GPG

gpg

  • use pinentry-mode loopback in $GNUPGHOME/gpg.conf or on the cli for passworded keys on guix
  • --expert --full-generate-key for new ecc key
  • --armor for ascii transferable key
  • --export , --export-secret-key and --import --batch for recovery (can also do it for trust store)
  • pass
    • pass init email@stuff.com for loading gpg key
    • pass add site/name with password
    • -m for multiline
    • pass generate -n site/user size
  • gpg --edit-key XXXXX then trust and save
  • encrypt gpg --encrypt --sign --armor -r a@email.com -r me@email.com and --sign-key
  • gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
  • export GPG_TTY=$(tty) for ssh tty

TODO extend key expiration date   gpg