---
title: Keys
description: 
published: true
date: 2023-11-07T22:55:37.899Z
tags: 
editor: markdown
dateCreated: 2023-11-07T22:55:37.899Z
---

# SSH

## Keygen

```shell
ssh-keygen -t rsa -b 4096 -C "fran@franpenedo.com"
ssh-keygen -t ed25519 -C "fran@franpenedo.com" -f ~/.ssh/key
```

## Authorized keys

Restrict key to execute a command with agent forwarding:

```
command="echo foo",restrict,agent-forwarding ssh-rsa AAABBBCCC...
```

## Agent forwarding

Spawn a new empty ssh-agent inside a subshell, then populate it with needed keys.

```shell
     (
         eval $(ssh-agent) >/dev/null
         ssh-add ~/.ssh/key
         # -A for agent forwarding
         ssh -A user@host "command"
         kill ${SSH_AGENT_PID}
     )
```

# GPG
  
## Keys

List keys:

```shell
gpg --list-secret-keys --keyid-format LONG
```

- [E]: encrypting key
- [S]: signing key

Export subkeys:

```shell
gpg --armor --export-secret-subkeys fran@franpenedo.com | gpg --armor --symmetric --output mykey.sec.asc
```
   
# DNIe
  
## Arch linux

Install `libpkcs11-dnie` and `dnieremote-bin` from AUR. Possibly `ca-certificates-{fnmt,dnie}` needed.
   
## Firefox

Load security device `/usr/lib/libdnieremotepkcs11.so`. Might need to restart.

## Android

Install `Lector de DNIe para PC, usando el movil` from `CNP-FNMT`.