Skip to content
/ gpg-setup Public

Guidelines to setup and get started with GnuPG

Notifications You must be signed in to change notification settings

musq/gpg-setup

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

GPG-2 setup

Installation

  1. Install gpg2 (for ubuntu) sudo apt-get install gnupg2

  2. Add following in ~/.bash_aliases alias gpg='gpg2'

  3. Source ~/.bashrc source ~/.bashrc

  4. Create ~/.gnupg using one of the following ---

    • Copy any backed up .gnupg directory to ~/.gnupg, or
    • Initialize ~/.gnupg directory using gpg -k
  5. Copy gpg.conf & gpg-agent.conf from this repository to ~/.gnupg

  6. Add the following to ~/.bashrc or ~/.bash_profile

    export GPG_TTY=$(tty)
    unset SSH_AGENT_PID
    if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
      export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
    fi
    gpg-connect-agent /bye
    
  7. Source ~/.bashrc source ~/.bashrc

  8. Now, logout and login

  9. If needed,

    • Create a new primary key using gpg --expert --full-gen-key
      • Use >=4096 bit RSA for primary key
      • Use >=2048 bit RSA for sub keys
    • Edit keys using gpg --expert --edit-key <uid>
      • Add new subkeys using addkey
      • Change passwords using passwd
      • Type help for more options
  10. Create one subkey each of Authentication, Encryption, Signing

  11. To add SSH support in gpg, you must create an Authentication subkey, marked as [A]

  12. To generate sshcontrol file, type ssh-add -l

  13. List gpg keys by ---

    • Public keys: gpg -k
    • Private keys: gpg -K. If # appears after sec or ssb, then it means private key is not present for that key-id
  14. Get keygrip of the keys gpg -k --with-keygrip <uid>

  15. Add keygrip of your authentication key to sshcontrol file in a new line

  16. Export SSH public key to be put on the servers' ~/.ssh/authorized_keys gpg --export-ssh-key <key-id>

  17. You may now be able to SSH directly into the server

  18. *** VERY IMPORTANT *** Backup the whole ~/.gnupg directory to a safe & secure place

  19. After backup has been created, you must change passwords of the primary key & sub keys

  20. Now delete the unnecessary private keys. To delete the private keys ---

    • Find out the of the keys using the above command
    • Delete ~/.gnupg/private-keys-v1.d/.key
  21. To edit existing keys or to create a new subkey ---

    • Backup the ~/.gnupg folder before proceeding (just in case anything goes wrong)
    • Retrieve the remotely backed up .gnupg directory (this backup is different from the one created using the just above instruction) in a tmp-path/.gnupg folder. Note that this folder contains all of the secret keys
    • Run relevant commands by adding homedir like, gpg --homedir tmp-path/.gnupg ...
    • Push the new changes to the keyserver using gpg --homedir tmp-path/.gnupg --keyserver pgp.key-server.io --send-key <YOURMASTERKEYID>
    • Retrieve changes to your ~/.gnupg using gpg --keyserver pgp.key-server.io --recv-key <YOURMASTERKEYID>
    • To transfer private keys to local folder, copy the tmp-path/.gnupg/private-keys-v1.d/.key to ~/.gnupg/private-keys-v1.d/.key
  22. To search a key in the keyserver use gpg --keyserver pgp.key-server.io --search-key <search-text>

  23. Export keys using ---

    • Public gpg -a --export <uid>
      • -a option is same as --armor and is used to generate ASCII text
    • Private gpg -a --export-secret-keys <uid>
  24. Run gpgconf --kill gpg-agent to kill any running agent that might be hung

  25. Run gpg-connect-agent reloadagent /bye to reload agent

  26. Run gpgconf --list-dir agent-socket agent-extra-socket to list actual location of sockets

  27. Run gpg-connect-agent 'keyinfo --list' /bye to list keys in the gpg-agent

  28. Run gpg-connect-agent --dirmngr 'keyserver --hosttable' to list available keyservers

  29. Kill dirmngr gpgconf --kill dirmngr

Resources

  1. https://wiki.debian.org/Subkeys
  2. https://www.gnupg.org/documentation/manuals/gnupg/Agent-Configuration.html
  3. https://github.com/kylef/dotfiles/blob/master/.gnupg/gpg.conf
  4. https://www.gnupg.org/gph/en/manual/book1.html
  5. https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html

About

Guidelines to setup and get started with GnuPG

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published