文章目錄
- 系統環境
- GPG KEY生成操作
- 常用指令
- GPG簽名Commit
系統環境
本次作業系統是Ubuntu 18.04。
GPG在不同OS上有不同的安裝程式。
GPG KEY生成操作
- 根據OS選擇安裝GPG。若系統中已經安裝了
,那麼可以使用gpg2
指令取代gpg2
。Ubuntu下gpg
是自帶的程式,也可以安裝gpg
。gpg2
- 使用以下指令來建立 公鑰/私鑰。
在mac等系統上,指令可能是$ gpg2 --full-gen-key
。gpg2 --gen-key
- 第一個需要選擇的是生成key類型,選擇好後點選Enter。
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1
- 接着需要确定生成key的長度。
選擇輸入RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096
,後Enter。4096
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits
- 再來确認key有效時間,選擇 設定永久有效。
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all
- 最後确認前面的步驟是否準确。
輸入Is this correct? (y/N) y
确認。y
- 下來就開始輸入相關的使用者,郵件資訊等。
輸入GnuPG needs to construct a user ID to identify your key. Real name: nn Email address: [email protected] Comment: You selected this USER-ID: "nn <[email protected]>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
o
,點選Enter。
在彈出的密碼輸入框中輸入key對應的密碼,最後确認後可看到生成的資訊。
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: key 79B54CD55FCCE768 marked as ultimately trusted gpg: revocation certificate stored as '/home/nn/.gnupg/openpgp-revocs.d/FF397A0475296E3914987EE879B54CD55FCCE768.rev' public and secret key created and signed. pub rsa4096 2020-08-27 [SC] FF397A0475296E3914987EE879B54CD55FCCE768 uid nn <[email protected]> sub rsa4096 2020-08-27 [E]
-
使用如下指令檢視GPG私鑰。
其中 <your_email> 使用 [email protected] 替換。
gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u sec rsa4096/79B54CD55FCCE768 2020-08-27 [SC] FF397A0475296E3914987EE879B54CD55FCCE768 uid [ultimate] nn <[email protected]> ssb rsa4096/D75D370A832C22A1 2020-08-27 [E]
開頭的行上,sec
後是私鑰id即keyId,這裡的就是/
。79B54CD55FCCE768
- 使用上步的keyId檢視公鑰key。
得到的結果類似如下:gpg2 --armor --export 79B54CD55FCCE768
這樣GPG KEY就生成了。
常用指令
- 列舉GPG keys。
後邊的$ gpg2 --list-secret-keys --keyid-format short
也可以選擇替換為short
。long
這顯示的是/home/nicholas/.gnupg/pubring.kbx --------------------------------- sec rsa4096/3CF8D791AB81AE55 2020-08-26 [SC] A598B8F2448C8B19C2ECF7803CF8D791AB81AE55 uid [ultimate] nn <[email protected]> ssb rsa4096/A0B38A3FA93702EB 2020-08-26 [E] sec rsa4096/79B54CD55FCCE768 2020-08-27 [SC] FF397A0475296E3914987EE879B54CD55FCCE768 uid [ultimate] nn <[email protected]> ssb rsa4096/D75D370A832C22A1 2020-08-27 [E]
格式顯示的keys。short
- 導出秘鑰到
格式檔案。.gpg
$ gpg2 --export-secret-key <KEY_ID> > ~/.gnupg/secring.gpg
-
删除gpg key。
這裡<KEY_ID>使用列舉的keyId值
。79B54CD55FCCE768
$ gpg2 --delete-secret-key 79B54CD55FCCE768
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. sec rsa4096/79B54CD55FCCE768 2020-08-27 nn <[email protected]> Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y
GPG簽名Commit
在生成GPG KEY後,若使用的是gitlab,可以在 User Settings 中 GPG Keys 内添加生成的公鑰KEY。
- 在GIT配置中進行配置。
其中$ git config --global user.signingkey 79B54CD55FCCE768
是KEY_ID。79B54CD55FCCE768
- (可選)如果在gpg key過程中出現了提示 gpg: signing failed等錯誤提示消息,改用
。gpg2
$ git config --global gpg.program gpg2
-
簽名commit。
要對某筆commit進行簽名,可以在commit指令中添加
-S
标記。
若不想每次送出都添加
,則進行全局配置。-S