API tools faq
paste
Advertisement
Guest User

pgp modern methods

a guest
Feb 25th, 2016
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.60 KB | None | 0 0
raw download clone embed print report
  1. # My guide to setting up PGP/OpenPGP keys using modern methods
  2.  
  3. # download gpg-keygen.py python script and run it. it's slow but it creates your gpg profile the correct way, with lots of entropy, and that's why it's slow
  4. $ cd ~/; wget https://raw.githubusercontent.com/object-code/gpg-keygen/master/gpg-keygen.py;
  5.  
  6.  
  7. ## deploy gpg using latest python scripting methods from gpg-keygen
  8.  
  9. $ sudo ~/gpg-keygen.py --t /root/.gnupg/whomever --step generateMasterKey \
  10. --master-key-length 4096 \
  11. --master-key-type RSA \
  12. --identity-email derp@gmail.com \
  13. --identity-comment Whatever \
  14. --identity-name "Bob Dobbs" \
  15. --master-key-expire 0
  16.  
  17. # Temporary directory for sensitive data will be '~/.gnupg/whomever'.
  18. # Make sure you delete using 'srm' (secure-delete) once it's not needed!
  19.  
  20. # tidy up files
  21. $ sudo mv /root/.gnupg/whomever/tmp/gpg-homedir/pubring.gpg ~/root/.gnupg/pubring.gpg
  22. $ sudo mv /root/.gnupg/whomever/tmp/gpg-homedir/pubring.gpg ~/root/.gnupg/secring.gpg
  23. $ sudo mv /root/.gnupg/whomever/tmp/gpg-homedir/gpg.conf ~/root/.gnupg/gpg.conf
  24. $ sudo mv /root/.gnupg/whomever/tmp/gpg-homedir/trustdb.gpg ~/root/.gnupg/trustdb.gpg
  25. $ sudo gpg --armor --export derp@gmail.com
  26.  
  27. -----BEGIN PGP PUBLIC KEY BLOCK-----
  28. Version: GnuPG v1
  29.  
  30. mQINBFbOe7kBEACaS8fTIxLGqcmRN3TsdJYMEy7DtBpJFx9o8SMfxk6oTLk1Rjkj
  31. TSpMyXamJMkC4RwrYD4NvQOiUzUvO+gVBssxQvbU/TJLBOusuwAgdIScJZMF2hZG
  32. UDGivOaqysSAmEiraUxtb7w7dGCtdftRLeGOhEat9ldVqFHBQ2UAS7otxXQHYcRH
  33. lTLlvtedTq7mnML6yIdaS/jz5bGxFuWkwB1ojKGXeTJMd7nfhXmbnTfc2TCm6ezt
  34. qeLwGx4ZDBU2iCDxszCRgoOdy4dUYiuMRv6iN1EsT9YG54AC764IVRx993szOYdC
  35. wb97ahuahBlFwgUl8DOWWwAEslqsYH+Wg4+ysOfog5K8VDqkKzYzlj7y8BqhpiFd
  36. z6S+R2QjufkRTWO5eJZzI8JYizkGo7Mo2d65dKLFV68w0V4F0FWdz1ffAinUDPxv
  37. 3GzQGus2fZOLm3oMA345UwaQXnf5PVkrSDp4qXxinNGKeU3+M/RO1LRn9975Watx
  38. 4hHg9cxA05SBoO4xet17Gy0Kv1FfbX6lQp/dFjO1e7KmLxuI1YlJBPNDgFzJWpZz
  39. d8f69Pk5rOtEaTnPKU6BTkZTcOM2Hsw5VeoTHphAtw6RyF6QugitDs+mrsrY8bZ4
  40. Kf802Lx2gO56QcbdqBqOJioJxPnkBKoz/rPlpAD4Ri+OsfKzgjg9OIuMeQARAQAB
  41. tDRDaHJpc3RvcGhlciBELiBIb2dhbiAoT2JqZWN0Y29kZSkgPHN0dW50c0BnbWFp
  42. bC5jb20+iQI3BBMBCgAhBQJWznu5AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA
  43. AAoJEDFigqgY74rjQLsP/22tvu1OLKzstR1H61Hife6ejyvPKNyOSwvPzCFzMmdg
  44. M2uVS7aMj466kw6bM9j3/dXi/vcxU7psxKud8QWwFbBJWPuMZVQ7ukH7Eo5FbV3y
  45. 0zlqjaW1UppYWnhFjpj5snMj3prloMhjJML/SRO3N8UaBBm72g9AyBSzDkR3r160
  46. Zq3hlQES7jZPqWAGRANXh8+Es2oY793zGFzbhGVBSmyDdOud6sq+V1/7hf/7PkFc
  47. 5tK8Q+AZkNmPqpnlTTRpUMdSibqms1ej+b3a0x0qeMQacEjTWbOfB1vPgFFU2ri/
  48. UHC3N0s0vKW0btLnt0xFtcHszs9d11qwYU2fFVPjmzp/IqRd/L0AVHrj4Zu/XoOA
  49. g5iS++3hMctpS8s1hXb9kF+TVZO/Nsp0+Y9yQrXhQxmXilv6NxICfwY9t06hER8m
  50. 8ERd+i8rhC2OFsWjI6U5C61CRinHX0lOiOOboicDNIxx5U7SL+XM8cYnRMf8Xs26
  51. lM8SgxFIn3bI4kt8MZ1ZsAo4Dl60o5HNw2JYQ18TwBBKbcN+2nNzdjXJbil5Q07r
  52. 96BEAZKQYIsM/kjg0r/kNadwMAOC5vFo+Yify2wJkhLVpnSTdDwO172ScSbtr2zO
  53. KN1eNgyVmohN6qniZdZqvENi9XxyllSSDvEaXyOe7Y9Z2ZxNTPGbr6xndVNc+x2x
  54. =Dyl8
  55. -----END PGP PUBLIC KEY BLOCK-----
  56.  
  57.  
  58. $ sudo gpg --interactive --edit-key derp@gmail.com
  59.  
  60. $ sudo gpg --list-keys
  61. /root/.gnupg/pubring.gpg
  62. ------------------------
  63. pub 4096R/18EF8AX9 2016-02-25
  64. uid Bob Dobbs <derp@gmail.com>
  65.  
  66. gpg> help
  67.  
  68. gpg> passwd
  69. This key is not protected.
  70. Enter the new passphrase for this secret key.
  71. .... (add in the password you want)
  72.  
  73. gpg> keyserver
  74. Enter your preferred keyserver URL: https://pgp.mit.edu/
  75.  
  76. You need a passphrase to unlock the secret key for
  77. user: "Bob Dobbs <derp@gmail.com>"
  78. 4096-bit RSA key, ID 18EF8XSE3, created 2016-02-25
  79.  
  80.  
  81. gpg> addphoto
  82.  
  83. Enter JPEG filename for photo ID:
  84. ^z (suspend process)
  85.  
  86. devops.png 100%[==============>] 14.85K --.-KB/s in 0.004s
  87.  
  88. $ fg
  89.  
  90. Are you sure you want to use it? (y/N) y
  91. gpg: no photo viewer set
  92. gpg: unable to display photo ID!
  93. Is this photo correct (y/N/q)? y
  94.  
  95.  
  96. gpg> list
  97.  
  98. pub 4096R/18EF8AE3 created: 2016-02-25 expires: never usage: SC
  99. trust: ultimate validity: ultimate
  100. [ultimate] (1). Bob Dobbs <derp@gmail.com>
  101. [ unknown] (2) [jpeg image of size 15508]
  102.  
  103. gpg> export
  104.  
  105.  
  106. gpg> fpr
  107. pub 4096R/18EF8AE3 2016-02-25 "Bob Dobbs <derp@gmail.com>"
  108. Primary key fingerprint: 50A8 A9EB F636 8DBA FC54 D208 3162 82A8 18EF 8AE3
  109.  
  110. gpg> showpref
  111. [ultimate] (1)."Bob Dobbs <derp@gmail.com>"
  112. Cipher: AES256, AES192, AES, CAST5, 3DES
  113. Digest: SHA512, SHA384, SHA256, SHA224, SHA1
  114. Compression: ZLIB, BZIP2, ZIP, Uncompressed
  115. Features: MDC, Keyserver no-modify
  116. Preferred keyserver: https://pgp.mit.edu/
  117.  
  118. gpg> quit
  119.  
  120. # optionally export your public key as an armored ascii text blurb to put at the bottom of your emails (and log it in a file)
  121.  
  122. $ sudo gpg --export --armor derp@gmail.com >> ~/.gpgpublic
  123. -----BEGIN PGP PUBLIC KEY BLOCK-----
  124. Version: GnuPG v1
  125.  
  126. mQINBFbOe7kBEACaS8fTIxLGqcmRN3TsdJYMEy7DtBpJFx9o8SMfxk6oTLk1Rjkj
  127. TSpMyXamJMkC4RwrYD4NvQOiUzUvO+gVBssxQvbU/TJLBOusuwAgdIScJZMF2hZG
  128. UDGivOaqysSAmEiraUxtb7w7dGCtdftRLeGOhEat9ldVqFHBQ2UAS7otxXQHYcRH
  129. lTLlvtedTq7mnML6yIdaS/jz5bGxFuWkwB1ojKGXeTJMd7nfhXmbnTfc2TCm6ezt
  130. qeLwGx4ZDBU2iCDxszCRgoOdy4dUYiuMRv6iN1EsT9YG54AC764IVRx993szOYdC
  131. wb97ahuahBlFwgUl8DOWWwAEslqsYH+Wg4+ysOfog5K8VDqkKzYzlj7y8BqhpiFd
  132. z6S+R2QjufkRTWO5eJZzI8JYizkGo7Mo2d65dKLFV68w0V4F0FWdz1ffAinUDPxv
  133. 3GzQGus2fZOLm3oMA345UwaQXnf5PVkrSDp4qXxinNGKeU3+M/RO1LRn9975Watx
  134. 4hHg9cxA05SBoO4xet17Gy0Kv1FfbX6lQp/dFjO1e7KmLxuI1YlJBPNDgFzJWpZz
  135. d8f69Pk5rOtEaTnPKU6BTkZTcOM2Hsw5VeoTHphAtw6RyF6QugitDs+mrsrY8bZ4
  136. Kf802Lx2gO56QcbdqBqOJioJxPnkBKoz/rPlpAD4Ri+OsfKzgjg9OIuMeQARAQAB
  137. tDRDaHJpc3RvcGhlciBELiBIb2dhbiAoT2JqZWN0Y29kZSkgPHN0dW50c0BnbW77
  138. bC5jb20+iQI3BBMBCgAhBQJWznu5AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA
  139. AAoJEDFigqgY74rjQLsP/22tvu1OLKzstR1H61Hife6ejyvPKNyOSwvPzCFzMmdg
  140. M2uVS7aMj466kw6bM9j3/dXi/vcxU7psxKud8QWwFbBJWPuMZVQ7ukH7Eo5FbV3y
  141. 0zlqjaW1UppYWnhFjpj5snMj3prloMhjJML/SRO3N8UaBBm72g9AyBSzDkR3r160
  142. Zq3hlQES7jZPqWAGRANXh8+Es2oY793zGFzbhGVBSmyDdOud6sq+V1/7hf/7PkFc
  143. 5tK8Q+AZkNmPqpnlTTRpUMdSibqms1ej+b3a0x0qeMQacEjTWbOfB1vPgFFU2ri/
  144. UHC3N0s0vKW0btLnt0xFtcHszs9d11qwYU2fFVPjmzp/IqRd/L0AVHrj4Zu/XoOA
  145. g5iS++3hMctpS8s1hXb9kF+TVZO/Nsp0+Y9yQrXhQxmXilv6NxICfwY9t06hER8m
  146. 8ERd+i8rhC2OFsWjI6U5C61CRinHX0lOiOOboicDNIxx5U7SL+XM8cYnRMf8Xs26
  147. lM8SgxFIn3bI4kt8MZ1ZsAo4Dl60o5HNw2JYQ18TwBBKbcN+2nNzdjXJbil5Q07r
  148. 96BEAZKQYIsM/kjg0r/kNadwMAOC5vFo+Yify2wJkhLVpnSTdDwO172ScSbtr2zO
  149. KN1eNgyVmohN6qniZdZqvENi9XxyllSSDvEaXyOe7Y9Z2ZxNTPGbr6xndVNc+x2y
  150. =Dyl8
  151. -----END PGP PUBLIC KEY BLOCK-----
  152.  
  153. # optionally list keys
  154. $ sudo gpg --list-keys --verbose --fingerprint >> ~/.gpgpublic
  155. gpg: using PGP trust model
  156. /root/.gnupg/pubring.gpg
  157. ------------------------
  158. pub 4096R/18XS8AE3 2016-02-25
  159. Key fingerprint = 50A8 A9EX F636 8DBA FSS4 D208 3162 82A8 18EF 8AE1
  160. uid "Bob Dobbs <derp@gmail.com>"
  161.  
  162.  
  163. # ----- NOTE: You can also choose to publish your public key on a website like https://pgp.mit.edu/
  164. # ------ then just link to the key in the footer of your e-mails instead of publishing a long armored string
  165.  
  166. # once you've copied your keys to an external disk or smartcard, srm delete the secret keys please (don't forget!!!!)
  167. sudo srm /root/.gnupg/secring.gpg
  168.  
  169. # why delete your private keys securely and keep them somewhere you bring with you or hide?
  170.  
  171. * they cannot be stolent or hacked this way
  172. * I won't make fun of your for going through all this trouble for nothing
  173.  
  174. #
  175. # an alternative is to store these files in an encrypted key/value mount using an adapter through json.
  176. # I am currently making software that stores private keys in an encrypted database with keys by KMS, and allows you to retreive them based on IAM roles
  177. #
  178. #
  179. # final thought:
  180. # Once retrieved, you can convert the RSA certs to their corresponding ssh hashes and they can be used in web apps.
  181. # >>> CHO
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!