# Initialize GPG

### Set the GPG directory

Using the [XDG Base Directory](https://wiki.archlinux.org/title/XDG_Base_Directory) locations for as many configuration files and output files (like keys, etc..) as possibles.

To configure the GnuPG in the config directory, set the `GNUPGHOME` environment variable using the [GnuPG Environment Documentation](https://www.gnupg.org/documentation/manuals/gnupg/gpgv.html#Environment) documentation.

### Export (and view) the environment variable

In [1]:
echo $GNUPGHOME
echo $PASSWORD_STORE_DIR

/home/jovyan/runtime/gpg
/home/jovyan/runtime/password-store


### Create the directory

In [2]:
mkdir --parents --verbose $GNUPGHOME

mkdir: created directory '/home/jovyan/runtime/gpg'


### Set proper permissions on the `$GNUPGHOME` directory

In [3]:
find $GNUPGHOME -type d | xargs -t chmod --verbose 700

chmod --verbose 700 /home/jovyan/runtime/gpg
mode of '/home/jovyan/runtime/gpg' changed from 0755 (rwxr-xr-x) to 0700 (rwx------)


### View the unattended configuration file

Creating a configuration file using the GnuPG [Unattended key generation](https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html#Unattended-GPG-key-generation) mode.

In [4]:
cat $WORK_DIR/gpg/batch.txt

%echo Generating a default key
Key-Type: default
Key-Length: 4096
Subkey-Type: default
Subkey-Length: 4096
Name-Real: Crypto User
Name-Comment: The GPG keys used for this tutorial.
Name-Email: crypto.user@server.com
Expire-Date: 0
# Passphrase: abc
%no-protection
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done


### Create the GPG key

In [5]:
gpg --verbose --generate-key --batch $WORK_DIR/gpg/batch.txt

gpg: keybox '/home/jovyan/runtime/gpg/pubring.kbx' created
gpg: Generating a default key
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: writing self signature
gpg: RSA/SHA512 signature from: "AD5EF3CDE0F54AC2 [?]"
gpg: writing key binding signature
gpg: RSA/SHA512 signature from: "AD5EF3CDE0F54AC2 [?]"
gpg: writing public key to '/home/jovyan/runtime/gpg/pubring.kbx'
gpg: /home/jovyan/runtime/gpg/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: key AD5EF3CDE0F54AC2 marked as ultimately trusted
gpg: directory '/home/jovyan/runtime/gpg/openpgp-revocs.d' created
gpg: writing to '/home/jovyan/runtime/gpg/openpgp-revocs.d/DC730069CBFD1344878C91C2AD5EF3CDE0F54AC2.rev'
gpg: RSA/SHA512 signature from: "AD5EF3CDE0F54AC2 Crypto User (The GPG keys used for this tutorial.) <crypto.user@server.com>"
gpg: revocation certificate stored as '/home/jovyan/runtime/gpg/openpgp-revocs.d/DC730069C

### View the output

In [6]:
ls -la $GNUPGHOME

total 28
drwx------ 1 jovyan dialout  224 Apr 24 20:51 .
drwxr-xr-x 1 jovyan dialout   96 Apr 24 20:51 ..
drwx------ 1 jovyan dialout   96 Apr 24 20:51 openpgp-revocs.d
drwx------ 1 jovyan dialout  128 Apr 24 20:51 private-keys-v1.d
-rw-r--r-- 1 jovyan dialout 2517 Apr 24 20:51 pubring.kbx
-rw------- 1 jovyan dialout   32 Apr 24 20:51 pubring.kbx~
-rw------- 1 jovyan dialout 1240 Apr 24 20:51 trustdb.gpg


### Set proper permissions on the `$GNUPGHOME` directory (and created sub directories)

In [7]:
find $GNUPGHOME -type d | xargs -t chmod --verbose 700

chmod --verbose 700 /home/jovyan/runtime/gpg /home/jovyan/runtime/gpg/private-keys-v1.d /home/jovyan/runtime/gpg/openpgp-revocs.d
mode of '/home/jovyan/runtime/gpg' retained as 0700 (rwx------)
mode of '/home/jovyan/runtime/gpg/private-keys-v1.d' retained as 0700 (rwx------)
mode of '/home/jovyan/runtime/gpg/openpgp-revocs.d' retained as 0700 (rwx------)


### Set proper permissions on the GPG key (and created files)

In [None]:
find $GNUPGHOME -type f | xargs -t chmod --verbose 600

# Initialize password-store

Reference [password-store Documentation Environment Variables](https://git.zx2c4.com/password-store/about/)

### Create the directory

In [9]:
mkdir --parent --verbose $PASSWORD_STORE_DIR

mkdir: created directory '/home/jovyan/runtime/password-store'


### Initialize the store with the GPG key

In [10]:
pass init crypto.user@server.com

Password store initialized for crypto.user@server.com


### Generate user password and add it to store

[pwgen man page](https://linux.die.net/man/1/pwgen), [password-store](https://www.passwordstore.org/)

In [11]:
pass generate user-password 20 --no-symbols

tr: write error: Broken pipe
tr: write error
[1mThe generated password for [4muser-password[24m is:[0m
[1m[93mvcbZPWoSvukzopidC8EF[0m


### Veiw the password

In [12]:
pass user-password

vcbZPWoSvukzopidC8EF
