KEINOS' Blog

Official blog of KEINOS but mostly for my own reference. A Japanese made in Mexico with Mexican quality. Who monkey around the jungle of codes. ;-)

Project maintained by KEINOS Hosted on GitHub Pages — Theme by mattgraham

INDEX

GPG (OpenPGP/GnuPG)

gpg(GnuPG) command is an implementation of the OpenPGP standard.

References

新しい GPG キーを生成する @ docs.github.com
Signing Git commits with GPG keys that use modern encryption @ dev.to
Signing goreleaser-action @ GitHub
Signing checksums and artifacts @ goreleaser.com
GnuPG チートシート（簡易版） @ Qiita

How to create GPG key pair

# gpg --batch --quick-gen-key --passphrase '' <User ID> [algo [usage [expire]]]
gpg --batch --expert --quick-gen-key --passphrase '' "KEINOS (ECC-Curve25519-Full_Enc-Sign) <[email protected]>" default default 0

gpg --full-generate-key --expert

ed25519 Based Key Pair: Preferable settings
- Key Type: ECC both sign and encrypt
  鍵の種類: ECC 署名と暗号化
- Elliptic Curve: Curve 25519
  楕円曲線: Curve 25519

How to sign a file with GPG key

gpg --sign <file>

gpg --sign --default-key <email@address> <file>

How to verify the signed file

gpg --verify <file>.gpg

gpg --verify --default-key <email@address> <file>.gpg

Assign PGP key to `git` commit

Git へ署名キーを伝える @ docs.github.com

How to get existing GPG key info

# Public Key
gpg --list-keys
gpg --list-keys --keyid-format=long
gpg --list-keys --keyid-format=short

# Secret Key
gpg --list-secret-keys
gpg --list-secret-keys --keyid-format=long
gpg --list-secret-keys --keyid-format=short

Whow to get the fingerprint of a GPG key

gpg --list-keys --fingerprint --keyid-format=short

gpg --list-keys --fingerprint --keyid-format=short
/Users/admin/.gnupg/pubring.kbx
-------------------------------
pub   ed25519/23FEC570 2024-01-15 [SC]
   フィンガープリント = 74B7 0607 675F BED0 0951  8600 0E31 BF09 23FE C570
uid         [  究極  ] KEINOS (ECC-Curve25519-Full_Enc-Sign) <[email protected]>
sub   cv25519/DB6B3F2A 2024-01-15 [E]

How to upload GPG key to key-server (keys.openpgp.org)

gpg --keyserver hkps://keys.openpgp.org --send-keys <finger print>

gpg --keyserver hkps://keys.openpgp.org --send-keys 74B70607675FBED0095186000E31BF0923FEC570

How to get current GPG Keys (Public and Private)

List all key IDs. In the below example “3AA5C34371567BD2” is the key ID.

$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot
ssb   4096R/42B317FD4BA89E7A 2016-03-10

Show Public Key generated from a Secret (sec) Key. The output text is the public key to register to GitHub’s GPG key section.
```
$ gpg --armor --export 3AA5C34371567BD2
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
```

Show the secret key.

$ gpg --armor --export-secret-keys 3AA5C34371567BD2
-----BEGIN PGP PRIVATE KEY BLOCK-----
...
-----END PGP PRIVATE KEY BLOCK-----