rwx.work/rtfd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gpg

Browse source
This commit is contained in:
Marc Beninca 2017-12-05 22:32:10 +01:00
parent 250cb9eab4
commit ac20498839
1 changed files with 205 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

205
source/gpg/index.rst
View file

@ -1,3 +1,208 @@
### ###
GPG GPG
### ###
TODO
====
* setpref, or elsehow at key generation
* ! suffix to exclude subkeys
* trust
* sign
* delete
* ssh authentication ???
Configure
=========
wipe if needed
--------------
.. code:: shell
rm --force --recursive ~/.gnupg
mkdir -m 700 ~/.gnupg
check available algorithms
--------------------------
.. code:: shell
gpg --version
avoid default use of SHA256
---------------------------
* gpg.conf
::
cert-digest-algo SHA512
personal-digest-preferences SHA512
personal-cipher-preferences CAMELLIA256 TWOFISH AES256
personal-compress-preferences BZIP2 ZLIB ZIP
default-preference-list SHA512 CAMELLIA256 TWOFISH AES256 BZIP2 ZLIB ZIP
keyserver-options include-revoked
with-subkey-fingerprint
avoid DL/UL issues, depending on DNS
------------------------------------
* dirmngr.conf
::
standard-resolver
Also if up:
.. code:: shell
gpgconf --kill gpg-agent
killall dirmngr
Generate
========
master key
----------
.. code:: shell
gpg --full-generate-key
::
1 → RSA and RSA
4096
0 → key does not expire
y → this is correct
First Last
user@domain.tld
Comment
o → ok
PassPhrase
revocation certificate
----------------------
.. code:: shell
gpg --generate-revocation "KeyID" > "FFIINNGGEERRPPRRIINNTT.rev"
.. warning::
Hide this file in an encrypted container!
Search
======
.. code:: shell
gpg --search-keys "Key ID"
Download
========
.. code:: shell
gpg --receive-keys "KEY ID"
List
====
.. code:: shell
gpg --list-keys
Modify
======
.. code:: shell
gpg --edit-key "KEY ID"
[…]
::
PassPhrase
save
add a subkey to a master key
----------------------------
::
addkey
set expiration date
-------------------
::
expire
add another UserID
------------------
::
adduid
First Last
user@domain.tld
Comment
set primary UserID
------------------
::
uid 1
primary
Export
======
.. code:: shell
gpg --armor --export "Key ID" > pub.asc
Dump
====
.. code:: shell
pgpdump pub.asc
Secure
======
find out master keygrip
-----------------------
.. code:: shell
gpg --list-keys --with-keygrip
hide the master key in an encrypted container
---------------------------------------------
* ~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key
Upload
======
.. code:: shell
gpg --send-keys "KEY ID"
Revoke
======
.. code:: shell
gpg --import "FFIINNGGEERRPPRRIINNTT.rev"
gpg --send-keys "KEY ID"