-
Notifications
You must be signed in to change notification settings - Fork 19
PGP
Dmitri edited this page Nov 7, 2022
·
34 revisions
# Generate master key
$ gpg --full-gen-key
---
Your selection? 1 (RSA and RSA)
What keysize do you want? (3072) 4096
Key is valid for? (0)
Is this correct? (y/N) y
Real name: Frequency
Email address: security
Not a valid email address
Email address: security@frequency.xyz
Comment: Frequency Chain Identity
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Password: <master password># Verify the key was added
$ gpg -K# Send public key to keyserver
$ gpg --keyserver hkp://keys.gnupg.net --send-keys <keyId># Set expiration for subkey
$ gpg --edit-key <keyId>
---
gpg> key 1
gpg> expire
Key is valid for? (0) 1y
Is this correct? (y/N) y# Add signing key
gpg> addkey
(4) RSA (sign only)
Your selection? 4
What keysize do you want? (3072) 4096
Key is valid for? (0) 1y
Is this correct? (y/N) y
Really create? (y/N) y# Check and save changes
gpg> list
gpg> save$ gpg --output frequency.revocation-certificate.gpg.txt --gen-revoke security@frequency.xyz
---
Create a revocation certificate for this key? (y/N) y
Your decision? 0
>
Is this okay? (y/N) yThe revocation certificate will be stored in frequency.revocation-certificate.gpg.txt Store the file offline and delete it from the device.
$ gpg --export-secret-keys --output frequency.secret.gpg.txt --armor <keyId>
Store frequency.secret.gpg file in a safe, offline and easy-to-remember place and delete it from the device. 3.3 Remove Master Key's secret from keyring. REMOVE THE MASTER KEY'S SECRET ONLY, LEAVING SUBKEYS ALONE.
gpg --delete-secret-key keyId
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
Delete secret key: <Delete Key>
Delete secret subkey: <No>
gpg: deleting secret subkey failed: Operation cancelled
gpg: BF90*******************: delete key failed: Operation cancelled
# Verify the secret is no longer present
$ gpg -K
sec# rsa4096 2022-11-04 [SC]
BF90*******************The # next to the Master Key's means that the secret part of that key is not present in the keyring anymore, therefore it is not usable.