GPG Signing Keys

Note

The following assumes you have GnuPG (pkgs.gnupg) installed.

Creating new keys

1. Create GPG Signing Key
   • gpg --full-generate-key

     Parameter	Value
     Key Type	RSA (Sign Only)
     Key Size	4096
     Key Duration	3m

2. Save generated key ID for subsequent steps
3. Export public key
   • gpg --armour --export KEY_ID > gpg.pub
4. Add exported public key to Git Server
5. Update git signing key ID on host machine
   • This can be done by setting modules.shell.git.signingKey to the new KEY_ID initially provided in step one.

Removing old keys

gpg --delete-secret-key KEY_ID