Increase gpg key security

This commit is contained in:
Jon Azpiazu 2018-05-30 17:03:37 +02:00
parent 89f0e23792
commit 480ac06686
3 changed files with 16 additions and 2 deletions

8
assets/gpg.conf.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
mkdir -p ~/.gnupg/
touch ~/.gnupg/gpg.conf
cat >> ~/.gnupg/gpg.conf <<EOF
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
EOF

View File

@ -2,7 +2,7 @@
cat << EOF > /opt/gpg_batch
%echo Generating a GPG key, might take a while
Key-Type: RSA
Key-Length: 2048
Key-Length: 4096
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: ${FULL_NAME}

View File

@ -1,5 +1,9 @@
#! /bin/bash
if [[ ! -f /root/.gnupg/gpg.conf ]]; then
/opt/gpg.conf.sh
fi
# If the repository GPG keypair doesn't exist, create it.
if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
echo "Generating new gpg keys"
@ -8,6 +12,8 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
# If your system doesn't have a lot of entropy this may, take a long time
# Google how-to create "artificial" entropy if this gets stuck
gpg --batch --gen-key /opt/gpg_batch
else
echo "No need to generate new gpg keys"
fi
# Export the GPG Public key
@ -40,7 +46,7 @@ fi
# Aptly looks in /root/.gnupg for default keyrings
ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
# Generate Nginx Config
/opt/nginx.conf.sh