gpg

use pinentry-mode loopback in $GNUPGHOME/gpg.conf or on the cli for passworded keys on guix
--expert --full-generate-key for new ecc key
--armor for ascii transferable key
--export , --export-secret-key and --import for recovery (can also do it for trust store)
pass
- pass init email@stuff.com for loading gpg key
- pass add site/name with password
- -m for multiline
- pass generate -n site/user size
gpg --edit-key XXXXX then trust and save
encrypt gpg --encrypt --sign --armor -r a@email.com -r me@email.com and --sign-key
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
export GPG_TTY=$(tty) for ssh tty

GPG