Zsh script to manage GPG keys without storing the master key in your main GnuPG keyring.

Find a file

alterNERDtive 2ebd2761a0 README: wording		2022-07-19 14:32:23 +02:00
.github	initial commit	2022-07-13 23:49:12 +02:00
.editorconfig	initial commit	2022-07-13 23:49:12 +02:00
.gitignore	gitignore	2022-07-19 11:50:05 +02:00
CHANGELOG.md	initial commit	2022-07-13 23:49:12 +02:00
gpgtool	reimplemented `create`/`extend`	2022-07-19 14:25:44 +02:00
gpgtool.example.conf	reimplemented `send`	2022-07-19 13:56:06 +02:00
LICENSE	initial commit	2022-07-13 23:49:12 +02:00
README.md	README: wording	2022-07-19 14:32:23 +02:00

README.md

GPGTool

Zsh script to manage GPG keys without storing the master key.

This is currently in a TESTING state. Do not use for production unless you can manually verify each step doesn’t accidentally leak into your main GnuPG keyring.

GPG lets you have sub keys for encryption and for signing without having access to the secret part of the master key. That way you can use your GPG key without fear of having your secure identity compromised should you ever “lose” your keys.

An attacker will be able to use the currently valid sub keys until you revoke them. They will never be able to create new sub keys for your master key.

So in case of compromise of your GPG key(s), whip out your securely stored master key, invalidate your current sub keys, make sure to propagate that e.g. via key server and generate new sub keys.

Installation

Download / clone this repo and put it somewhere. Either run gpgtools from there directly or put it in your PATH.

If you want to package this for your flavour for *nix, go ahead. It’s GPL.

Usage

FIXXME

(Optional) Configuration File

FIXXME

See gpgtool.example.conf.

F.A.Q.

Q: I want this as a bash script!

A: That’s not a question.

Q: Can I have this as a bash script?

A: No.

README.md Unescape Escape