Linux
generate primary key
gpg --full-generate-key --expert
11
A
Q
1
0
y
< your name >
< your mail >
< a comment >
O
< use a generate passphrase >
show keys
gpg -k
ex:
gpg -k
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2024-06-11
/home/nicolas/.gnupg/pubring.kbx
--------------------------------
pub ed25519 2024-02-10 [SCA]
812185F25A67E5296643DD19BDBE4CDB45828C70
uid [ultimate] Totor (valou) <totor@del.fr>
generate every subkey
gpg --edit-key --expert < key id >
addkey
11
< select for authenticate >
Q
1
2y
y
y
< primary key passphrase >
addkey
11
< select for sign >
Q
1
2y
y
y
< primary key passphrase >
addkey
12
< select for sign >
Q
1
2y
y
y
< primary key passphrase >
save
ex:
gpg --edit-key --expert 812185F25A67E5296643DD19BDBE4CDB45828C70
export and backup keys
Now we would like to export and backup private and public keys
start by listing key with keygrip:
gpg --keyid-format long --with-fingerprint --list-key
then export keys:
gpg --export --armor --output public-key.asc < key id >
gpg --export-secret-keys --output secret-key.asc < key id >
yubikey configure
default admin pin: 12345678 default pin: 123456
entrer admin mode:
gpg --card-edit
admin
kdf-setup
passwd
3
1
q
name
lang
login
list
quit
send keys
gpg --edit-key < key id >
key 1
keytocard
< select acording to key role >
key 1
key 2
keytocard
< select acording to key role >
key 2
key 3
keytocard
< select acording to key role >
key 3
save
Multiple yubikey
$ mv -vi $GNUPGHOME $GNUPGHOME.1
renamed '/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM.1'
$ cp -avi /mnt/encrypted-storage/tmp.XXX $GNUPGHOME
'/mnt/encrypted-storage/tmp.FLZC0xcM' -> '/tmp.FLZC0xcM'
$ cd $GNUPGHOME