GPG & Gopass & Gitlab
Page content
GPG and how to use it
Create a Key with ECC
gpg --expert --full-generate-key
- (9) ECC and ECC
- (1) Curve 25519
- 0 = key does not expire (or whatever you prefer!)
- Real name: Max Muster
- Email address: max@muster.net
- Comment: -
pub ed25519 2022-09-04 [SC]
256ADFCEBD49C20DFACDCCABADA0F56BC7B20E6E
uid Max Muster (-) <max@muster.net>
sub cv25519 2022-09-04 [E]
Public Key
max@host $ gpg
/home/max/.gnupg/pubring.kbx
----------------------------
pub ed25519 2022-09-04 [SC]
256ADFCEBD49C20DFACDCCABADA0F56BC7B20E6E
uid [ultimate] Max Muster (-) <max@muster.net>
sub cv25519 2022-09-04 [E]
Private Key
max@host $ gpg -K
/home/max/.gnupg/pubring.kbx
----------------------------
sec ed25519 2022-09-04 [SC]
256ADFCEBD49C20DFACDCCABADA0F56BC7B20E6E
uid [ultimate] Max Muster (-) <max@muster.net>
ssb cv25519 2022-09-04 [E]
Export All Keys
ASCII Format
gpg --export --armor > public.key.asc
gpg --export-secret-key --armor > private.key.asc
GPG Format
gpg --output public.gpg --export
gpg --output private.gpg --export-secret-key
Export one Key only
Set Key
keyID=256ADFCEBD49C20DFACDCCABADA0F56BC7B20E6E
ASCII Format
gpg --export --armor > $keyID.pub.key.asc $keyID
gpg --export-secret-key --armor > $keyID.key.asc $keyID
GPG Format
gpg --output $keyID.pub.gpg --export $keyID
gpg --output $keyID.gpg --export-secret-key $keyID
Export to QRCode
gpg --export --armor |qrencode -t UTF8
gpg --export-secret-keys --armor |qrencode -t UTF8
Export QRCode to PNG
qrencode -r $keyID.pub.key.asc -o $keyID.pub.png
qrencode -r $keyID.key.asc -o $keyID.png
Delete private Key without asking!
gpg --yes --batch --delete-secret-key $keyID
Delete both Keys without asking!
gpg --yes --batch --delete-secret-and-public-key $keyID
Key Management
List Keys
max@host $ file *key*
private.key: data
private.key.asc: ASCII text
public.key: data
public.key.asc: PGP public key block
Delete Key
keyID=
gpg --delete-secret-key $keyID
gpg --delete-key $keyID
or delete both without asking!
gpg --yes --batch --delete-secret-and-public-key $keyID
Head Key ASCII
max@host $ head -4 *.asc
==> private.key.asc <==
-----BEGIN PGP PRIVATE KEY BLOCK-----
lIYEYxSXzxYJKwYBBAHaRw8BAQdA9IWcCcwyE6tMSsWsgzdDQjRRVkXeNtztt/NH
ezE0XG3+BwMCFnVV0XbmKeTHpd6n+6DNwNGMzL/1NZf28cNOiRR84Gwex69b9J5O
==> public.key.asc <==
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYxSXzxYJKwYBBAHaRw8BAQdA9IWcCcwyE6tMSsWsgzdDQjRRVkXeNtztt/NH
ezE0XG20H01heCBNdXN0ZXIgKC0pIDxtYXhAbXVzdGVyLm5ldD6IkAQTFggAOBYh
Setup Gopass
Install Package
doas pkg_add gopass
Initial Setup
max@host /gopass$ gopass setup
__ _ _ _ _ _ ___ ___
/'_ '\ /'_'\ ( '_'\ /'_' )/',__)/',__)
( (_) |( (_) )| (_) )( (_| |\__, \\__, \
'\__ |'\___/'| ,__/''\__,_)(____/(____/
( )_) | | |
\___/' (_)
π Welcome to gopass!
π Initializing a new password store ...
π Configuring your password store ...
Please enter an email address for password store git config []: max@muster.net
β Do you want to add a git remote? [y/N/q]: n
β
Configuration written to /home/max/.local/share/gopass/stores/root
Add Passwords
gopass
generate host1/tick
generate host1/trick
generate host1/track
gopass> ls
gopass
βββ host1/
βββ tick
βββ track
βββ trick
List Passwords
-> you have to unlock your gpg key !
gopass> show host1/trick
β Parsing is enabled. Use -n to disable.
Secret: host1/trick
P6CA4Q3Wg7VQFAuInWQUqyPd
add Gitlab Repo
Create Repo on Gitlab
Init new Store
gopass init --store entenhausen
gopass git remote add --store entenhausen origin git@gitlab.com:stoege/entenhausen
add Keys
generate entenhausen/dagobert
generate entenhausen/daisy
generate entenhausen/donald
mov tick, trick and track
mv host1/tick entenhausen/
mv host1/trick entenhausen/
mv host1/track entenhausen/
sync
show gitlab repo
gopass> ls
gopass
βββ entenhausen (/home/max/.local/share/gopass/stores/entenhausen)
βββ dagobert
βββ daisy
βββ donald
βββ tick
βββ track
βββ trick
Create OTP
insert -m entenhausen/otp/vultr
add whatever you got from your OTP Setup
topsecret1234
---
totp: P2Xxxxxxxxxxxxxxxxxxxxxxxx
Show OTP
gopass> otp entenhausen/otp/vultr
385XXX
Mobile App - “Pass - Password Store”
there is even a mobile App where you can add an SSH Key (for Accessing Gitlab.com), and the GPG Key for Encrypting/Decrpyting the Entries of Entenhausen …
… but do you trust your mobile device enough to store your private keys, enter the passphrases and give it access to all your secrets ? this definitly depends on you!
Any Comments ?
sha256: c3c4c44e2bb82853a26ec3ef50bd8fa87bba506db8715f679343fd647d5d4f6b