67 lines
1.6 KiB
Markdown
67 lines
1.6 KiB
Markdown
# GPGTool
|
||
|
||
Zsh script to manage GPG keys without storing the master key in your main GnuPG
|
||
keyring.
|
||
|
||
**This is currently in a *TESTING* state. Do not use for production unless you
|
||
can manually verify each step doesn’t accidentally leak into your main GnuPG
|
||
keyring.**
|
||
|
||
GPG lets you have sub keys for encryption and for signing without having access
|
||
to the secret part of the master key. That way you can use your GPG key without
|
||
fear of having your secure identity compromised should you ever “lose” your
|
||
keys.
|
||
|
||
An attacker will be able to use the currently valid sub keys until you revoke
|
||
them. They will _never_ be able to create new sub keys for your master key.
|
||
|
||
So in case of compromise of your GPG key(s)
|
||
|
||
1. whip out your securely stored master key,
|
||
2. revoke your current sub keys,
|
||
3. make sure to propagate that e.g. via key server and
|
||
4. generate new sub keys.
|
||
|
||
## How It Works
|
||
|
||
FIXXME
|
||
|
||
## Installation
|
||
|
||
Download / clone this repo and put it somewhere. Either run `gpgtools` from
|
||
there directly or put it in your `PATH`.
|
||
|
||
If you want to package this for your flavour for \*nix, go ahead. It’s GPL.
|
||
|
||
## Usage
|
||
|
||
### Open the Key Safe
|
||
|
||
FIXXME
|
||
|
||
### Work with Your Keys
|
||
|
||
FIXXME
|
||
|
||
### Close the Key Safe
|
||
|
||
FIXXME
|
||
|
||
## (Optional) Configuration File
|
||
|
||
FIXXME
|
||
|
||
See [`gpgtool.example.conf`](gpgtool.example.conf).
|
||
|
||
## F.A.Q.
|
||
|
||
**Q:** I want this as a bash script!
|
||
|
||
**A:** That’s not a question.
|
||
|
||
**Q:** Can I have this as a bash script?
|
||
|
||
**A:** No.
|
||
|
||
[](https://github.com/sponsors/alterNERDtive)
|
||
[](https://ko-fi.com/S6S1DLYBS)
|