Skip to content

Instantly share code, notes, and snippets.

@0xMurage

0xMurage/one.md

Created May 26, 2024 16:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save 0xMurage/44c2cef42e3a31edca84343a1e9b2914 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save 0xMurage/44c2cef42e3a31edca84343a1e9b2914 to your computer and use it in GitHub Desktop.
Download ZIP
GPG notes
Raw
one.md
1. To list available public keys
gpg -k --keyid-format long
2. To List the available secret keys
gpg -K --keyid-format long
  • If the primary secret key is not available, the secret title will end in a hash i.e. (sec#). In this case, you will need to import the primary master key to be able to modify/generate secret sub keys
3.Import the primary secret key
gpg --import {filename}
  1. Do something: Using the primary key identifier run,
gpg --edit-key {key identifier}
i) To change password:
  • Run command to change the passphrase
passwd
ii) To create new sub key
  • Run command to add sub key
addkey
5. Remove the primary/master key from local machine and use sub keys

i) Export the subkeys

gpg -a --export-secret-subkeys ${subKey! or primary key identifier} > {filename}

ii) Delete the primary and subkey from current keyring

gpg --delete-secret-keys {uid email here}

iii) Import the sub key(s)

gpg --import {filename}

iv) Trust the key Using the primary key identifier run,

gpg --edit-key {key identifier}

then run command trust

@0xMurage
Copy link
Author

0xMurage commented May 28, 2025

Generating Encryption GPG Subkeys

  1. Import the master secret
  2. Generate encryption subkey that expires
  3. Change the password of master key to storage password
  4. Export the master key back to your storage
  5. Change the GPG master key password for day to day gpg key unlock
  6. Re-encrypt the unix password store 
    pass init <subkeyId>!
  7. Export the subkey secret
  8. Remove the master key
  9. Import the subkey secret.
  10. Trust the subkey

@0xMurage
Copy link
Author

0xMurage commented May 28, 2025

Generating GitHub commits Signing GPG Subkeys

  1. Import the master secret
  2. Generate signing subkey that expires
  3. Change the password of master key to storage password
  4. Export the master key back to your storage
  5. Change the GPG master key password for day to day gpg key unlock
  6. Export the subkey secret
  7. Remove the master key
  8. Import the subkey secret.
  9. Trust the subkey
  10. Export the subkey public key and add it to GitHub 
    gpg --armor --export <subkeyId>! | pbcopy
  11. Update the local git signing key 
    git config --global user.signingkey <subkeyId>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment