
--------------
.. code:: shell
gpg --armor --export-ssh-key "Key ID" > id.pub
Dump
====
.. code:: shell
pgpdump pub.asc
Secure
======
hide the master key in an encrypted container
---------------------------------------------
* ~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key
Upload
======
.. code:: shell
gpg --send-keys "KEY ID"
Revoke
======
.. code:: shell
gpg --import "FFIINNGGEERRPPRRIINNTT.rev"
gpg --send-keys "KEY ID"
Reference in a new issue Copy permalink