From 09d4ea8429b93093f120de109134e33cfd279e68 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Fri, 10 Mar 2023 18:12:25 -0800 Subject: documentation: clean up Delete gnome's keyring documentation, I will not be using it anymore, so no need to keep this around. Add documentation about how to manage secrets, and clean up wireguard's documentation. --- docs/gnome-keyring.org | 66 -------------------------------------------------- 1 file changed, 66 deletions(-) delete mode 100644 docs/gnome-keyring.org (limited to 'docs/gnome-keyring.org') diff --git a/docs/gnome-keyring.org b/docs/gnome-keyring.org deleted file mode 100644 index 35480e5..0000000 --- a/docs/gnome-keyring.org +++ /dev/null @@ -1,66 +0,0 @@ -#+TITLE: gnome-keyring-daemon setup - -It seems that there's a lot of hate for the =gnome-keyring-daemon= online, so I might be missing something. But on my end, it seems to simplifies a few things and there are no more prompt when I log into my session about various keys. - -* gnome-keyring-daemon -It looks like we need to install a few packages: -- =gnome-keyring= -- =seahorse= - -There is a [[file:~/workspace/linux-desktop/systemd/gnome-keyring.service][unit]] that ensure it starts when we log in a session. - -Using =seahorse=, we can see which secrets / keys are managed by it. - -Additional documentations: -- [[https://wiki.archlinux.org/title/GNOME/Keyring][arch wiki]] -* PGP -** Unlocking the key -The keyring daemon unlocks the key for us. -** Backup the key -To backup the key, do -#+begin_src sh -gpg --export-secret-keys --armor franck@fcuny.net > ~/documents/backups/gpg-secret-key-backup.asc -#+end_src - -To see the list of keys: -#+begin_src sh :results verbatim raw -gpg --list-secret-keys -#+end_src - -#+RESULTS: -/home/fcuny/.gnupg/pubring.kbx ------------------------------- -sec rsa4096 2021-09-13 [SC] - 23348B57F01D4234B5CFBA0923208AC01EB6EEA1 -uid [ultimate] Franck Cuny -ssb rsa4096 2021-09-13 [E] - -To export the trusted keys: -#+begin_src sh -gpg --export-ownertrust > ~/documents/backups/gpg-trusteddb-backup.txt -#+end_src - -** Restore the key -To restore the key from the backup -#+begin_src sh -gpg --import ~/documents/backups/gpg-secret-key-backup.asc -#+end_src - -To restore the trusted db: -#+begin_src sh -gpg --import-ownertrust < ~/documents/backups/gpg-trusteddb-backup.txt -#+end_src - -If you don't import the trusted db you need to set your key as trusted -#+begin_src -gpg --edit-key franck@fcuny.net -gpg> trust -gpg> save -#+end_src -** Configuration for the agent -In =$HOME/.gnupg/gpg-agent.conf= -#+begin_src conf -pinentry-program /usr/bin/pinentry-gnome3 -#+end_src -* SSH -As the keyring daemon manages our ssh key, all we need to do is to export =SSH_AUTH_SOCK= to where the socket started by the daemon is. This is done in [[file:~/workspace/linux-desktop/dotfiles/pam_environment][pam_environment]]. -- cgit v1.2.3