Creating the perfect GPG keypair

gpg.sh

#!/usr/bin/env bash
# Original: https://alexcabal.com/creating-the-perfect-gpg-keypair/

KEY=xyz
DATE=$(date +"%Y%m%d")
SCRIPT_BASEDIR=$(dirname $0)


cd $SCRIPT_BASEDIR
echo "This script is not for use in automation"
echo "Use it step by step"
exit 1

# Generate
gpg --gen-key
# (1) RSA and RSA (default)
# 0 = key does not expire

# Strengthening Hash Preferences
gpg --edit-key $KEY
#Supported algorithms:
# Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
# Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,CAMELLIA128, CAMELLIA192, CAMELLIA256
# Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
# Compression: Uncompressed, ZIP, ZLIB, BZIP2

# setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
# save

# Add subkey
gpg --edit-key $KEY
# addkey
# (4) RSA (sign only)
# 0 = key does not expire
# save

# Export Public Key
gpg -a -o ${KEY}_${DATE}.public.asc --export $KEY

# Export Private Key
gpg -a -o ${KEY}_${DATE}.private.asc --export-secret-keys $KEY

# Creating Revocation Certificate
gpg -a -o ${KEY}_${DATE}.revoccert.asc --gen-revoke $KEY

# Integrity check
shasum -a 256 -b ${KEY}_${DATE}.public.asc ${KEY}_${DATE}.private.asc ${KEY}_${DATE}.revoccert.asc > ${KEY}_${DATE}.sha256sum

# Transforming your Master Key Pair into your laptop

# Export all of the subkeys
gpg -a -o ${KEY}_${DATE}.subkeys.asc --export-secret-subkeys $KEY

# Delete the original signing subkey
gpg --delete-secret-key $KEY

# Import subkeys
gpg --import ${KEY}_${DATE}.subkeys.asc
#rm --remove ${KEY}_${DATE}.subkeys.asc
#shred --remove ${KEY}_${DATE}.subkeys.asc


# Symetric
gpg --no-tty --batch --passphrase supersecret --cipher-algo AES256 -c file.txt
gpg --no-tty --batch --passphrase supersecret -d -o file.txt file.txt.gpg