Helm/Sign: Difference between revisions
Jump to navigation
Jump to search
| (10 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean | apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean | ||
EXE | EXE | ||
</syntaxhighlight> | |||
==Helm » Package » Sign & Push== | |||
<syntaxhighlight lang="bash"> | |||
gpg --list-keys | |||
export HELM_EXPERIMENTAL_OCI=1 | |||
helm registry login harbor.chorke.org | |||
helm package --sign --key info@chorke.org --keyring ${HOME}/.gnupg/pubring.kbx ./academia/ | |||
helm chart save ./academia-1.0.0.tgz harbor.chorke.org/helm/academia | |||
helm chart push harbor.chorke.org/helm/academia:1.0.0 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
==GnuPG » Batch » Config== | ==GnuPG » RSA » Batch » Config== | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
export GPG_TTY=$(tty) | export GPG_TTY=$(tty) | ||
| Line 17: | Line 26: | ||
---- | ---- | ||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
cat << CFG | tee ${HOME}/.config/gnupg/chorke.conf >/dev/null | cat << CFG | tee ${HOME}/.config/gnupg/chorke-rsa.conf >/dev/null | ||
%echo Generating a GPG key | %echo Generating a GPG key | ||
Key-Type: RSA | Key-Type: RSA | ||
| Line 32: | Line 41: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==GnuPG » Generate » Keys== | ==GnuPG » RSA » Generate » Keys== | ||
<syntaxhighlight lang="bash"> | |||
export GPG_TTY=$(tty) | |||
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo | |||
# Password: sadaqah! | |||
gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-rsa.conf | |||
gpg --output ${HOME}/.config/gnupg/chorke-rsa.asc --armor --export info@chorke.org | |||
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-rsa.key --armor --export-secret-key info@chorke.org | |||
</syntaxhighlight> | |||
==GnuPG » edDSA » Batch » Config== | |||
<syntaxhighlight lang="bash"> | |||
export GPG_TTY=$(tty) | |||
mkdir -p ${HOME}/.config/gnupg | |||
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo | |||
# Password: sadaqah! | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="ini"> | |||
cat << CFG | tee ${HOME}/.config/gnupg/chorke-ed25519.conf >/dev/null | |||
%echo Generating a GPG key | |||
Key-Type: eddsa | |||
Key-Curve: ed25519 | |||
Key-Usage: sign | |||
Subkey-Type: eddsa | |||
Subkey-Curve: ed25519 | |||
Subkey-Usage: sign | |||
Name-Real: Chorke Academia, Inc | |||
Name-Email: info@chorke.org | |||
Expire-Date: 1y | |||
Passphrase: ${PASSPHRASE} | |||
%commit | |||
%echo Done | |||
CFG | |||
</syntaxhighlight> | |||
==GnuPG » edDSA » Generate » Keys== | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
export GPG_TTY=$(tty) | export GPG_TTY=$(tty) | ||
| Line 38: | Line 84: | ||
# Password: sadaqah! | # Password: sadaqah! | ||
gpg --batch --generate-key ${HOME}/.config/gnupg/chorke.conf | gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-ed25519.conf | ||
gpg --output ${HOME}/.config/gnupg/chorke.asc --armor --export info@chorke.org | gpg --output ${HOME}/.config/gnupg/chorke-ed25519.asc --armor --export info@chorke.org | ||
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke.key --armor --export-secret-key info@chorke.org | gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-ed25519.key --armor --export-secret-key info@chorke.org | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==GnuPG » Key » Terminology== | ==GnuPG » Key » Terminology== | ||
{|class='wikitable mw-collapsible' | |||
!scope='col' style='width:800px'| | |||
<code>gpg --list-keys</code> | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="text"> | |||
gpg: checking the trustdb | |||
gpg: marginals needed: 3 completes needed: 1 trust model: pgp | |||
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u | |||
gpg: next trustdb check due at 2026-06-27 | |||
/home/shahed/.gnupg/pubring.kbx | |||
------------------------------- | |||
pub rsa3072 2025-06-27 [SCEAR] [expires: 2026-06-27] | |||
C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 | |||
uid [ultimate] Chorke Academia, Inc <info@chorke.org> | |||
sub rsa3072 2025-06-27 [SEA] [expires: 2026-06-27] | |||
</syntaxhighlight> | |||
|- | |||
|valign='top'| | |||
'''Key-Usage:''' sign, auth, encrypt | |||
|} | |||
---- | |||
{|class='wikitable mw-collapsible' | {|class='wikitable mw-collapsible' | ||
!scope='col' style='width:800px' colspan='3'| | !scope='col' style='width:800px' colspan='3'| | ||
| Line 59: | Line 127: | ||
|- | |- | ||
| '''Email/UID''' || <code>info@chorke.org</code> || Used to reference key | | '''Email/UID''' || <code>info@chorke.org</code> || Used to reference key | ||
|} | |||
---- | |||
{|class='wikitable mw-collapsible' | |||
!scope='col' style='width:800px' colspan='2'| | |||
'''Key » How to Use''' | |||
|- | |||
!scope="col" style='width:200px'| Use Case | |||
!scope="col" style='width:500px'| Recommended Key Reference | |||
|- | |||
| Helm chart signing || <code>C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92</code> (fingerprint) | |||
|- | |||
| GPG signing || <code>info@chorke.org</code> or <code>A1349F92</code> | |||
|- | |||
| Export key || <code>gpg --export A1349F92</code> or full fingerprint | |||
|- | |||
| Trust/verify (CI/CD) || Prefer '''full fingerprint''' to avoid collision risks | |||
|} | |} | ||
| Line 82: | Line 166: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
gpgconf --kill gpg-agent | gpgconf --kill gpg-agent | ||
file ${HOME}/.config/gnupg/chorke.asc | file ${HOME}/.config/gnupg/chorke-rsa.asc | ||
file ${HOME}/.config/gnupg/chorke.key | file ${HOME}/.config/gnupg/chorke-rsa.key | ||
gpg --import ${HOME}/.config/gnupg/chorke.key | gpg --import ${HOME}/.config/gnupg/chorke-rsa.key | ||
</syntaxhighlight> | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
gpg --list-secret-keys | |||
gpg --list-signatures | |||
gpg --list-keys | |||
</syntaxhighlight> | |||
|colspan='2'| | |||
<syntaxhighlight lang="bash"> | |||
gpg --batch --yes --delete-secret-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 | |||
gpg --batch --yes --delete-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 | |||
gpg --list-signatures | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 93: | Line 195: | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
gpg --delete-secret-keys A1349F92 | |||
gpg --delete-keys A1349F92 | |||
gpg --list-signatures | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
gpg --list-secret-keys info@chorke.org | |||
gpg --list-signatures info@chorke.org | |||
gpg --list-keys info@chorke.org | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
gpg --edit-key info@chorke.org | |||
gpg» help | |||
gpg» quit | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |} | ||
Latest revision as of 05:37, 30 June 2025
cat <<'EXE'| sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean
EXE
Helm » Package » Sign & Push
gpg --list-keys
export HELM_EXPERIMENTAL_OCI=1
helm registry login harbor.chorke.org
helm package --sign --key info@chorke.org --keyring ${HOME}/.gnupg/pubring.kbx ./academia/
helm chart save ./academia-1.0.0.tgz harbor.chorke.org/helm/academia
helm chart push harbor.chorke.org/helm/academia:1.0.0
GnuPG » RSA » Batch » Config
export GPG_TTY=$(tty)
mkdir -p ${HOME}/.config/gnupg
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!
cat << CFG | tee ${HOME}/.config/gnupg/chorke-rsa.conf >/dev/null
%echo Generating a GPG key
Key-Type: RSA
Key-Length: 3072
Subkey-Type: RSA
Subkey-Length: 3072
Name-Real: Chorke Academia, Inc
Name-Email: info@chorke.org
Expire-Date: 1y
Passphrase: ${PASSPHRASE}
%commit
%echo Done
CFG
GnuPG » RSA » Generate » Keys
export GPG_TTY=$(tty)
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!
gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-rsa.conf
gpg --output ${HOME}/.config/gnupg/chorke-rsa.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-rsa.key --armor --export-secret-key info@chorke.org
GnuPG » edDSA » Batch » Config
export GPG_TTY=$(tty)
mkdir -p ${HOME}/.config/gnupg
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!
cat << CFG | tee ${HOME}/.config/gnupg/chorke-ed25519.conf >/dev/null
%echo Generating a GPG key
Key-Type: eddsa
Key-Curve: ed25519
Key-Usage: sign
Subkey-Type: eddsa
Subkey-Curve: ed25519
Subkey-Usage: sign
Name-Real: Chorke Academia, Inc
Name-Email: info@chorke.org
Expire-Date: 1y
Passphrase: ${PASSPHRASE}
%commit
%echo Done
CFG
GnuPG » edDSA » Generate » Keys
export GPG_TTY=$(tty)
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!
gpg --batch --generate-key ${HOME}/.config/gnupg/chorke-ed25519.conf
gpg --output ${HOME}/.config/gnupg/chorke-ed25519.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke-ed25519.key --armor --export-secret-key info@chorke.org
GnuPG » Key » Terminology
|
|
|---|
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2026-06-27
/home/shahed/.gnupg/pubring.kbx
-------------------------------
pub rsa3072 2025-06-27 [SCEAR] [expires: 2026-06-27]
C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
uid [ultimate] Chorke Academia, Inc <info@chorke.org>
sub rsa3072 2025-06-27 [SEA] [expires: 2026-06-27]
|
Key-Usage: sign, auth, encrypt |
|
Key » Terminology | ||
|---|---|---|
| Field | Value | Meaning |
| Key ID | A1349F92 (last 8 chars of fingerprint) |
Short key ID |
| Long Key ID | 75D4D308A1349F92 (last 16 chars) |
Long key ID |
| Fingerprint | C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 |
Full 40-char key fingerprint |
| Email/UID | info@chorke.org |
Used to reference key |
|
Key » How to Use | |
|---|---|
| Use Case | Recommended Key Reference |
| Helm chart signing | C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 (fingerprint)
|
| GPG signing | info@chorke.org or A1349F92
|
| Export key | gpg --export A1349F92 or full fingerprint
|
| Trust/verify (CI/CD) | Prefer full fingerprint to avoid collision risks |
Playground
cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg.conf >/dev/null
use-agent
pinentry-mode loopback
CFG
|
cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg-agent.conf >/dev/null
allow-loopback-pinentry
CFG
|
gpgconf --kill gpg-agent
file ${HOME}/.config/gnupg/chorke-rsa.asc
file ${HOME}/.config/gnupg/chorke-rsa.key
gpg --import ${HOME}/.config/gnupg/chorke-rsa.key
|
|
| ||
gpg --list-secret-keys
gpg --list-signatures
gpg --list-keys
|
gpg --batch --yes --delete-secret-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --batch --yes --delete-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --list-signatures
| |
|
| ||
gpg --delete-secret-keys A1349F92
gpg --delete-keys A1349F92
gpg --list-signatures
|
gpg --list-secret-keys info@chorke.org
gpg --list-signatures info@chorke.org
gpg --list-keys info@chorke.org
|
gpg --edit-key info@chorke.org
gpg» help
gpg» quit
|
References
|
| ||
|
| ||