{"id":25413826,"url":"https://github.com/musq/gpg-setup","last_synced_at":"2026-01-24T15:08:01.494Z","repository":{"id":176245003,"uuid":"165835552","full_name":"musq/gpg-setup","owner":"musq","description":"Guidelines to setup and get started with GnuPG","archived":false,"fork":false,"pushed_at":"2019-05-31T14:04:41.000Z","size":8,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-10-11T22:13:06.959Z","etag":null,"topics":["gpg-setup","gpg2","keyserver","ssh","subkey"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/musq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-01-15T10:59:17.000Z","updated_at":"2020-08-25T05:05:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"621a0613-cee1-4ac5-8161-7a69a533f74c","html_url":"https://github.com/musq/gpg-setup","commit_stats":null,"previous_names":["musq/gpg-setup"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/musq/gpg-setup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/musq%2Fgpg-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/musq%2Fgpg-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/musq%2Fgpg-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/musq%2Fgpg-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/musq","download_url":"https://codeload.github.com/musq/gpg-setup/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/musq%2Fgpg-setup/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28730310,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T10:24:43.181Z","status":"ssl_error","status_checked_at":"2026-01-24T10:24:36.112Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gpg-setup","gpg2","keyserver","ssh","subkey"],"created_at":"2025-02-16T14:32:04.979Z","updated_at":"2026-01-24T15:08:01.482Z","avatar_url":"https://github.com/musq.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# GPG-2 setup\n\n### Installation\n\n1. Install ***gpg2*** (for ubuntu)\n```sudo apt-get install gnupg2```\n\n1. Add following in ***~/.bash_aliases***\n```alias gpg='gpg2'```\n\n1. Source ***~/.bashrc***\n```source ~/.bashrc```\n\n1. Create ***~/.gnupg*** using one of the following ---\n - Copy any backed up ***.gnupg*** directory to ***~/.gnupg***, or\n - Initialize ***~/.gnupg*** directory using ```gpg -k```\n\n1. Copy ***gpg.conf*** \u0026 ***gpg-agent.conf*** from this repository to ***~/.gnupg***\n\n1. Add the following to ***~/.bashrc*** or ***~/.bash_profile***\n ```\n export GPG_TTY=$(tty)\n unset SSH_AGENT_PID\n if [ \"${gnupg_SSH_AUTH_SOCK_by:-0}\" -ne $$ ]; then\n export SSH_AUTH_SOCK=\"${HOME}/.gnupg/S.gpg-agent.ssh\"\n fi\n gpg-connect-agent /bye\n ```\n\n1. Source ***~/.bashrc***\n```source ~/.bashrc```\n\n1. Now, **logout and login**\n\n1. If needed,\n - Create a new primary key using ```gpg --expert --full-gen-key```\n - Use \u003e=4096 bit RSA for primary key\n - Use \u003e=2048 bit RSA for sub keys\n - Edit keys using ```gpg --expert --edit-key \u003cuid\u003e```\n - Add new subkeys using ```addkey```\n - Change passwords using ```passwd```\n - Type ```help``` for more options\n\n1. Create one subkey each of **Authentication, Encryption, Signing**\n\n1. To **add SSH support in gpg**, you must **create an *Authentication* subkey**, marked as ***[A]***\n\n1. To generate ***sshcontrol*** file, type ```ssh-add -l```\n\n1. **List gpg keys** by ---\n - Public keys: ```gpg -k```\n - Private keys: ```gpg -K```. If ***#*** appears after ***sec*** or ***ssb***, then it means private key is not present for that key-id\n\n1. Get ***keygrip*** of the keys\n```gpg -k --with-keygrip \u003cuid\u003e```\n\n1. **Add keygrip** of your authentication key to ***sshcontrol*** file **in a new line**\n\n1. Export **SSH public key** to be put on the servers' ***~/.ssh/authorized_keys***\n```gpg --export-ssh-key \u003ckey-id\u003e```\n\n1. You may now be able to SSH directly into the server\n\n1. *** ***VERY IMPORTANT*** *** Backup the whole ***~/.gnupg*** directory to a safe \u0026 secure place\n\n1. After backup has been created, you **must change passwords** of the primary key \u0026 sub keys\n\n1. Now ***delete the unnecessary private keys***. To delete the private keys ---\n - Find out the ***\u003ckeygrip\u003e*** of the keys using the above command\n - Delete ***~/.gnupg/private-keys-v1.d/\u003ckeygrip\u003e.key***\n\n1. To **edit existing keys** or to create a new subkey ---\n - Backup the ***~/.gnupg*** folder before proceeding (just in case anything goes wrong)\n - Retrieve the **remotely** backed up ***.gnupg*** directory (this backup is different from the one created using the just above instruction) in a ***tmp-path/.gnupg*** folder. Note that this folder contains all of the secret keys\n - Run relevant commands by adding ***homedir*** like, ```gpg --homedir tmp-path/.gnupg ...```\n - **Push the new changes** to the keyserver using ```gpg --homedir tmp-path/.gnupg --keyserver pgp.key-server.io --send-key \u003cYOURMASTERKEYID\u003e```\n - **Retrieve changes** to your ***~/.gnupg*** using ```gpg --keyserver pgp.key-server.io --recv-key \u003cYOURMASTERKEYID\u003e```\n - To **transfer private keys** to local folder, copy the ***tmp-path**/.gnupg/private-keys-v1.d/****\u003ckeygrip\u003e.key*** to ***~**/.gnupg/private-keys-v1.d/****\u003ckeygrip\u003e.key***\n\n1. To **search a key** in the keyserver use ```gpg --keyserver pgp.key-server.io --search-key \u003csearch-text\u003e```\n\n1. **Export keys** using ---\n - **Public** ```gpg -a --export \u003cuid\u003e```\n - ```-a``` option is same as ```--armor``` and is used to generate ASCII text\n - **Private** ```gpg -a --export-secret-keys \u003cuid\u003e```\n\n1. Run `gpgconf --kill gpg-agent` to kill any running agent that might be hung\n\n1. Run `gpg-connect-agent reloadagent /bye` to reload agent\n\n1. Run `gpgconf --list-dir agent-socket agent-extra-socket` to list actual location of sockets\n\n1. Run `gpg-connect-agent 'keyinfo --list' /bye` to list keys in the gpg-agent\n\n1. Run `gpg-connect-agent --dirmngr 'keyserver --hosttable'` to list available keyservers\n\n1. Kill dirmngr `gpgconf --kill dirmngr`\n\n\n### Resources\n\n1. https://wiki.debian.org/Subkeys\n1. https://www.gnupg.org/documentation/manuals/gnupg/Agent-Configuration.html\n1. https://github.com/kylef/dotfiles/blob/master/.gnupg/gpg.conf\n1. https://www.gnupg.org/gph/en/manual/book1.html\n1. https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmusq%2Fgpg-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmusq%2Fgpg-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmusq%2Fgpg-setup/lists"}