GnuPG(GPG)密钥创建的流程步骤
技术  /  管理员 发布于 2年前   1002
GNU Privacy Guard(GnuPG或GPG)是一种加密软件,GnuPG用于加密、数字签名及产生非对称钥匙对的软件。其他的详细信息就不过多介绍了,谷歌或百度百科上都有
进入步骤:
创建主密钥
主密钥是一个只用于创建子密钥的密钥,换言之,它只需要认证 Certify 能力,
而其他能力:
签名 Sign/ 加密 Encrypt/ 鉴权 Authenticate 则会分配给子密钥。
开始生成密钥,并选择自定能力:
gpg --full-generate-key --expert
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 8
依次输入 S 和 E 禁用对应的能力,仅保留 Certify 能力,最后输入 Q 退出:
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt
.
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
.
Your selection? S
.
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Certify Encrypt
.
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
.
Your selection? E
.
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Certify
.
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
.
Your selection? Q
输入密钥长度(可自行选择,越高越安全):
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
输入有效期(2d 两天,3w 为三周,5m 为五月,1y 为一年):
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon Aug 14 17:32:10 2023 CST
Is this correct? (y/N) y
输入信息以构建用户 ID:
GnuPG needs to construct a user ID to identify your key.
.
Real name: <这里输入你的名字>
Email address: <这里输入你的邮箱>
Comment: <留空>
You selected this USER-ID:
"<你的名字> <<你的邮箱>>"
.
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
输入密钥密码:
定位输入框中间 `Passphrase` 输密码,然后再输入一次,然后回车。
密钥生成完成:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key <你的密钥ID> marked as ultimately trusted
gpg: revocation certificate stored as '<撤销密钥保存路径>'
public and secret key created and signed.
.
pub rsa4096 2022-08-14 [C] [expires: 2023-08-14]
E08F47B250F8CB12347B2DFA11DC61840BEABCED
uid <你的名字> <<你的邮箱>>
注意:
生成完成后,建议将密钥保存到安全的位置
中英对照:
Key:密钥
Capability:能力
Certify:认证
Sign:签名
Encrypt:加密
Authenticate:鉴权
122 在
学历:一种延缓就业设计,生活需求下的权衡之选中评论 工作几年后,报名考研了,到现在还没认真学习备考,迷茫中。作为一名北漂互联网打工人..123 在
Clash for Windows作者删库跑路了,github已404中评论 按理说只要你在国内,所有的流量进出都在监控范围内,不管你怎么隐藏也没用,想搞你分..原梓番博客 在
在Laravel框架中使用模型Model分表最简单的方法中评论 好久好久都没看友情链接申请了,今天刚看,已经添加。..博主 在
佛跳墙vpn软件不会用?上不了网?佛跳墙vpn常见问题以及解决办法中评论 @1111老铁这个不行了,可以看看近期评论的其他文章..1111 在
佛跳墙vpn软件不会用?上不了网?佛跳墙vpn常见问题以及解决办法中评论 网站不能打开,博主百忙中能否发个APP下载链接,佛跳墙或极光..
Copyright·© 2019 侯体宗版权所有·
粤ICP备20027696号