Browse Source

Increase gpg key security

Jon Azpiazu 10 months ago
parent
commit
480ac06686
3 changed files with 16 additions and 2 deletions
  1. 8
    0
      assets/gpg.conf.sh
  2. 1
    1
      assets/gpg_batch.sh
  3. 7
    1
      assets/startup.sh

+ 8
- 0
assets/gpg.conf.sh View File

@@ -0,0 +1,8 @@
1
+#!/bin/bash
2
+mkdir -p  ~/.gnupg/
3
+touch ~/.gnupg/gpg.conf
4
+cat >> ~/.gnupg/gpg.conf <<EOF
5
+personal-digest-preferences SHA256
6
+cert-digest-algo SHA256
7
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
8
+EOF

+ 1
- 1
assets/gpg_batch.sh View File

@@ -2,7 +2,7 @@
2 2
 cat << EOF > /opt/gpg_batch
3 3
 %echo Generating a GPG key, might take a while
4 4
 Key-Type: RSA
5
-Key-Length: 2048
5
+Key-Length: 4096
6 6
 Subkey-Type: ELG-E
7 7
 Subkey-Length: 1024
8 8
 Name-Real: ${FULL_NAME}

+ 7
- 1
assets/startup.sh View File

@@ -1,5 +1,9 @@
1 1
 #! /bin/bash
2 2
 
3
+if [[ ! -f /root/.gnupg/gpg.conf ]]; then
4
+  /opt/gpg.conf.sh
5
+fi
6
+
3 7
 # If the repository GPG keypair doesn't exist, create it.
4 8
 if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
5 9
   echo "Generating new gpg keys"
@@ -8,6 +12,8 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
8 12
   # If your system doesn't have a lot of entropy this may, take a long time
9 13
   # Google how-to create "artificial" entropy if this gets stuck
10 14
   gpg --batch --gen-key /opt/gpg_batch
15
+else
16
+  echo "No need to generate new gpg keys"
11 17
 fi
12 18
 
13 19
 # Export the GPG Public key
@@ -40,7 +46,7 @@ fi
40 46
 
41 47
 # Aptly looks in /root/.gnupg for default keyrings
42 48
 ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
43
-ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
49
+ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub 
44 50
 
45 51
 # Generate Nginx Config
46 52
 /opt/nginx.conf.sh

Loading…
Cancel
Save