跳转到主要内容

GnuPG

生成密钥

# 生成新的密钥
gpg --full-gen-key

# 查看本机保存的私钥
gpg --list-secret-keys --keyid-format long

# 生成吊销证书
gpg --gen-revoke [密钥 ID] > gpg-revoke.asc

# 删除私钥
gpg --delete-secret-keys [密钥 ID]

# 删除公钥
gpg --delete-keys [密钥 ID]

管理密钥

# 打印私钥
gpg --armor --export-secret-key [密钥 ID]

# 打印公钥
gpg --armor --export [密钥 ID]

# 导出私钥
gpg --armor --export-secret-key --output private.txt [密钥 ID]

# 导出公钥
gpg --armor --export --output public.txt [密钥 ID]

备份密钥

# 密钥导出备份
gpg --export-secret-keys --export-options backup --output private.gpg [密钥 ID]

# 备份导入
gpg --import-options restore --import private.gpg

密钥使用

# 生成公钥指纹
gpg --fingerprint [密钥 ID]

子密钥

gpg --expert --edit-key [密钥 ID]
gpg-agent --daemon
gpgconf --kill all && gpgconf --launch gpg-agent

gpg-agent

# 停止服务
gpgconf kill gpg-agent
# 启动服务
gpg-agent --daemon
# 重新加载服务
gpg-connect-agent reloadagent /bye

SSH 登录

  1. 开启 ssh 支持
echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf
  1. 添加环境变量
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export GPG_TTY=$(tty)
  1. 查看 keygrip
gpg --list-keys --with-keygrip
  1. 添加 sshcontrol
echo [keygrip] >> ~/.gnupg/sshcontrol

常见 Flags 解释

sec => 'SECret key'
ssb => 'Secret SuBkey'
pub => 'PUBlic key'
sub => 'public SUBkey'

'E' = encryption
'S' = signing
'C' = certification
'A' = authentication

A # after the initial tags sec or ssb means that the secret key or subkey is currently not usable. We also say that this key has been taken offline (for example, a primary key can be taken offline by exporting the key using the command --export-secret-subkeys).
A > after these tags indicate that the key is stored on a smartcard. See also --list-keys.

ref: https://www.mankier.com/1/gpg#--list-secret-keys