Xe1phix-[Qubes]-[GnuPG]-[Trusting]+[Signing]-The-[Qubes]-Security-Pack-(QSP)-[v8.5.84].sh

1. #!/bin/sh
2. ## -------------------------------------------------------------------------------------------------- ##
3. ##   [+] Xe1phix-[Qubes]-[GnuPG]-[Trusting]+[Signing]-The-[Qubes]-Security-Pack-(QSP)-[v8.5.84].sh
4. ## -------------------------------------------------------------------------------------------------- ##
5.  
6.                                              /^\\
7.                                  ___________//__\\___________
8.                            ________|| Trusting & Signing ||__________
9.                             || ** The Qubes Security Pack (QSP)** ||
10. ____________________________||____________________________________||_________________________
11. https://keys.qubes-os.org/keys/qubes-release-2-signing-key.asc    ||
12. ____________________________________________________________________________________________
13. curl --tlsv1 --url https://keys.qubes-os.org/keys/qubes-master-signing-key.asc --output /home/$user/Gnupg/archive-key.asc |
14. _____________________________________________________________________________________________
15. gpg --export 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 | sudo apt-key add -
16. _____________________________________________________________________________________________
17. curl --tlsv1 --url https://keys.qubes-os.org/keys/qubes-master-signing-key.asc --output /home/$user/Gnupg/archive-key.asc | apt-key add
18. _____________________________________________________________________________________________
19. gpg --keyserver pool.sks-keyservers.net --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
20.  
21.  
22.  
23.  
24.  
25.  
26. ##-=================================================================-##
27. ##   [+] How to Obtain, Verify, and Read Qubes Warrant Canaries:
28. ##-=================================================================-##
29.  
30.  
31.  
32. ##-=================================================-##
33. ##   [+] Clone the The Qubes Security Pack (QSP):
34. ##-=================================================-##
35. git clone https://github.com/QubesOS/qubes-secpack.git
36.  
37.  
38.  
39. ##-===============================-##
40. ##   [+] Verify signed Git tags.
41. ##-===============================-##
42. cd qubes-secpack/
43.  
44.  
45. git tag -v `git describe`
46. ## --------------------------------------------------------------------------------------------- ##
47. ##  object 2bb7f0b966593d8ed74e140a04d60c68b96b164e
48. ##  type commit
49. ##  tag joanna_sec_2bb7f0b9
50. ##  tagger Joanna Rutkowska <joanna@invisiblethingslab.com> 1468335706 +0000
51. ## --------------------------------------------------------------------------------------------- ##
52. ##  Tag for commit 2bb7f0b966593d8ed74e140a04d60c68b96b164e
53. ##  gpg: Signature made 2016-07-12T08:01:46 PDT
54. ##  gpg:                using RSA key 0x4E6829BC92C7B3DC
55. ##  gpg: Good signature from "Joanna Rutkowska (Qubes Security Pack Signing Key) <joanna@invisiblethingslab.com>" [full]
56. ## --------------------------------------------------------------------------------------------- ##
57.  
58.  
59.  
60.  
61.  
62. ##-==================================-##
63. ##   [+] Import the Qubes PGP keys
64. ##-==================================-##
65. gpg --import qubes-secpack/keys/*/*
66.  
67.  
68.  
69. ##-====================================================================-##
70. ##   [+] Set the Trust Level of the Qubes Master Signing Key (QMSK)
71. ##-====================================================================-##
72. gpg --edit-key 36879494
73.  
74.  
75. ##-=======================================================================-##
76. ##   [+] Verify the authenticity of the Qubes Master Signing Key (QMSK)
77. ##-=======================================================================-##
78. gpg> fpr
79. ## --------------------------------------------------------------------- ##
80. ##  pub   4096R/36879494 2010-04-01 Qubes Master Signing Key
81. ##    Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
82. ## --------------------------------------------------------------------- ##
83.  
84.  
85. ##-==================================================-##
86. ##   [+] Trust the Qubes Master Signing Key (QMSK)
87. ##-==================================================-##
88. gpg> trust
89.  
90.  
91. ## --------------------------------------------------------------------- ##
92. ##  1 = I don't know or won't say
93. ##  2 = I do NOT trust
94. ##  3 = I trust marginally
95. ##  4 = I trust fully
96. ##  5 = I trust ultimately
97. ##  m = back to the main menu
98. ## --------------------------------------------------------------------- ##
99.  
100. ## --------------------------------------------------------------------- ##
101.       Your decision? 5
102. ## --------------------------------------------------------------------- ##
103.       Do you really want to set this key to ultimate trust? (y/N) y
104. ## --------------------------------------------------------------------- ##
105.       gpg> q
106. ## --------------------------------------------------------------------- ##
107.  
108.  
109.  
110. ##-======================================-##
111. ##   [+] Verify and read the canaries.
112. ##-======================================-##
113. cd qubes-secpack/canaries/
114.  
115. gpg --verify canary-001-2015.txt.sig.joanna canary-001-2015.txt
116. ## --------------------------------------------------------------------------------------------- ##
117. ##  gpg: Signature made Mon Jan  5 20:21:40 2015 UTC using RSA key ID 92C7B3DC
118. ##  gpg: Good signature from "Joanna Rutkowska (Qubes Security Pack Signing Key) <joanna@invisiblethingslab.com>"
119. ## --------------------------------------------------------------------------------------------- ##
120.  
121.  
122.  
123. ##-=================================-##
124. ##   [+] Verify and read the QSBs
125. ##-=================================-##
126. cd ../QSBs/
127.  
128. gpg --verify qsb-013-2015.txt.sig.joanna qsb-013-2015.txt
129. ## --------------------------------------------------------------------------------------------- ##
130. ##  gpg: Signature made Mon Jan  5 21:22:14 2015 UTC using RSA key ID 92C7B3DC
131. ##  gpg: Good signature from "Joanna Rutkowska (Qubes Security Pack Signing Key) <joanna@invisiblethingslab.com>"
132. ## --------------------------------------------------------------------------------------------- ##
133.  
134.  
135.  
136. gpg> fpr                ## Fingerprint  qubes master key
137. ## --------------------------------------------------------------------------------------------- ##
138. ##  pub   4096R/36879494 2010-04-01 Qubes Master Signing Key
139. ##    Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
140. ## --------------------------------------------------------------------------------------------- ##
141.  
142. _____________________________________________________________________________
143. gpg --list-sig 0A40E458
144. gpg -v --verify Qubes-R2-x86_64-DVD.iso.asc
145. gpg -v --verify qsb-013-2015.txt.sig.joanna qsb-013-2015.txt
146. gpg -v --verify qsb-013-2015.txt.sig.marmarek qsb-013-2015.txt
147.  
148.  
149.  
150.  
151.