migrate_to_testing_wiki #8

Merged
alangm merged 61 commits from tcooper/testing-wiki:migrate_to_testing_wiki into main 2024-04-26 01:34:01 +00:00
Showing only changes of commit 13b503f79c - Show all commits

View File

@ -43,25 +43,21 @@ Export the *primary keypair* (put these somewhere very safe along with revocatio
gpg --export --armor my@email.addr > my_email_addr.public.gpg-key gpg --export --armor my@email.addr > my_email_addr.public.gpg-key
# Remove the *primary keypair* from your keyring # Remove the *primary keypair* from your keyring
Export all subkeys from the new keypair to a file - use ramfs instead of tmpfs/ or /dev/shm/ because ramfs doesn't write to swap 1. Export all subkeys from the new keypair to a file
mkdir /tmp/gpg gpg --export-secret-subkeys my@email.addr > $HOME/.gnupg/subkeys
sudo mount -t ramfs -o size=1M ramfs /tmp/gpg
sudo chown $(logname):$(logname) /tmp/gpg
gpg --export-secret-subkeys my@email.addr > /tmp/gpg/subkeys
Delete original signing subkey from keypair in our keyring 1. Delete primary key from keyring - *BE SURE TO BACK UP YOUR PRIMARY KEYPAIR FIRST!*
gpg --delete-secret-key my@email.addr gpg --delete-secret-key my@email.addr
Re-import the previously exported keys 1. Re-import the previously exported keys
gpg --import /tmp/gpg/subkeys gpg --import $HOME/.gnupg/subkeys
sudo umount /tmp/gpg
rmdir /tmp/gpg
Look for `sec#` instead of `sec` in the output - pound sign means signing subkey is *not* in the keypair located in the keyring 1. Look for `sec#` instead of `sec` in the output - pound sign means signing subkey is *not* in the keypair located in the keyring
gpg --list-secret-keys $HOME/.gnupg/secring.gpg
gpg --list-secret-keys $HOME/.gnupg/secring.gpg
# Revoking a *signing keypair* # Revoking a *signing keypair*
Find the *primary keypair* and import it (preferably into an ephemeral system like a liveUSB) Find the *primary keypair* and import it (preferably into an ephemeral system like a liveUSB)