Helm/Sign: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(14 intermediate revisions by the same user not shown)
Line 6: Line 6:
apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean
apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean
EXE
EXE
</syntaxhighlight>
==Helm » Package » Sign & Push==
<syntaxhighlight lang="bash">
gpg --list-keys
export HELM_EXPERIMENTAL_OCI=1
helm registry login harbor.chorke.org
helm package --sign --key info@chorke.org --keyring ${HOME}/.gnupg/pubring.kbx ./academia/
helm chart save ./academia-1.0.0.tgz harbor.chorke.org/helm/academia
helm chart push harbor.chorke.org/helm/academia:1.0.0
</syntaxhighlight>
</syntaxhighlight>


==GnuPG » Batch » Config==
==GnuPG » RSA » Batch » Config==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
export GPG_TTY=$(tty)
export GPG_TTY=$(tty)
Line 17: Line 26:
----
----
<syntaxhighlight lang="ini">
<syntaxhighlight lang="ini">
cat << CFG | tee ${HOME}/.config/gnupg/chorke.conf >/dev/null
cat << CFG | tee ${HOME}/.config/gnupg/chorke-rsa.conf >/dev/null
%echo Generating a GPG key
%echo Generating a GPG key
Key-Type: RSA
Key-Type: RSA
Line 32: Line 41:
</syntaxhighlight>
</syntaxhighlight>


==GnuPG » Generate » Keys==
==GnuPG » RSA » Generate » Keys==
<syntaxhighlight lang="bash">
export GPG_TTY=$(tty)
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!
 
gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-rsa.conf
gpg --output ${HOME}/.config/gnupg/chorke-rsa.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-rsa.key --armor --export-secret-key info@chorke.org
</syntaxhighlight>
 
==GnuPG » edDSA » Batch » Config==
<syntaxhighlight lang="bash">
export GPG_TTY=$(tty)
mkdir -p ${HOME}/.config/gnupg
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!
</syntaxhighlight>
----
<syntaxhighlight lang="ini">
cat << CFG | tee ${HOME}/.config/gnupg/chorke-ed25519.conf >/dev/null
%echo Generating a GPG key
Key-Type: eddsa
Key-Curve: ed25519
Key-Usage: sign
Subkey-Type: eddsa
Subkey-Curve: ed25519
Subkey-Usage: sign
Name-Real: Chorke Academia, Inc
Name-Email: info@chorke.org
Expire-Date: 1y
Passphrase: ${PASSPHRASE}
%commit
%echo Done
CFG
</syntaxhighlight>
 
==GnuPG » edDSA » Generate » Keys==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
export GPG_TTY=$(tty)
export GPG_TTY=$(tty)
Line 38: Line 84:
# Password: sadaqah!
# Password: sadaqah!


gpg --batch --generate-key ${HOME}/.config/gnupg/chorke.conf
gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-ed25519.conf
gpg --output ${HOME}/.config/gnupg/chorke.asc --armor --export info@chorke.org
gpg --output ${HOME}/.config/gnupg/chorke-ed25519.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke.key --armor --export-secret-key info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-ed25519.key --armor --export-secret-key info@chorke.org
</syntaxhighlight>
 
==GnuPG » Key » Terminology==
{|class='wikitable mw-collapsible'
!scope='col' style='width:800px'|
<code>gpg --list-keys</code>
|-
|valign='top'|
<syntaxhighlight lang="text">
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:  1  signed:  0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2026-06-27
/home/shahed/.gnupg/pubring.kbx
-------------------------------
pub  rsa3072 2025-06-27 [SCEAR] [expires: 2026-06-27]
      C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
uid          [ultimate] Chorke Academia, Inc <info@chorke.org>
sub  rsa3072 2025-06-27 [SEA] [expires: 2026-06-27]
</syntaxhighlight>
|-
|valign='top'|
'''Key-Usage:''' sign, auth, encrypt
|}
----
{|class='wikitable mw-collapsible'
!scope='col' style='width:800px' colspan='3'|
'''Key » Terminology'''
|-
!scope="col" style='width:100px'| Field
!scope="col" style='width:400px'| Value
!scope="col" style='width:240px'| Meaning
|-
| '''Key ID'''        || <code>A1349F92</code> (last 8 chars of fingerprint)                        || Short key ID
|-
| '''Long Key ID'''    || <code>75D4D308A1349F92</code> (last 16 chars)                              || Long key ID
|-
| '''Fingerprint'''    || <code>C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92</code>                      || Full 40-char key fingerprint
|-
| '''Email/UID'''      || <code>info@chorke.org</code>                                              || Used to reference key
|}
----
{|class='wikitable mw-collapsible'
!scope='col' style='width:800px' colspan='2'|
'''Key »  How to Use'''
|-
!scope="col" style='width:200px'| Use Case
!scope="col" style='width:500px'| Recommended Key Reference
|-
| Helm chart signing  || <code>C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92</code> (fingerprint)
|-
| GPG signing          || <code>info@chorke.org</code> or <code>A1349F92</code>
|-
| Export key          || <code>gpg --export A1349F92</code> or full fingerprint
|-
| Trust/verify (CI/CD) || Prefer '''full fingerprint''' to avoid collision risks
|}
 
==Playground==
{|
|valign='top'|
<syntaxhighlight lang="bash">
cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg.conf >/dev/null
use-agent
pinentry-mode loopback
CFG
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang="bash">
cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg-agent.conf >/dev/null
 
allow-loopback-pinentry
CFG
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang="bash">
gpgconf --kill gpg-agent
        file ${HOME}/.config/gnupg/chorke-rsa.asc
        file ${HOME}/.config/gnupg/chorke-rsa.key
gpg --import ${HOME}/.config/gnupg/chorke-rsa.key
</syntaxhighlight>
 
|-
|colspan='3'|
----
|-
|valign='top'|
<syntaxhighlight lang="bash">
gpg --list-secret-keys
gpg --list-signatures
gpg --list-keys
</syntaxhighlight>
 
|colspan='2'|
<syntaxhighlight lang="bash">
gpg --batch --yes --delete-secret-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --batch --yes --delete-keys        C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --list-signatures
</syntaxhighlight>
 
|-
|colspan='3'|
----
|-
|valign='top'|
<syntaxhighlight lang="bash">
gpg --delete-secret-keys A1349F92
gpg --delete-keys        A1349F92
gpg --list-signatures
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang="bash">
gpg --list-secret-keys info@chorke.org
gpg --list-signatures  info@chorke.org
gpg --list-keys        info@chorke.org
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang="bash">
gpg --edit-key info@chorke.org
gpg» help
gpg» quit
</syntaxhighlight>
</syntaxhighlight>
|}


==References==
==References==

Latest revision as of 05:37, 30 June 2025

cat <<'EXE'| sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean
EXE

Helm » Package » Sign & Push

gpg --list-keys
export HELM_EXPERIMENTAL_OCI=1
helm registry login harbor.chorke.org
helm package --sign --key info@chorke.org --keyring ${HOME}/.gnupg/pubring.kbx ./academia/
helm chart save ./academia-1.0.0.tgz harbor.chorke.org/helm/academia
helm chart push harbor.chorke.org/helm/academia:1.0.0

GnuPG » RSA » Batch » Config

export GPG_TTY=$(tty)
mkdir -p ${HOME}/.config/gnupg
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!

cat << CFG | tee ${HOME}/.config/gnupg/chorke-rsa.conf >/dev/null
%echo Generating a GPG key
Key-Type: RSA
Key-Length: 3072
Subkey-Type: RSA
Subkey-Length: 3072
Name-Real: Chorke Academia, Inc
Name-Email: info@chorke.org
Expire-Date: 1y
Passphrase: ${PASSPHRASE}
%commit
%echo Done
CFG

GnuPG » RSA » Generate » Keys

export GPG_TTY=$(tty)
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!

gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-rsa.conf
gpg --output ${HOME}/.config/gnupg/chorke-rsa.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-rsa.key --armor --export-secret-key info@chorke.org

GnuPG » edDSA » Batch » Config

export GPG_TTY=$(tty)
mkdir -p ${HOME}/.config/gnupg
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!

cat << CFG | tee ${HOME}/.config/gnupg/chorke-ed25519.conf >/dev/null
%echo Generating a GPG key
Key-Type: eddsa
Key-Curve: ed25519
Key-Usage: sign
Subkey-Type: eddsa
Subkey-Curve: ed25519
Subkey-Usage: sign
Name-Real: Chorke Academia, Inc
Name-Email: info@chorke.org
Expire-Date: 1y
Passphrase: ${PASSPHRASE}
%commit
%echo Done
CFG

GnuPG » edDSA » Generate » Keys

export GPG_TTY=$(tty)
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!

gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-ed25519.conf
gpg --output ${HOME}/.config/gnupg/chorke-ed25519.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-ed25519.key --armor --export-secret-key info@chorke.org

GnuPG » Key » Terminology

gpg --list-keys 

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2026-06-27
/home/shahed/.gnupg/pubring.kbx
-------------------------------
pub   rsa3072 2025-06-27 [SCEAR] [expires: 2026-06-27]
      C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
uid           [ultimate] Chorke Academia, Inc <info@chorke.org>
sub   rsa3072 2025-06-27 [SEA] [expires: 2026-06-27]

Key-Usage: sign, auth, encrypt

Key » Terminology

Field Value Meaning
Key ID A1349F92 (last 8 chars of fingerprint) Short key ID
Long Key ID 75D4D308A1349F92 (last 16 chars) Long key ID
Fingerprint C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 Full 40-char key fingerprint
Email/UID info@chorke.org Used to reference key

Key » How to Use

Use Case Recommended Key Reference
Helm chart signing C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 (fingerprint)
GPG signing info@chorke.org or A1349F92
Export key gpg --export A1349F92 or full fingerprint
Trust/verify (CI/CD) Prefer full fingerprint to avoid collision risks

Playground

cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg.conf >/dev/null
use-agent
pinentry-mode loopback
CFG

cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg-agent.conf >/dev/null

allow-loopback-pinentry
CFG

gpgconf --kill gpg-agent
        file ${HOME}/.config/gnupg/chorke-rsa.asc
        file ${HOME}/.config/gnupg/chorke-rsa.key
gpg --import ${HOME}/.config/gnupg/chorke-rsa.key

gpg --list-secret-keys
gpg --list-signatures
gpg --list-keys

gpg --batch --yes --delete-secret-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --batch --yes --delete-keys        C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --list-signatures

gpg --delete-secret-keys A1349F92
gpg --delete-keys        A1349F92
gpg --list-signatures

gpg --list-secret-keys info@chorke.org
gpg --list-signatures  info@chorke.org
gpg --list-keys        info@chorke.org

gpg --edit-key info@chorke.org
gpg» help
gpg» quit

References

Retrieved from "https://wiki.chorke.org/index.php?title=Helm/Sign&oldid=15131"