Skip to content

Instantly share code, notes, and snippets.

@tsertkov

tsertkov/Gpg-agent-setup.md

Last active September 28, 2019 07:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tsertkov/3a75638ea5c72ed8c74eac624cf62c10 to your computer and use it in GitHub Desktop.
Save tsertkov/3a75638ea5c72ed8c74eac624cf62c10 to your computer and use it in GitHub Desktop.
Download ZIP
Setup GPG agent for ssh authentication and more
Raw
Gpg-agent-setup.md

gpg-agent for all the things

See https://docs.fedoraproject.org/en-US/quick-docs/create-gpg-keys/

See https://opensource.com/article/19/4/gpg-subkeys-ssh

Generate GPG Key

% gpg --full-gen-key

Authentication key for SSH

Create an authentication subkey for SSH.

% gpg --expert --edit-key <KEY ID>
gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? s
Your selection? e
Your selection? a

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (4096)
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y

sec  rsa2048/8715AF32191DXXXX
     created: 2019-03-21  expires: 2021-03-20  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/150F16909B9AXXXX
     created: 2019-03-21  expires: 2021-03-20  usage: E  
ssb  rsa2048/17E7403F18CBXXXX
     created: 2019-03-21  expires: never       usage: A  
[ultimate] (1). John Smith

gpg> quit
Save changes? (y/N) y

Enable new gpg subkey for SSH.

% gpg -K --with-keygrip
------------------------------
sec   rsa2048 2019-03-21 [SC] [expires: 2021-03-20]
      96F33EA7F4E0F7051D75FC208715AF32191DXXXX
      Keygrip = 90E08830BC1AAD225E657AD4FBE638B3D8E5XXXX
uid           [ultimate] John Smith
ssb   rsa2048 2019-03-21 [E] [expires: 2021-03-20]
      Keygrip = 5FA04ABEBFBC5089E50EDEB43198B4895BCAXXXX
ssb   rsa2048 2019-03-21 [A]
      Keygrip = 7710BA0643CC022B92544181FF2EAC2A290CXXXX

% echo 7710BA0643CC022B92544181FF2EAC2A290CXXXX >> ~/.gnupg/sshcontrol
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment