Based on a guide by Alex Cabal
# 4 words, length 3-5
$ awk 'legnth >= 3 && length <= 5' <wordlist> | shuf -n4
$ gpg --full-generate-key
$ gpg --export-secret-keys --armor null@null.com > password-storage-private.asc
$ gpg --export --armor null@null.com > password-storage-public.asc
$ sudo dnf install paperkey
$ gpg --export-secret-keys null@null.com | paperkey --output password-storage.paperkey
# Commands executed in container:
$ setup-alpine
# Hostname? pgp-mgr
# Ip address for eth0? <dhcp>
# Root passwod? J$
# Which disk(s) would you like to use? sda
# How would you like to use it? sys
# What timezone are you in? UTC
# Which SSH server? none
$ apk update
$ apk upgrade
$ apk add gnupg
$ sed -i -e 's/^#\(.*testing\)/\1/' /etc/apk/repositores # enable testing repo
$ apk add paperkey
At this point disable the network connection from the VM manager and reboot
# 4 words, length 3-5
$ awk 'legnth >= 3 && length <= 5' <wordlist> | shuf -n4
$ gpg --full-generate-key
$ gpg --edit-key <key email>
gpg> addphoto
gpg> addkey
gpg> save
$ gpg --output <key email>-gpg-revocation-certificate --gen-revoke <key email>
$ gpg --export-secret-keys --armor <key email> > <key email>-private.gpg-key
$ gpg --export --armor <key email> > <key email>-public.gpg-key
$ mkdir /tmp/gpg
$ sudo mount -t ramfs -o size=1M ramfs /tmp/gpg
$ sudo chown $(logname):$(logname) /tmp/gpg
$ gpg --export-secret-subkeys <key email> > /tmp/gpg/subkeys
$ gpg --delete-secret-key <key email>
$ gpg --import /tmp/gpg/subkeys
$ sudo umount /tmp/gpg
$ rmdir /tmp/gpg
$ gpg --list-secret-keys
$ gpg --send-keys <key ID>
$ gpg --import /path/to/<key email>-public.gpg-key /path/to/<key email>-private.gpg-key
$ gpg --edit-key <key email>
gpg> key <n>
gpg> key <n>
gpg> revkey
gpg> save
$ gpg --import <key email>-gpg-revocation-certificate
$ gpg --keyserver <key server> --send-keys <key ID>
$ gpg --keyserver <key server> --recv <key ID>
$ gpg --import <key email>-gpg-revocation-certificate
$ gpg --keyserver <key server> --send-keys <key ID>
$ mount -t vfat /dev/sdb1 /media/usb
$ cp ~/password* /media/usb
$ umount /media/usb
$ gpg --import password-storage-private.asc
Can I make this into a pipeline?
$ gpg --dearmor password-storage-public.asc
$ paperkey --pubring password-storage-public.asc.gpg --secrets password-storage.paperkey --output private.key
$ gpg --import private.key