Increase gpg key security

assets/gpg.conf.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+mkdir -p  ~/.gnupg/
+touch ~/.gnupg/gpg.conf
+cat >> ~/.gnupg/gpg.conf <<EOF
+personal-digest-preferences SHA256
+cert-digest-algo SHA256
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+EOF

assets/gpg_batch.sh

@@ -2,7 +2,7 @@
 cat << EOF > /opt/gpg_batch
 %echo Generating a GPG key, might take a while
 Key-Type: RSA
-Key-Length: 2048
+Key-Length: 4096
 Subkey-Type: ELG-E
 Subkey-Length: 1024
 Name-Real: ${FULL_NAME}

assets/startup.sh

@@ -1,5 +1,9 @@
 #! /bin/bash
 
+if [[ ! -f /root/.gnupg/gpg.conf ]]; then
+  /opt/gpg.conf.sh
+fi
+
 # If the repository GPG keypair doesn't exist, create it.
 if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
   echo "Generating new gpg keys"
@@ -8,6 +12,8 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then
   # If your system doesn't have a lot of entropy this may, take a long time
   # Google how-to create "artificial" entropy if this gets stuck
   gpg --batch --gen-key /opt/gpg_batch
+else
+  echo "No need to generate new gpg keys"
 fi
 
 # Export the GPG Public key
@@ -40,7 +46,7 @@ fi
 
 # Aptly looks in /root/.gnupg for default keyrings
 ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec
-ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub
+ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub 
 
 # Generate Nginx Config
 /opt/nginx.conf.sh