Gpg: Difference between revisions

From Bitpost wiki
Line 15: Line 15:
  ssh prod-cfg-1 gpg -d my_secrets.gpg
  ssh prod-cfg-1 gpg -d my_secrets.gpg
But default PIN entry over tty is totally fucking broken.  Try:
But default PIN entry over tty is totally fucking broken.  Try:
  emacs .gpg
sudo apt install pinentry-tty
  emacs ~/.gnupg/gpg-agent.conf
  allow-emacs-pinentry
  allow-loopback-pinentry
  pinentry-program /usr/bin/pinentry-tty

Revision as of 15:45, 22 April 2021

Create strong key

We want an elliptical curve key. It's baked in! But hidden. 

gpg --expert --full-generate-key
 Key kind: (9) ECC and ECC
 Elliptical curve: (1) Curve 25519
 Don't expire (0)
 Real name: Michael Behrns-Miller
 email: m@bitpost.com
 Passphrase: ****

PIN entry in emacs

It is neckbeard-borked out of the gate. Fix is here.

PIN entry over ssh

You can in theory decrypt a file over ssh without writing it to disk: 

ssh prod-cfg-1 gpg -d my_secrets.gpg

But default PIN entry over tty is totally fucking broken. Try: 

sudo apt install pinentry-tty
emacs ~/.gnupg/gpg-agent.conf
  allow-emacs-pinentry
  allow-loopback-pinentry
  pinentry-program /usr/bin/pinentry-tty
Retrieved from "https://bitpost.com/w/index.php?title=Gpg&oldid=6182"