GnuPG
生成密钥
# 生成新的密钥
gpg --full-gen-key
# 查看本机保存的私钥
gpg --list-secret-keys --keyid-format long
# 生成吊销证书
gpg --gen-revoke [密钥 ID] > gpg-revoke.asc
# 删除私钥
gpg --delete-secret-keys [密钥 ID]
# 删除公钥
gpg --delete-keys [密钥 ID]
管理密钥
# 打印私钥
gpg --armor --export-secret-key [密钥 ID]
# 打印公钥
gpg --armor --export [密钥 ID]
# 导出私钥
gpg --armor --export-secret-key --output private.txt [密钥 ID]
# 导出公钥
gpg --armor --export --output public.txt [密钥 ID]
备份密钥
# 密钥导出备份
gpg --export-secret-keys --export-options backup --output private.gpg [密钥 ID]
# 备份导入
gpg --import-options restore --import private.gpg
密钥使用
# 生成公钥指纹
gpg --fingerprint [密钥 ID]
子密钥
gpg --expert --edit-key [密钥 ID]
gpg-agent --daemon
gpgconf --kill all && gpgconf --launch gpg-agent
gpg-agent
# 停止服务
gpgconf kill gpg-agent
# 启动服务
gpg-agent --daemon
# 重新加载服务
gpg-connect-agent reloadagent /bye
SSH 登录
- 开启 ssh 支持
echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf
- 添加环境变量
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export GPG_TTY=$(tty)
- 查看 keygrip
gpg --list-keys --with-keygrip
- 添加 sshcontrol
echo [keygrip] >> ~/.gnupg/sshcontrol
常见 Flags 解释
sec => 'Secret key'
ssb => 'Secret SubKey'
pub => 'Public key'
sub => 'Public SubKey'
'E' = encryption
'S' = signing
'C' = certification
'A' = authentication
A # after the initial tags sec or ssb means that the secret key or subkey is currently not usable. We also say that this key has been taken offline (for example, a primary key can be taken offline by exporting the key using the command --export-secret-subkeys).
A > after these tags indicate that the key is stored on a smartcard. See also --list-keys.ref: https://www.mankier.com/1/gpg#--list-secret-keys