Helm/Sign

From Chorke Wiki
Jump to navigation Jump to search 
cat <<'EXE'| sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg && apt-get clean
EXE

GnuPG » RSA » Batch » Config

export GPG_TTY=$(tty)
mkdir -p ${HOME}/.config/gnupg
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!

cat << CFG | tee ${HOME}/.config/gnupg/chorke.conf >/dev/null
%echo Generating a GPG key
Key-Type: RSA
Key-Length: 3072
Subkey-Type: RSA
Subkey-Length: 3072
Name-Real: Chorke Academia, Inc
Name-Email: info@chorke.org
Expire-Date: 1y
Passphrase: ${PASSPHRASE}
%commit
%echo Done
CFG

GnuPG » RSA » Generate » Keys

export GPG_TTY=$(tty)
echo -n 'Password: ';read -s PASSPHRASE;export PASSPHRASE;echo
# Password: sadaqah!

gpg --batch --generate-key ${HOME}/.config/gnupg/chorke.conf
gpg --output ${HOME}/.config/gnupg/chorke.asc --armor --export info@chorke.org
gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --output ${HOME}/.config/gnupg/chorke.key --armor --export-secret-key info@chorke.org

GnuPG » Key » Terminology

gpg --list-keys 

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2026-06-27
/home/shahed/.gnupg/pubring.kbx
-------------------------------
pub   rsa3072 2025-06-27 [SCEAR] [expires: 2026-06-27]
      C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
uid           [ultimate] Chorke Academia, Inc <info@chorke.org>
sub   rsa3072 2025-06-27 [SEA] [expires: 2026-06-27]

Key » Terminology

Field Value Meaning
Key ID A1349F92 (last 8 chars of fingerprint) Short key ID
Long Key ID 75D4D308A1349F92 (last 16 chars) Long key ID
Fingerprint C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 Full 40-char key fingerprint
Email/UID info@chorke.org Used to reference key

Key » How to Use

Use Case Recommended Key Reference
Helm chart signing C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92 (fingerprint)
GPG signing info@chorke.org or A1349F92
Export key gpg --export A1349F92 or full fingerprint
Trust/verify (CI/CD) Prefer full fingerprint to avoid collision risks

Playground

cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg.conf >/dev/null
use-agent
pinentry-mode loopback
CFG

cat <<'CFG'| tee -a ${HOME}/.gnupg/gpg-agent.conf >/dev/null

allow-loopback-pinentry
CFG

gpgconf --kill gpg-agent
        file ${HOME}/.config/gnupg/chorke.asc
        file ${HOME}/.config/gnupg/chorke.key
gpg --import ${HOME}/.config/gnupg/chorke.key

gpg --list-secret-keys
gpg --list-signatures
gpg --list-keys

gpg --batch --yes --delete-secret-keys C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --batch --yes --delete-keys        C9C2EDE5CBCF39BF574B0B3175D4D308A1349F92
gpg --list-signatures

gpg --delete-secret-keys A1349F92
gpg --delete-keys        A1349F92
gpg --list-signatures

gpg --list-secret-keys info@chorke.org
gpg --list-signatures  info@chorke.org
gpg --list-keys        info@chorke.org

References

Retrieved from "https://wiki.chorke.org/index.php?title=Helm/Sign&oldid=15126"