jralvarezc · August 29, 2023 19:49
diff --git a/gpg-genkeys.sh b/gpg-genkeys.sh
 # create master key with only certify capability

 $ gpg --quick-generate-key "Rafael Alvarez <[email protected]>" rsa4096 cert 1y                         
 gpg: key CA8AF23220D60863 marked as ultimately trusted
 gpg: revocation certificate stored as '/home/ralvarez/.gnupg/openpgp-revocs.d/AD07FCBA7DBE90338618549CCA8AF23220D60863.rev'
 public and secret key created and signed.

 Note that this key cannot be used for encryption.  You may want to use
 the command "--edit-key" to generate a subkey for this purpose.
 pub   rsa4096 2019-08-18 [C] [expires: 2020-08-17]
      AD07FCBA7DBE90338618549CCA8AF23220D60863
 uid                      Rafael Alvarez <[email protected]>

 # create rest of identities
 $ gpg --quick-adduid AD07FCBA7DBE90338618549CCA8AF23220D60863 "Rafael Alvarez <[email protected]>"        
 $ gpg --quick-adduid AD07FCBA7DBE90338618549CCA8AF23220D60863 "Rafael Alvarez <[email protected]>"

 # create one subkey for one specific capability

 $ gpg --quick-addkey AD07FCBA7DBE90338618549CCA8AF23220D60863 rsa3072 sign 1y
 $ gpg --quick-addkey AD07FCBA7DBE90338618549CCA8AF23220D60863 rsa3072 encrypt 1y 
 $ gpg --quick-addkey AD07FCBA7DBE90338618549CCA8AF23220D60863 rsa3072 auth 1y        

 $ gpg --edit-key [email protected]                                                              
 gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.

 Secret key is available.

 sec  rsa4096/CA8AF23220D60863
     created: 2019-08-18  expires: 2020-08-17  usage: C   
     trust: ultimate      validity: ultimate
 ssb  rsa3072/63C3E0F03696977F
     created: 2019-08-18  expires: 2020-08-17  usage: S   
 ssb  rsa3072/850A5A6F516C26B0
     created: 2019-08-18  expires: 2020-08-17  usage: E   
 ssb  rsa3072/CCB9A0245AB8A500
     created: 2019-08-18  expires: 2020-08-17  usage: A   
 [ unknown] (1). Rafael Alvarez <[email protected]>
 [ultimate] (2)  Rafael Alvarez <[email protected]>
 [ unknown] (3)  Rafael Alvarez <[email protected]>

 gpg> trust 
 sec  rsa4096/CA8AF23220D60863
     created: 2019-08-18  expires: 2020-08-17  usage: C   
     trust: ultimate      validity: ultimate
 ssb  rsa3072/63C3E0F03696977F
     created: 2019-08-18  expires: 2020-08-17  usage: S   
 ssb  rsa3072/850A5A6F516C26B0
     created: 2019-08-18  expires: 2020-08-17  usage: E   
 ssb  rsa3072/CCB9A0245AB8A500
     created: 2019-08-18  expires: 2020-08-17  usage: A   
 [ unknown] (1). Rafael Alvarez <[email protected]>
 [ultimate] (2)  Rafael Alvarez <[email protected]>
 [ unknown] (3)  Rafael Alvarez <[email protected]>

 Please decide how far you trust this user to correctly verify other users' keys
 (by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

 Your decision? 5
 Do you really want to set this key to ultimate trust? (y/N) y

 sec  rsa4096/CA8AF23220D60863
     created: 2019-08-18  expires: 2020-08-17  usage: C   
     trust: ultimate      validity: ultimate
 ssb  rsa3072/63C3E0F03696977F
     created: 2019-08-18  expires: 2020-08-17  usage: S   
 ssb  rsa3072/850A5A6F516C26B0
     created: 2019-08-18  expires: 2020-08-17  usage: E   
 ssb  rsa3072/CCB9A0245AB8A500
     created: 2019-08-18  expires: 2020-08-17  usage: A   
 [ unknown] (1). Rafael Alvarez <[email protected]>
 [ultimate] (2)  Rafael Alvarez <[email protected]>
 [ unknown] (3)  Rafael Alvarez <[email protected]>

 gpg> save
 Key not changed so no update needed.

 $ gpg --list-keys                         
 gpg: checking the trustdb
 gpg: marginals needed: 3  completes needed: 1  trust model: pgp
 gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
 gpg: next trustdb check due at 2020-08-17
 /home/ralvarez/.gnupg/pubring.kbx
 ---------------------------------
 pub   rsa2048 2003-12-10 [SC] [expires: 2034-08-14]
      3660BC4AB81D3472B1FFF0ADC8C71A9539BB323D
 uid           [ultimate] Juan Alvarez <[email protected]>
 uid           [ultimate] Juan Alvarez <[email protected]>
 uid           [ultimate] Juan Alvarez <[email protected]>
 sub   rsa2048 2003-12-10 [E]

 pub   rsa4096 2019-08-18 [C] [expires: 2020-08-17]
      AD07FCBA7DBE90338618549CCA8AF23220D60863
 uid           [ultimate] Rafael Alvarez <[email protected]>
 uid           [ultimate] Rafael Alvarez <[email protected]>
 uid           [ultimate] Rafael Alvarez <[email protected]>
 sub   rsa3072 2019-08-18 [S] [expires: 2020-08-17]
 sub   rsa3072 2019-08-18 [E] [expires: 2020-08-17]
 sub   rsa3072 2019-08-18 [A] [expires: 2020-08-17]
	# create master key with only certify capability

	$ gpg --quick-generate-key "Rafael Alvarez <[email protected]>" rsa4096 cert 1y
	gpg: key CA8AF23220D60863 marked as ultimately trusted
	gpg: revocation certificate stored as '/home/ralvarez/.gnupg/openpgp-revocs.d/AD07FCBA7DBE90338618549CCA8AF23220D60863.rev'
	public and secret key created and signed.

	Note that this key cannot be used for encryption. You may want to use
	the command "--edit-key" to generate a subkey for this purpose.
	pub rsa4096 2019-08-18 [C] [expires: 2020-08-17]
	AD07FCBA7DBE90338618549CCA8AF23220D60863
	uid Rafael Alvarez <[email protected]>

	# create rest of identities
	$ gpg --quick-adduid AD07FCBA7DBE90338618549CCA8AF23220D60863 "Rafael Alvarez <[email protected]>"
	$ gpg --quick-adduid AD07FCBA7DBE90338618549CCA8AF23220D60863 "Rafael Alvarez <[email protected]>"

	# create one subkey for one specific capability

	$ gpg --quick-addkey AD07FCBA7DBE90338618549CCA8AF23220D60863 rsa3072 sign 1y
	$ gpg --quick-addkey AD07FCBA7DBE90338618549CCA8AF23220D60863 rsa3072 encrypt 1y
	$ gpg --quick-addkey AD07FCBA7DBE90338618549CCA8AF23220D60863 rsa3072 auth 1y

	$ gpg --edit-key [email protected]
	gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law.

	Secret key is available.

	sec rsa4096/CA8AF23220D60863
	created: 2019-08-18 expires: 2020-08-17 usage: C
	trust: ultimate validity: ultimate
	ssb rsa3072/63C3E0F03696977F
	created: 2019-08-18 expires: 2020-08-17 usage: S
	ssb rsa3072/850A5A6F516C26B0
	created: 2019-08-18 expires: 2020-08-17 usage: E
	ssb rsa3072/CCB9A0245AB8A500
	created: 2019-08-18 expires: 2020-08-17 usage: A
	[ unknown] (1). Rafael Alvarez <[email protected]>
	[ultimate] (2) Rafael Alvarez <[email protected]>
	[ unknown] (3) Rafael Alvarez <[email protected]>

	gpg> trust
	sec rsa4096/CA8AF23220D60863
	created: 2019-08-18 expires: 2020-08-17 usage: C
	trust: ultimate validity: ultimate
	ssb rsa3072/63C3E0F03696977F
	created: 2019-08-18 expires: 2020-08-17 usage: S
	ssb rsa3072/850A5A6F516C26B0
	created: 2019-08-18 expires: 2020-08-17 usage: E
	ssb rsa3072/CCB9A0245AB8A500
	created: 2019-08-18 expires: 2020-08-17 usage: A
	[ unknown] (1). Rafael Alvarez <[email protected]>
	[ultimate] (2) Rafael Alvarez <[email protected]>
	[ unknown] (3) Rafael Alvarez <[email protected]>

	Please decide how far you trust this user to correctly verify other users' keys
	(by looking at passports, checking fingerprints from different sources, etc.)

	1 = I don't know or won't say
	2 = I do NOT trust
	3 = I trust marginally
	4 = I trust fully
	5 = I trust ultimately
	m = back to the main menu

	Your decision? 5
	Do you really want to set this key to ultimate trust? (y/N) y

	sec rsa4096/CA8AF23220D60863
	created: 2019-08-18 expires: 2020-08-17 usage: C
	trust: ultimate validity: ultimate
	ssb rsa3072/63C3E0F03696977F
	created: 2019-08-18 expires: 2020-08-17 usage: S
	ssb rsa3072/850A5A6F516C26B0
	created: 2019-08-18 expires: 2020-08-17 usage: E
	ssb rsa3072/CCB9A0245AB8A500
	created: 2019-08-18 expires: 2020-08-17 usage: A
	[ unknown] (1). Rafael Alvarez <[email protected]>
	[ultimate] (2) Rafael Alvarez <[email protected]>
	[ unknown] (3) Rafael Alvarez <[email protected]>

	gpg> save
	Key not changed so no update needed.

	$ gpg --list-keys
	gpg: checking the trustdb
	gpg: marginals needed: 3 completes needed: 1 trust model: pgp
	gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
	gpg: next trustdb check due at 2020-08-17
	/home/ralvarez/.gnupg/pubring.kbx
	---------------------------------
	pub rsa2048 2003-12-10 [SC] [expires: 2034-08-14]
	3660BC4AB81D3472B1FFF0ADC8C71A9539BB323D
	uid [ultimate] Juan Alvarez <[email protected]>
	uid [ultimate] Juan Alvarez <[email protected]>
	uid [ultimate] Juan Alvarez <[email protected]>
	sub rsa2048 2003-12-10 [E]

	pub rsa4096 2019-08-18 [C] [expires: 2020-08-17]
	AD07FCBA7DBE90338618549CCA8AF23220D60863
	uid [ultimate] Rafael Alvarez <[email protected]>
	uid [ultimate] Rafael Alvarez <[email protected]>
	uid [ultimate] Rafael Alvarez <[email protected]>
	sub rsa3072 2019-08-18 [S] [expires: 2020-08-17]
	sub rsa3072 2019-08-18 [E] [expires: 2020-08-17]
	sub rsa3072 2019-08-18 [A] [expires: 2020-08-17]