Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] How to configure GPG key? #37

Closed
bastientanesie opened this issue May 23, 2018 · 13 comments
Closed

[QUESTION] How to configure GPG key? #37

bastientanesie opened this issue May 23, 2018 · 13 comments

Comments

@bastientanesie
Copy link

I'm trying to configure GPG key while using the nucleus command for a production environment.
I've stumbled upon #30, but cannot find a working solution.

I followed this GitHub guide to generate a GPG key pair and export them into seperate files.
I tried to copy the content of each files individually in the config.gpgSigningKey, then tried to copy both file contents inside the config key but all I got is this error message (while starting the serve with $ nucleus path/to/my/config.js):

nucleus: Checking GPG key +87ms
nucleus: Bad gpg key, invalid
GPG key is invalid or missing, you must provide "config.gpgSigningKey"

@MarshallOfSound can you tell me what value should we pass to config.gpgSigningKey?
@MarshallOfSound
Copy link
Contributor

@bastientanesie Your GPG value should look something like this

-----BEGIN PGP PUBLIC KEY BLOCK-----
SOME DATA STUFF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----
BUNCH OF DATA
-----END PGP PRIVATE KEY BLOCK-----

@bastientanesie
Copy link
Author

Thanks @MarshallOfSound, I got it to work! 👍

Here's what I did:

$ gpg --full-generate-key
Follow the instructions. Create your keys without any protection (empty passphrase).

$ gpg --list-secret-keys --keyid-format LONG
Looks like "rsa4096/C8E2A0E20C2AEB3B 2018-05-23 [...]", where "C8E2A0E20C2AEB3B" is your key ID.

$ gpg --armor --export YOUR_KEY_ID outputs your PUBLIC key.

$ gpg --armor --export-private-key YOUR_KEY_ID outputs your PRIVATE key.

In your config.js file, it should look like this:

 /**
   * GPG key to use when signing APT and YUM releases
   *
   * Requires to be unlocked (no password) and have both the private and
   * public key.
   */
  gpgSigningKey: `
-----BEGIN PGP PUBLIC KEY BLOCK-----

YOUR PUBLIC KEY CONTENTS

-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----

YOUR PRIVATE KEY CONTENTS

-----END PGP PRIVATE KEY BLOCK-----
`
};

Make sure you keep those blank lines before and after the key contents.

BTW, this GPG cheatsheet might be usefull 😉.

@MarshallOfSound
Copy link
Contributor

MarshallOfSound commented May 24, 2018
edited
Loading

@bastientanesie Would you be down to write up your journey as a step-by-step guide and PR it into the docs folder of this repository so others can benefit from your learnings? 😄

@bastientanesie
Copy link
Author

@MarshallOfSound sure thing, I just need to find some spare time now! 😅

@dmr
Copy link

dmr commented Jun 23, 2018

Thank you for the gpg manual!

gpg --armor --export-secret-key KEYID

--> Can this go into the Readme?

@dimthe
Copy link

dimthe commented Aug 27, 2018

i run into the same problem and trying to enter the gpg keys in the config.js .
all the gpg commands above work fine except the last one where you view your private key , this does not work . Any ideas ... ?

i get this

gpg --armor --export-private-key 77F3C65298639C4F
gpg: invalid option "--export-private-key"

@dimthe
Copy link

dimthe commented Aug 27, 2018

@MarshallOfSound can this issue be reopened ?

@astritzeqiri
Copy link

@dimthe try
gpg --armor --export-secret-key 77F3C65298639C4F

@bastientanesie
Copy link
Author

@dimthe it depends on the version of the gnupg package currently installed. @astritzeqiri's solution should work 👍.

@MarshallOfSound MarshallOfSound mentioned this issue Oct 18, 2018
Closed
@wuyue92tree
Copy link

gpg --list-secret-keys --keyid-format LONG

I followed your step.
but aways got this "GPG key is invalid or missing, you must provide "config.gpgSigningKey""

what my gpgSigningKey like:
`-----BEGIN PGP PUBLIC KEY BLOCK-----

data
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----

data
-----END PGP PRIVATE KEY BLOCK-----`

I'm not sure what wrong with it.

@wuyue92tree
Copy link

gpg --list-secret-keys --keyid-format LONG

I followed your step.
but aways got this "GPG key is invalid or missing, you must provide "config.gpgSigningKey""

what my gpgSigningKey like:
`-----BEGIN PGP PUBLIC KEY BLOCK-----

data
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----

data
-----END PGP PRIVATE KEY BLOCK-----`

I'm not sure what wrong with it.

It's worked!
I setup a password for private key. that's why always worng.

this is important!
` /**

  • GPG key to use when signing APT and YUM releases
  • Requires to be unlocked (no password) and have both the private and
  • public key.
    */`

@jezzdk jezzdk mentioned this issue May 16, 2020
Closed
@clark-97 clark-97 mentioned this issue Jul 2, 2020
Open
@SimonMARTIN87
Copy link

I fell into a quite frustrating trap...
The process for key verification relies on a small regex here, which expects gpg to output everything in plain english.

So be sure to set your LANG envvar to "en", otherwise the regex wont match, and the key verification will fail.

@jlamb1
Copy link

jlamb1 commented Jul 13, 2021

I had LANG set to en_US.UTF-8 and was failing, setting to 'en' helped. I also had to generate the gpg key as RSA following the above examples, not sure if that is necessary

@mdrokz mdrokz mentioned this issue Sep 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dmr @bastientanesie @MarshallOfSound @wuyue92tree @astritzeqiri @SimonMARTIN87 @dimthe @jlamb1