diff --git a/keys.md b/keys.md
new file mode 100644
index 0000000..3643ec7
--- /dev/null
+++ b/keys.md
@@ -0,0 +1,74 @@
+---
+title: Keys
+description: 
+published: true
+date: 2023-11-07T22:55:37.899Z
+tags: 
+editor: markdown
+dateCreated: 2023-11-07T22:55:37.899Z
+---
+
+# SSH
+
+## Keygen
+
+```shell
+ssh-keygen -t rsa -b 4096 -C "fran@franpenedo.com"
+ssh-keygen -t ed25519 -C "fran@franpenedo.com" -f ~/.ssh/key
+```
+
+## Authorized keys
+
+Restrict key to execute a command with agent forwarding:
+
+```
+command="echo foo",restrict,agent-forwarding ssh-rsa AAABBBCCC...
+```
+
+## Agent forwarding
+
+Spawn a new empty ssh-agent inside a subshell, then populate it with needed keys.
+
+```shell
+     (
+         eval $(ssh-agent) >/dev/null
+         ssh-add ~/.ssh/key
+         # -A for agent forwarding
+         ssh -A user@host "command"
+         kill ${SSH_AGENT_PID}
+     )
+```
+
+# GPG
+  
+## Keys
+
+List keys:
+
+```shell
+gpg --list-secret-keys --keyid-format LONG
+```
+
+- [E]: encrypting key
+- [S]: signing key
+
+Export subkeys:
+
+```shell
+gpg --armor --export-secret-subkeys fran@franpenedo.com | gpg --armor --symmetric --output mykey.sec.asc
+```
+   
+# DNIe
+  
+## Arch linux
+
+Install `libpkcs11-dnie` and `dnieremote-bin` from AUR. Possibly `ca-certificates-{fnmt,dnie}` needed.
+   
+## Firefox
+
+Load security device `/usr/lib/libdnieremotepkcs11.so`. Might need to restart.
+
+## Android
+
+Install `Lector de DNIe para PC, usando el movil` from `CNP-FNMT`.
+