GPG Key Management

.gitconfig changes

Put this in "$HOME/.gitconfig"

[user]
	name = Dai Maou
	email = daimaou92@example.org
	signingkey = daimaou92@example.org

[commit]
	gpgsign = true

[tag]
	gpgSign = true

Backup and Restore Keys

############## BACKUP ###################

First determine which key to backup
$ gpg --list-secret-keys --keyid-format LONG


Export the private key of choice:
$ gpg -o private.gpg --export-options backup --export-secret-keys nick@example.com

This will place a file private.gpg in your current working directory.
Encrypt this with something - see the `Encrypt Archive with GPG` file in this gist.
Do at least this before storing this key anywhere. There are other massive discussions and 
threads around this everywhere on the Internet - just search for `storing GPG key securely`.

############## RESTORE ###################

Restore the above backed up Key:
(obviously decrypt first if you had encrypted it beforehand)
$ gpg --import-options restore --import private.gpg

Now edit it to trust it:
$ gpg --edit-key nick@example.com

Type "trust" in the prompt that appears:
gpg> trust

You should see a menu like this:
      1 = I don't know or won't say
      2 = I do NOT trust
      3 = I trust marginally
      4 = I trust fully
      5 = I trust ultimately
      m = back to the main menu

Type "5" to trust the key completely:
  Your decision? 5

Type 'y' to confirm

Then 'quit':
gpg> quit

Encrypt Archive with GPG

$ export GPG_TTY=$(tty)

# Encrypt
$ tar czvpf - privateerrisnil.gpg | gpg --symmetric --cipher-algo aes256 -o errisnil.tar.gz.gpg

# Decrypt
$ gpg -d myarchive.tar.gz.gpg | tar xzvf -

Generate GPG Key

COPIED FROM: https://nickjanetakis.com/blog/creating-and-managing-a-gpg-key-pair

List your GPG keys

$ gpg --list-keys

Generate a new GPG key pair

$ gpg --full-generate-key

# Pick RSA / RSA (1), 4096 bits and choose an expiration date.

Edit your GPG key’s expiration date

$ gpg --edit-key nick@example.com

# key 0 
# expire [pick a new exp date]
# key 1
# expire [pick a new exp date]
# save

Here’s a list of other things you can edit: https://www.gnupg.org/gph/en/manual/r899.html
Change your GPG key’s passphrase

$ gpg --passwd nick@example.com

Generate and import a GPG revoke certificate

# You can skip this step if you're using GnuPG version 2.1 or above.
$ gpg --output revoke-nickexample.asc --gen-revoke nick@example.com

# Revoke the GPG key.
$ gpg --import revoke-nickexample.asc

Export your GPG public key

# Echo your public key to stdout.
$ gpg --export --armor nick@example.com

# Write your public key to a file.
$ gpp --export --armor --output nickexample.gpg.pub nick@example.com

Backup and restore your GPG key pair

You can backup the entire ~/.gnupg/ directory and restore it as needed. This is beneficial because it includes your GPG key pair, trust ring, gpg configuration and everything else that GnuPG needs to work.

Alternatively you can run this command to backup just your private key, which includes your public key too:

$ gpg --export-secret-keys --output --armor nickexample.gpg nick@example.com

You should never share this directory or private key with anyone.
Export your GPG public key

# Echo your public key to stdout.
$ gpg --export --armor nick@example.com

# Write your public key to a file.
$ gpp --export --armor --output nickexample.gpg.pub nick@example.com

This public key is safe to share with others.

gpg-agent.conf

# ~/.gnupg/gpg-agent.conf
default-cache-ttl 604800
max-cache-ttl 604800