Last active
November 20, 2022 12:00
-
-
Save daimaou92/80a51d703cc970af8d8bd4b71bed381c to your computer and use it in GitHub Desktop.
GPG Key Management
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Put this in "$HOME/.gitconfig" | |
| [user] | |
| name = Dai Maou | |
| email = [email protected] | |
| signingkey = [email protected] | |
| [commit] | |
| gpgsign = true | |
| [tag] | |
| gpgSign = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############## BACKUP ################### | |
| First determine which key to backup | |
| $ gpg --list-secret-keys --keyid-format LONG | |
| Export the private key of choice: | |
| $ gpg -o private.gpg --export-options backup --export-secret-keys [email protected] | |
| This will place a file private.gpg in your current working directory. | |
| Encrypt this with something - see the `Encrypt Archive with GPG` file in this gist. | |
| Do at least this before storing this key anywhere. There are other massive discussions and | |
| threads around this everywhere on the Internet - just search for `storing GPG key securely`. | |
| ############## RESTORE ################### | |
| Restore the above backed up Key: | |
| (obviously decrypt first if you had encrypted it beforehand) | |
| $ gpg --import-options restore --import private.gpg | |
| Now edit it to trust it: | |
| $ gpg --edit-key [email protected] | |
| Type "trust" in the prompt that appears: | |
| gpg> trust | |
| You should see a menu like this: | |
| 1 = I don't know or won't say | |
| 2 = I do NOT trust | |
| 3 = I trust marginally | |
| 4 = I trust fully | |
| 5 = I trust ultimately | |
| m = back to the main menu | |
| Type "5" to trust the key completely: | |
| Your decision? 5 | |
| Type 'y' to confirm | |
| Then 'quit': | |
| gpg> quit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ export GPG_TTY=$(tty) | |
| # Encrypt | |
| $ tar czvpf - privateerrisnil.gpg | gpg --symmetric --cipher-algo aes256 -o errisnil.tar.gz.gpg | |
| # Decrypt | |
| $ gpg -d myarchive.tar.gz.gpg | tar xzvf - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| COPIED FROM: https://nickjanetakis.com/blog/creating-and-managing-a-gpg-key-pair | |
| List your GPG keys | |
| $ gpg --list-keys | |
| Generate a new GPG key pair | |
| $ gpg --full-generate-key | |
| # Pick RSA / RSA (1), 4096 bits and choose an expiration date. | |
| Edit your GPG key’s expiration date | |
| $ gpg --edit-key [email protected] | |
| # key 0 | |
| # expire [pick a new exp date] | |
| # key 1 | |
| # expire [pick a new exp date] | |
| # save | |
| Here’s a list of other things you can edit: https://www.gnupg.org/gph/en/manual/r899.html | |
| Change your GPG key’s passphrase | |
| $ gpg --passwd [email protected] | |
| Generate and import a GPG revoke certificate | |
| # You can skip this step if you're using GnuPG version 2.1 or above. | |
| $ gpg --output revoke-nickexample.asc --gen-revoke [email protected] | |
| # Revoke the GPG key. | |
| $ gpg --import revoke-nickexample.asc | |
| Export your GPG public key | |
| # Echo your public key to stdout. | |
| $ gpg --export --armor [email protected] | |
| # Write your public key to a file. | |
| $ gpp --export --armor --output nickexample.gpg.pub [email protected] | |
| Backup and restore your GPG key pair | |
| You can backup the entire ~/.gnupg/ directory and restore it as needed. This is beneficial because it includes your GPG key pair, trust ring, gpg configuration and everything else that GnuPG needs to work. | |
| Alternatively you can run this command to backup just your private key, which includes your public key too: | |
| $ gpg --export-secret-keys --output --armor nickexample.gpg [email protected] | |
| You should never share this directory or private key with anyone. | |
| Export your GPG public key | |
| # Echo your public key to stdout. | |
| $ gpg --export --armor [email protected] | |
| # Write your public key to a file. | |
| $ gpp --export --armor --output nickexample.gpg.pub [email protected] | |
| This public key is safe to share with others. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ~/.gnupg/gpg-agent.conf | |
| default-cache-ttl 604800 | |
| max-cache-ttl 604800 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment