PRIMARY PGP KEY (PASSPHRASED)
play safe
PRIMARY PGP PUBLIC KEY (ASCII ARMORED)
PRIMARY SSH KEY (PASSPHRASED)
ALTERNATE SSH KEY (NON-PASSPHRASED)
Tools: | | Windows keygen script | Linux keygen script | |
PRIMARY PGP KEY (PASSPHRASED)
play safe
PRIMARY PGP PUBLIC KEY (ASCII ARMORED)
PRIMARY SSH KEY (PASSPHRASED)
ALTERNATE SSH KEY (NON-PASSPHRASED)
Tools: | | Windows keygen script | Linux keygen script | |
README
QUICK START FLOW
EXPLAIN
Install: Windows: Gpg4win (Kleopatra + gpg) https://gpg4win.org/ Linux / macOS: GnuPG (gpg) https://gnupg.org/ Safe flow: 1) Generate key locally 2) Verify fingerprint out-of-band 3) Publish PUBLIC key only 4) Keep PRIVATE key + revoke cert offline Ref: openpgp.dev/book/encryption.html
IMPORT ON NEW MACHINE
STEPS
1) Copy your private key backup and public key file to the new machine. 2) Keep private key files offline whenever possible. 3) Import, then verify fingerprint before trusting. 4) Test sign + decrypt before using in production comms.
COMMANDS
# Import keys gpg --import aday-private.asc gpg --import aday-public.asc # List secret keys gpg --list-secret-keys --keyid-format LONG # Verify fingerprint gpg --fingerprint aday@aday.net.au # Encrypt test echo test > test.txt gpg --encrypt --armor --recipient aday@aday.net.au test.txt # Decrypt test gpg --decrypt test.txt.asc
PGP ONE-LINERS (NO .PS1/.SH FILE)
WINDOWS POWERSHELL
LINUX SHELL
SSH QUICK USE
SERVER SIDE
# Create .ssh and lock perms mkdir -p ~/.ssh chmod 700 ~/.ssh # Add either key #1 or key #2 public key echo "ssh-ed25519 AAAA..." >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
CLIENT SIDE
# Key #1 (non-passphrased) ssh -i ~/.ssh/id_ed25519_key1_nopass user@host # Key #2 (passphrased) ssh -i ~/.ssh/id_ed25519_key2_passphrased user@host # Generate new SSH keys (Linux/macOS) ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519_new_pass -C "label - aday@aday.net.au" ssh-keygen -t ed25519 -a 100 -N "" -f ~/.ssh/id_ed25519_new_nopass -C "label - aday@aday.net.au" # Generate new SSH keys (PowerShell) ssh-keygen -t ed25519 -a 100 -f "$env:USERPROFILE\.ssh\id_ed25519_new_pass" -C "label - aday@aday.net.au" ssh-keygen -t ed25519 -a 100 -N "" -f "$env:USERPROFILE\.ssh\id_ed25519_new_nopass" -C "label - aday@aday.net.au" # Fingerprint check ssh-keygen -lf ~/.ssh/id_ed25519_new_pass.pub # Optional config entry Host my-box HostName host-or-ip User user IdentityFile ~/.ssh/id_ed25519_key2_passphrased