diff options
author | Andreas Fankhauser hiddenalpha.ch | 2022-12-21 19:25:45 +0100 |
---|---|---|
committer | Andreas Fankhauser hiddenalpha.ch | 2022-12-21 19:25:45 +0100 |
commit | 4ea29f643b03b867d70bb159941f7b0eaf0ae348 (patch) | |
tree | 0eac16700b993c5d18dd1bc66b1023642f942811 | |
parent | afd3dbfe52127b53111059a5c189c507c6674526 (diff) | |
parent | 62bc794001bb6cc822059093b7879d7e173bd08c (diff) | |
download | UnspecifiedGarbage-4ea29f643b03b867d70bb159941f7b0eaf0ae348.zip UnspecifiedGarbage-4ea29f643b03b867d70bb159941f7b0eaf0ae348.tar.gz |
Merge gh master to local master
-rw-r--r-- | doc/note/gpg/gpg.txt | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/doc/note/gpg/gpg.txt b/doc/note/gpg/gpg.txt new file mode 100644 index 0000000..f375544 --- /dev/null +++ b/doc/note/gpg/gpg.txt @@ -0,0 +1,67 @@ + +How to GnuPG +============ + +WARN: You MUST only use those instructions if you know exactly what +you're doing! If you don't, you MUST NOT use those instructions! + + +## Prepare for a master key creation + +- Choose a storage medium which will keep the master key and will be + kept VERY SAVE somewhere (also think for some redundancy). WARN: If + you choose a medium which probably could fail, you will be screwed up + in a later point in time! +- Choose how (or where?) to keep master passphrase. + + +## Initialize a new master key + + export GNUPGHOME=/mnt/your/master/.gnupg + gpg --full-gen-key + + +## Add additional identities (as needed) + + export GNUPGHOME=/mnt/your/master/.gnupg + gpg --edit-key foo@example.com + gpg> adduid + gpg> save + + +## Create keys for some daily-use devices + + export GNUPGHOME=/mnt/your/master/.gnupg + gpg --edit-key foo@example.com + # Add ONE shared encryption key + gpg> addkey (then choose "encryp only") + # Add signing key foreach device you plan to use + gpg> addkey (then choose "sign only") + gpg> addkey (then choose "sign only") + gpg> addkey (then choose "sign only") + + +## Export subkeys for use on a daily-use device + + export GNUPGHOME=/mnt/your/master/.gnupg + # Print list of what we have + gpg --edit-key foo@example.com quit + # For each device choose one encrypt and one sign key and replace F00 and BA5 + # below with them. + gpg --export-secret-subkeys F00! BA5! > keys-for-device + + +## Import prepared subkeys on daily-use device + + gpg --import keys-for-device + gpg --edit-key foo@example.com + gpg> trust + gpg> save + + +## Some other helpful places + +- "https://insight.o-o.studio/article/setting-up-gpg.html#encryption-key" +- "https://davesteele.github.io/gpg/2014/09/20/anatomy-of-a-gpg-key/" +- "https://gpg.wtf/" + |