2020-12-08 08:15:10 +00:00
|
|
|
# HowtoGPG
|
|
|
|
|
2020-12-08 09:53:00 +00:00
|
|
|
## Some commands:
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
|
|
|
$ gpg --card-status
|
|
|
|
$ gpg --export-ssh-key keyID
|
|
|
|
$ gpg --armor --export keyID > pubkey.asc
|
2020-12-08 08:15:10 +00:00
|
|
|
```
|
|
|
|
|
2020-12-08 09:53:00 +00:00
|
|
|
## Use Nitrokey from new system:
|
2020-12-08 08:15:10 +00:00
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
|
|
|
$ gpg --import pubkey.asc
|
|
|
|
$ gpg --card-status
|
2020-12-08 08:15:10 +00:00
|
|
|
```
|
2020-12-08 08:39:09 +00:00
|
|
|
|
2021-02-07 12:54:46 +00:00
|
|
|
## Use GPG Agent as SSH Agent
|
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
|
|
|
$ vim .gnupg/gpg-agent.conf
|
2021-02-07 12:54:46 +00:00
|
|
|
enable-ssh-support
|
2021-02-07 12:59:00 +00:00
|
|
|
pinentry-program /usr/bin/pinentry-qt
|
2021-02-07 12:54:46 +00:00
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
$ systemctl --user enable --now /usr/lib/systemd/user/gpg-agent*
|
2021-02-09 23:51:27 +00:00
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
$ vim .bashrc
|
2021-02-09 23:51:27 +00:00
|
|
|
export SSH_AUTH_SOCK="/run/user/$(id -u)/gnupg/S.gpg-agent.ssh"
|
2021-02-07 12:54:46 +00:00
|
|
|
```
|
|
|
|
|
2020-12-08 09:53:00 +00:00
|
|
|
## Export your public key to your web server:
|
2020-12-08 08:39:09 +00:00
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
2020-12-08 08:39:09 +00:00
|
|
|
$ mkdir openpgpkey
|
2020-12-08 08:39:25 +00:00
|
|
|
$ gpg --list-options show-only-fpr-mbox -k keyID | /usr/lib/gnupg/gpg-wks-client -v --install-key
|
2020-12-08 08:39:09 +00:00
|
|
|
```
|
|
|
|
|
2020-12-08 09:33:33 +00:00
|
|
|
Then publish to your web server. https://openpgpkey.example.com/.well-known/openpgpkey/example.com/hu/
|
2020-12-08 09:53:00 +00:00
|
|
|
My public key is available via: <https://openpgpkey.benpro.fr/.well-known/openpgpkey/benpro.fr/hu/7ue9nu5hdtshxjynnn6haqyohye8716e>
|
|
|
|
|
|
|
|
## Get public keys
|
|
|
|
|
|
|
|
### From WKD
|
|
|
|
|
2020-12-08 09:57:30 +00:00
|
|
|
WKD mean Web Key Directory. Interesting website: <https://metacode.biz/openpgp/web-key-directory>
|
2020-12-08 09:53:00 +00:00
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
|
|
|
$ gpg --locate-key user@example.com
|
2020-12-08 11:02:23 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
### From keyserver
|
|
|
|
|
|
|
|
#### With keys.openpgp.org
|
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
|
|
|
$ echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf
|
|
|
|
$ gpg --auto-key-locate keyserver --locate-keys user@example.com
|
2020-12-08 11:02:23 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
#### With sks-keyservers.net
|
|
|
|
|
2021-02-20 06:06:15 +00:00
|
|
|
```console
|
|
|
|
$ gpg --keyserver pool.sks-keyservers.net --recv-keys keyID
|
2020-12-08 11:02:23 +00:00
|
|
|
```
|
|
|
|
|