🧠 Michael Cordell's Brain Dump

Search

SearchSearch

GnuPG (gpg)

Aug 30, 20241 min read

Refreshing sub-key

From a live CD, you may have to WiFi From the Command Line1.

I’ve created a script that can do most of this from Debian 12 Live cd:

wget -O key-renew.sh https://brain.mikecordell.com/ox-hugo/key-renew.sh

Alternatively:

sudo apt-get update; sudo apt-get upgrade
sudo apt -y install wget gnupg2 gnupg-agent dirmngr cryptsetup scdaemon pcscd secure-delete yubikey-personalization vim
export MYHOME=$(mktemp -d mytemp$(date +%Y%m%d)_XXX)
export GNUPGHOME=$(mktemp -d -t gnupg_$(date +%Y%m%d)_XXX)
wget -O $GNUPGHOME/gpg.conf https://raw.githubusercontent.com/drduh/config/master/gpg.conf

Mount the key files

# Enter passphrase
cryptsetup luksOpen /dev/sdc1 secret
mount /dev/mapper/secret /mnt/encrypted-storage
cd /mnt/encrypted-storage/

Import the keyfile

gpg --import mastersub.key
export KEYID=$(gpg --list-key | grep -o "0x[^ ]*")
echo $KEYID
gpg --edit-key $KEYID
mkdir /mnt/transfer
mount /dev/sdd1 /mnt/transfer/
gpg --armor --export $KEYID > gpg-$KEYID-$(date +%F).asc

1. Duh. YubiKey-Guide/README.md at master drduh/YubiKey-Guide. GitHub.

Graph View

Backlinks