AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Gpg For Mac Os Sierra5/9/2021
Since GnuPG 2.1 this has become much easier, and whilst there are some good tutorials out there, some are out of date.The basic idea is that instead of using ssh-agent for SSH authentication, well use gpg-agent.I mainly used bootcs wiki page and the notes on incenp.org, changing a few things in search of a cross-platform solution for macOS 10.12 and Debian 9 so that I have a unified set of config files that can be synced using git.I wont describe this process as there are plenty of blog posts out there that do, but in brief I would recommend creating a non-expiring master key with only the C (certify) capability perhaps keeping this offline and expiring subkeys for each other capability, as described in this post.
Note however that since GnuPG 2.1, you can delete the private part of your master key by deleting the appropriate file (named by keygrip, which you can obtain using gpg -K --with-keygrip ) in.gnupgprivate-keys-v1.d so you shouldnt need to --export-secret-subkeys and re-import them. Note the A showing that one of our subkeys has the authenticate capability. We can find the keygrip using gpg -K --with-keygrip and looking for the keygrip associated with the authentication subkey marked A. If you use bash, add the following into.bashprofile. I use zsh with oh my zsh, so I added the following to a script in.oh-my-zshcustom. These ensure that we are using gpg-agent s socket rather than ssh-agent s and that gpg-agent runs when your shell starts. Running gpg --export-ssh-key anneexample.org (replacing anneexample.org with the email address associated with your key) gives the following output, which you should add to.sshauthorizedkeys on the server to which youre connecting.
0 Comments
Read More
Leave a Reply. |