{"id":24290496,"url":"https://github.com/cda0/gpg-keys","last_synced_at":"2026-04-15T00:31:18.748Z","repository":{"id":146996456,"uuid":"241434826","full_name":"CDA0/gpg-keys","owner":"CDA0","description":null,"archived":false,"fork":false,"pushed_at":"2021-01-06T11:30:28.000Z","size":2,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-06T02:32:26.154Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CDA0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-18T18:20:23.000Z","updated_at":"2021-01-06T11:30:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"9342dca6-8dc3-497e-9cde-fc2c0a95aa25","html_url":"https://github.com/CDA0/gpg-keys","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CDA0/gpg-keys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CDA0%2Fgpg-keys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CDA0%2Fgpg-keys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CDA0%2Fgpg-keys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CDA0%2Fgpg-keys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CDA0","download_url":"https://codeload.github.com/CDA0/gpg-keys/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CDA0%2Fgpg-keys/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31821381,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-14T18:05:02.291Z","status":"ssl_error","status_checked_at":"2026-04-14T18:05:01.765Z","response_time":153,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-16T11:52:57.909Z","updated_at":"2026-04-15T00:31:18.727Z","avatar_url":"https://github.com/CDA0.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GPG Key creation\n\n## Generate a primary keypair for an identity\n\n`gpg --expert --full-generate-key`\n\nSelect `RSA (set your own capabilities)`.\n\nToggle `sign` and `encrypt` OFF so the `current allowed actions` is `certify`***.\n\n****Create a key length of 4096 bits.\n\nProvide an expiry date (3y).\n\nFinish creating with name and email.\n\n## Add subkeys\n\nAdd shorterlived subkeys for sign, encryption and authenticate.\n\n`gpg --export --edit-key name@example.com`\n\nThe prompt will change to `gpg\u003e`.\n\nThe `addkey` command is used to create each subkey. Choose the option for `RSA (set your own capabilities)`.\n\nUse a smaller length of 3072 to reduce size of the key.\n\nAfter all three subkeys are created use the `save` command to exit.\n\n## Add a picture\n\nYou can also at this point add a small image tothey key, but I won't cover that.\n\n## Export the secret\n\n`gpg --export-secret-key --armor name@example.com \u003e \\\u003cname@example.com\\\u003e.private.gpg-key`\n\n## Create a revocation certificate\n\n`gpg --armor --gen-revoke name@example.com \u003e \\\u003cname@example.com\\\u003e.gpg-revocation-certificate`\n\n## Create qr codes\n\nUse the `./printkey.sh` script to take a key, split it up and create a qrcode for each part.\nPrint these out and store them safely.\n\n## Test scanned keypair\n\nRun the following command to ensure the crc of the keypair is good.\n`gpg --dearmor newkey \u003e/dev/null`\n\nIf the key is already exported we can diff the files:\n\n`diff input \u003cname@example.com\u003e`\n\n## Remove the primary key\n\nCheck the output of `gpg --list-secret-keys`\n\n```\ngpg --export-secret-subkeys --armor name@example.com \u003e \\\u003cname@example.com\\\u003e.subkeys.gpg-key\ngpg --delete-secret-keys name@example.com\ngpg --import \\\u003cname@example.com\\\u003e.subkeys.gpg-key\n```\n\nNow look at the output of `gpg --list-secret-keys` it should say `#sec` in the first key.\nThis means that the signing key is not in the keypair.\n\nNow `shred -z -u $file` any exported files.\n\n## Move to another system\n\n`gpg --export-secret-keys --armor name@example.com \u003e \\\u003cname@example.com\\\u003e.laptop.private.gpg-key`\n`gpg --export --armor name@example.com \u003e \\\u003cname@example.com\\\u003e.laptop.public.gpg-key`\n\nThen on the new system\n\n`gpg --import \\\u003cname@example.com\\\u003e.laptop.public.gpg-key`\n`gpg --import \\\u003cname@example.com\\\u003e.laptop.private.gpg-key`\n\n## Restoring\n\nScan each barcode into a file:\n\n`zbarcam --raw \u003e\u003e inputkey`\n\nverify the CRC with\n\n`gpg --dearmor inputkey \u003e/dev/null`\n\nAfter scanning there might be a 0x0A missing at the end of line 1 and an extra 0x0A at the end of\nthe last line.\n\nImporting to an offline RPI running raspian involves using the loopback pinentry command\n\n`gpg --import --pinentry-mode loopback inputkey`\n\n## Expiring keys\n\nWhen a key is expiring\n\n`gpg --expert --edit-key \u003ckey\u003e`\n\n`key 1`\n\n`expire`\n\n## SSH Keys\n\nTo export ssh public key\n\n`gpg --export-ssh-key name@email.com`\n\nand the privatekey\n\n`gpg --export-ssh-secret-key name@email.com`\n\n## Resources\n\n* https://alexcabal.com/creating-the-perfect-gpg-keypair\n* https://spin.atomicobject.com/2013/11/24/secure-gpg-keys-guide/\n* https://unix.stackexchange.com/questions/280222/generating-qr-code-of-very-big-file\n* http://wiki.debian.org/subkeys\n* https://security.stackexchange.com/questions/31594/what-is-a-good-general-purpose-gnupg-key-setup\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcda0%2Fgpg-keys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcda0%2Fgpg-keys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcda0%2Fgpg-keys/lists"}