Setup PGP

[jackboberg]

On a new install, I want to retain my PGP setup.

• maintain a private export of my keys
• import keys during setup
• test keys and report errors during setup
• maybe: automate exporting

[jackboberg]

I have a local function that seems to provide most of this, using 1Password to store exports from gpg:

setup_pgp () {
    msg_info "==> Setting up pgp keys…"

    # Authenticate with my.1password.com:
    eval $(op signin my)

    op get document XXXXXX | gpg --import
    op get document XXXXXX | gpg --allow-secret-key-import --import
    op get document XXXXXX | gpg --import-ownertrust

    msg "==> Testing pgp setup…"
    # may need to restart agent here
    # `echo RELOADAGENT | gpg-connect-agent`
    echo "test" | gpg --clearsign
}

I'm not sure yet how I feel about committing the 1Password object IDs... 🤔

Additionally reviewing if I want to add ~/.gnupg/gpg.conf to rcm here, or as a part of my 'secure' files managed in iCloud Drive.

auto-key-retrieve
no-emit-version
default-key XXXXXXXXXX

[jackboberg]

This is the process I used to create the files referenced from 1Password:

gpg -a --export >mypubkeys.asc
gpg -a --export-secret-keys >myprivatekeys.asc
gpg --export-ownertrust >otrust.txt

[enewbury]

You could also list objects with

op list documents

then filter the json array by the overview.title field, grabbing the uuid field so then you can op get document <uuid>
Granted once you get into parsing/filtering arrays, it might make sense to put this in a little ruby script or something.