aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README.md90
1 files changed, 63 insertions, 27 deletions
diff --git a/README.md b/README.md
index 6fc9672..9a32316 100644
--- a/README.md
+++ b/README.md
@@ -219,17 +219,53 @@ $ gpg --gen-random -a 0 24
ydOmByxmDe63u7gqx2XI9eDgpvJwibNH
```
-Generate a new key with GPG, selecting `(4) RSA (sign only)` and `4096` bit keysize. Do not set the key to expire - see [Note #3](#notes).
+Generate a new key with GPG, selecting `(8) RSA (set your own capabilities)`, `Certify`-only and `4096` bit keysize. Do not set the key to expire - see [Note #3](#notes).
```console
-$ gpg --full-generate-key
+$ gpg --expert --full-generate-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
-Your selection? 4
+ (7) DSA (set your own capabilities)
+ (8) RSA (set your own capabilities)
+ (9) ECC and ECC
+ (10) ECC (sign only)
+ (11) ECC (set your own capabilities)
+ (13) Existing key
+Your selection? 8
+
+Possible actions for a RSA key: Sign Certify Encrypt Authenticate
+Current allowed actions: Sign Certify Encrypt
+
+ (S) Toggle the sign capability
+ (E) Toggle the encrypt capability
+ (A) Toggle the authenticate capability
+ (Q) Finished
+
+Your selection? e
+
+Possible actions for a RSA key: Sign Certify Encrypt Authenticate
+Current allowed actions: Sign Certify
+
+ (S) Toggle the sign capability
+ (E) Toggle the encrypt capability
+ (A) Toggle the authenticate capability
+ (Q) Finished
+
+Your selection? s
+
+Possible actions for a RSA key: Sign Certify Encrypt Authenticate
+Current allowed actions: Certify
+
+ (S) Toggle the sign capability
+ (E) Toggle the encrypt capability
+ (A) Toggle the authenticate capability
+ (Q) Finished
+
+Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
@@ -265,7 +301,7 @@ public and secret key created and signed.
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
-pub rsa4096/0xFF3E7D88647EBCDB 2017-10-09 [SC]
+pub rsa4096/0xFF3E7D88647EBCDB 2017-10-09 [C]
Key fingerprint = 011C E16B D45B 27A5 5BA8 776D FF3E 7D88 647E BCDB
uid Dr Duh <doc@duh.to>
```
@@ -288,7 +324,7 @@ $ gpg --expert --edit-key $KEYID
Secret key is available.
sec rsa4096/0xEA5DE91459B80592
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
[ultimate] (1). Dr Duh <doc@duh.to>
```
@@ -336,10 +372,10 @@ disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb rsa4096/0xBECFA3C1AE191D15
- created: 2017-10-09 expires: 2018-10-09 usage: S
+ created: 2017-10-09 expires: 2018-10-09 usage: S
[ultimate] (1). Dr Duh <doc@duh.to>
```
@@ -380,12 +416,12 @@ disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb rsa4096/0xBECFA3C1AE191D15
- created: 2017-10-09 expires: 2018-10-09 usage: S
+ created: 2017-10-09 expires: 2018-10-09 usage: S
ssb rsa4096/0x5912A795E90DD2CF
- created: 2017-10-09 expires: 2018-10-09 usage: E
+ created: 2017-10-09 expires: 2018-10-09 usage: E
[ultimate] (1). Dr Duh <doc@duh.to>
```
@@ -468,14 +504,14 @@ disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb rsa4096/0xBECFA3C1AE191D15
- created: 2017-10-09 expires: 2018-10-09 usage: S
+ created: 2017-10-09 expires: 2018-10-09 usage: S
ssb rsa4096/0x5912A795E90DD2CF
- created: 2017-10-09 expires: 2018-10-09 usage: E
+ created: 2017-10-09 expires: 2018-10-09 usage: E
ssb rsa4096/0x3F29127E79649A3D
- created: 2017-10-09 expires: 2018-10-09 usage: A
+ created: 2017-10-09 expires: 2018-10-09 usage: A
[ultimate] (1). Dr Duh <doc@duh.to>
gpg> save
@@ -489,7 +525,7 @@ List the generated secret keys and verify the output:
$ gpg --list-secret-keys
/tmp.FLZC0xcM/pubring.kbx
-------------------------------------------------------------------------
-sec rsa4096/0xFF3E7D88647EBCDB 2017-10-09 [SC]
+sec rsa4096/0xFF3E7D88647EBCDB 2017-10-09 [C]
Key fingerprint = 011C E16B D45B 27A5 5BA8 776D FF3E 7D88 647E BCDB
uid Dr Duh <doc@duh.to>
ssb rsa4096/0xBECFA3C1AE191D15 2017-10-09 [S] [expires: 2018-10-09]
@@ -795,14 +831,14 @@ $ gpg --edit-key $KEYID
Secret key is available.
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb rsa4096/0xBECFA3C1AE191D15
- created: 2017-10-09 expires: 2018-10-09 usage: S
+ created: 2017-10-09 expires: 2018-10-09 usage: S
ssb rsa4096/0x5912A795E90DD2CF
- created: 2017-10-09 expires: 2018-10-09 usage: E
+ created: 2017-10-09 expires: 2018-10-09 usage: E
ssb rsa4096/0x3F29127E79649A3D
- created: 2017-10-09 expires: 2018-10-09 usage: A
+ created: 2017-10-09 expires: 2018-10-09 usage: A
[ultimate] (1). Dr Duh <doc@duh.to>
```
@@ -814,7 +850,7 @@ Select and move the signature key. You will be prompted for the key passphrase a
gpg> key 1
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb* rsa4096/0xBECFA3C1AE191D15
created: 2017-10-09 expires: 2018-10-09 usage: S
@@ -845,7 +881,7 @@ gpg> key 1
gpg> key 2
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb rsa4096/0xBECFA3C1AE191D15
created: 2017-10-09 expires: 2018-10-09 usage: S
@@ -873,7 +909,7 @@ gpg> key 2
gpg> key 3
sec rsa4096/0xFF3E7D88647EBCDB
- created: 2017-10-09 expires: never usage: SC
+ created: 2017-10-09 expires: never usage: C
trust: ultimate validity: ultimate
ssb rsa4096/0xBECFA3C1AE191D15
created: 2017-10-09 expires: 2018-10-09 usage: S
@@ -899,7 +935,7 @@ Verify the subkeys have moved to YubiKey as indicated by `ssb>`:
$ gpg --list-secret-keys
/tmp.FLZC0xcM/pubring.kbx
-------------------------------------------------------------------------
-sec rsa4096/0xFF3E7D88647EBCDB 2017-10-09 [SC]
+sec rsa4096/0xFF3E7D88647EBCDB 2017-10-09 [C]
Key fingerprint = 011C E16B D45B 27A5 5BA8 776D FF3E 7D88 647E BCDB
uid Dr Duh <doc@duh.to>
ssb> rsa4096/0xBECFA3C1AE191D15 2017-10-09 [S] [expires: 2018-10-09]
@@ -1021,7 +1057,7 @@ $ gpg --edit-key $KEYID
Secret key is available.
gpg> trust
-pub 4096R/0xFF3E7D88647EBCDB created: 2016-05-24 expires: never usage: SC
+pub 4096R/0xFF3E7D88647EBCDB created: 2016-05-24 expires: never usage: C
trust: unknown validity: unknown
sub 4096R/0xBECFA3C1AE191D15 created: 2017-10-09 expires: 2018-10-09 usage: S
sub 4096R/0x5912A795E90DD2CF created: 2017-10-09 expires: 2018-10-09 usage: E
@@ -1041,7 +1077,7 @@ Please decide how far you trust this user to correctly verify other users' keys
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
-pub 4096R/0xFF3E7D88647EBCDB created: 2016-05-24 expires: never usage: SC
+pub 4096R/0xFF3E7D88647EBCDB created: 2016-05-24 expires: never usage: C
trust: ultimate validity: unknown
sub 4096R/0xBECFA3C1AE191D15 created: 2017-10-09 expires: 2018-10-09 usage: S
sub 4096R/0x5912A795E90DD2CF created: 2017-10-09 expires: 2018-10-09 usage: E
@@ -1094,7 +1130,7 @@ ssb> 4096R/0x3F29127E79649A3D created: 2017-10-09 expires: 2018-10-09
# Encryption
```console
-$ echo "test message string" | gpg --encrypt --armor --recipient $KEYID
+$ echo "test message string" | gpg --encrypt --armor --recipient $KEYID
-----BEGIN PGP MESSAGE-----
hQIMA1kSp5XpDdLPAQ/+JyYfLaUS/+llEzQaKDb5mWhG4HlUgD99dNJUXakm085h
@@ -1399,7 +1435,7 @@ $ scp ~/.gnupg/pubring.kbx remote:~/.gnupg/
* Finally, to enable agent forwarding for a given machine, add the following to the local machine's ssh config file `~/.ssh/config` (your agent sockets may be different):
```
-Host
+Host
Hostname your-domain
ForwardAgent yes
RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra