Skip to content
This repository has been archived by the owner on Aug 26, 2023. It is now read-only.

duxsco/gpg-config-and-scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits

assets

assets

 
 

bin

bin

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

dirmngr.conf

dirmngr.conf

 
 

gpg-agent.conf

gpg-agent.conf

 
 

gpg.conf

gpg.conf

 
 

scdaemon.conf

scdaemon.conf

 
 

sshcontrol

sshcontrol

 
 

Repository files navigation

My GnuPG configuration and some helper scripts

  __________________________________________________
/ This repo has been archived!                       \
| Its successor is at:                               |
\ https://codeberg.org/duxsco/gpg-config-and-scripts /
  --------------------------------------------------
         \   ^__^
          \  (oo)\_______
             (__)\       )\/\
                 ||----w |
                 ||     ||

⚠️ If you want to create a new keypair, you cann follow the section Create a GnuPG keypair. ⚠️

System requirements

This repo assumes you using GnuPG 2.3.x (stable).

macOS needs these HomeBrew packages to be installed:

  • bash
  • findutils
  • gnupg
  • gnu-sed

You need to comment out default-key as well as encrypt-to in gpg.conf OR set the ID of one of your secret keys. The same applies to sender where you have to provide your UID's e-mail address or comment the option out altogether. To print full-length personal key IDs and e-mail addresses:

gpg --list-options show-only-fpr-mbox --list-secret-keys

Understand the GnuPG configuration

To better understand GnuPG config options you can use man.sh to display man pages while highlighting defaults (in yellow) and options that have been set in the configuration file (in red).

man.sh

# print man.sh help
bash bin/man.sh

# print "OPTIONS" section of the manpage while
# highlighting options set in the .conf red and "default" in yellow
bash bin/man.sh gpg.conf

# If "less" doesn't show any colors, use the "-R" (--RAW-CONTROL-CHARS) flag
bash bin/man.sh ~/.gnupg/gpg.conf | less -R

List public keys and delete untrusted ones

With pubkey.sh, public keys are listed from top to bottom, colored and grouped by following trust levels:

  1. ultimate
  2. full
  3. marginal
  4. undefined
  5. The rest: unknown, expired, never trust, revoked and error
  • To print the list:

man.sh

bash bin/pubkey.sh
  • To delete any public key without trust level ultimate, full, marginal and undefined you have to pass the -d flag. You will be prompted and must confirm the deletion of each public key.

man.sh

bash bin/pubkey.sh -d

Pull public keys

GnuPG offers multiple mechanism to pull a public key. pull.sh tries out a predefined list of mechanism and lets you choose one of them for pulling the public key:

man.sh

# print pull.sh help
bash bin/pull.sh

# pull a certain key
bash bin/pull.sh <KEY ID>

SSH support

Launch gpg-agent with ssh support:

echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf

Copy the keygrip from your authentication subkey and add to ~/.gnupg/sshcontrol:

gpg --list-secret-keys --with-keygrip

Add to your ~/.bashrc:

unset SSH_AGENT_PID
SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
export SSH_AUTH_SOCK

Export your ssh public key and add to your server's ~/.ssh/authorized_keys:

gpg --export-ssh-key <KEY ID>

I prefer typing in my pin for my GnuPG smartcard every time:

echo "LocalCommand gpgconf --reload scdaemon" >> ~/.ssh/config
sudo -i bash -c "echo 'PermitLocalCommand yes' >> /etc/ssh/ssh_config"

Other GnuPG repos

https://github.com/duxsco?tab=repositories&q=gpg-

About

my gnupg configuration and some helper scripts

codeberg.org/duxsco/gpg-config-and-scripts

Topics

gnupg gpg

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages