1 files changed, 63 insertions, 0 deletions

diff --git a/doc/note/gpg/gpg.txt b/doc/note/gpg/gpg.txt
new file mode 100644
index 0000000..c6274a8
--- /dev/null
+++ b/doc/note/gpg/gpg.txt
@@ -0,0 +1,63 @@
+
+How to GnuPG
+============
+
+WARN: You MUST only use those instructions if you know exactly what
+you're doing! If you don't, you MUST NOT use those instructions!
+
+
+## Prepare for a master key creation
+
+- Choose a storage medium which will keep the master key and will be
+  kept VERY SAVE somewhere (also think for some redundancy). WARN: If
+  you choose a medium which probably could fail, you will be screwed up
+  in a later point in time!
+- Choose how (or where?) to keep master passphrase.
+
+
+## Initialize a new master key
+
+  export GNUPGHOME=/mnt/your/master/.gnupg
+  gpg --full-gen-key
+
+
+## Add additional identities (as needed)
+
+  export GNUPGHOME=/mnt/your/master/.gnupg
+  gpg --edit-key foo@example.com
+  gpg> adduid
+  gpg> save
+
+
+## Create keys for some daily-use devices
+
+  export GNUPGHOME=/mnt/your/master/.gnupg
+  gpg --edit-key foo@example.com
+  # Add ONE shared encryption key
+  gpg> addkey    (then choose "encryp only")
+  # Add signing key foreach device you plan to use
+  gpg> addkey    (then choose "sign only")
+  gpg> addkey    (then choose "sign only")
+  gpg> addkey    (then choose "sign only")
+
+
+## Export subkeys for use on a daily-use device
+
+  export GNUPGHOME=/mnt/your/master/.gnupg
+  # Print list of what we have
+  gpg --edit-key foo@example.com quit
+  # For each device choose one encrypt and one sign key and replace F00 and BA5
+  # below with them.
+  gpg --export-secret-subkeys F00! BA5! > keys-for-device
+
+
+## Import prepared subkeys on daily-use device
+
+
+
+## Some other helpful places
+
+- "https://insight.o-o.studio/article/setting-up-gpg.html#encryption-key"
+- "https://davesteele.github.io/gpg/2014/09/20/anatomy-of-a-gpg-key/"
+- "https://gpg.wtf/"
+