2.3 KiB
Personal PGP Key Provisioning
Requirements
-
- Provided by Air-Gapped Bundle
- Alternative: Create your own from documentation in AirgapOS Repository
-
AirgapOS Laptop
- Provided by Air-Gapped Bundle
- Alternative: Computer that can load AirgapOS (compatibility reference)
{{ #include ../../component-documents/linux-workstation.md:content }}
-
1+ Smart Card
- At least 1 primary smart card
- Any number of backup smart cards
-
1 Transfer SD card
- Document will assume the card is labelled as "TRANSFER"
Process
- If using pre-sealed Cold Bundle unseal as follows:
{{ #include ../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
- Boot AirgapOS Laptop
{{ #include ../../component-documents/openpgp-setup.md:steps-keyfork}}
-
Power down AirgapOS Laptop
-
Switch to Linux Workstation
-
Attach SD card from AirgapOS machine
-
Attach smartcard provisioned with AirgapOS machine
-
Import newly generated public key into local keychain
$ gpg --import /media/TRANSFER/*.pub.asc
{{ #include ../../component-documents/git-commit-signing.md:steps }}
-
Push new key material to Vaults repository
a. Clone repository (if not done previously)
$ git clone <vaults_repository_url> ~/vaultsb. Checkout main branch
$ cd ~/vaults $ git checkout main $ git pull origin mainc. Commit and push modifications
$ cp /media/TRANSFER/*.asc keys/all $ git add . $ git commit -S -m "add <name> pgp key" $ git push origin main -
Communicate your new key fingerprint to all other participants:
-
Preferred: In person
-
Fallback: via two logically distinct online communications methods (e.g. encrypted chat, and video call)
-
-
Get confirmation they have imported your key to their keychains
- e.g.
gpg --import <your_key_id>.asc - Confirm this is done for keyrings on workstations used to interact with the Vaults repository
- e.g.