gpg 添加密钥 #

# Step 0
gpg --expert --full-gen-key    # or --full-generate-key


# Step 1 进入交互界面
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


# Step 2 选择密钥类型，这里选择 1 即可。
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
Your selection?


# Step 2 输入主密钥长度
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)


# Step 3 输入子密钥长度。（默认生成一个子密钥只用于加密。）
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want for the subkey? (3072)


# Step 4 输入过期时长。（未来可以随时修改过期时间）
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)


# Step 5 确认过期时间
Key does not expire at all
Is this correct? (y/N)


# Step 6 构建用户ID
GnuPG needs to construct a user ID to identify your key.

Real name:  linus    # 这里名字可以是网名，可以是任意名字
Email address: linus@outlook.com    # 这里的邮箱可以用于 Git commit 签名。如果有多个Git邮箱，则可以在未来添加user-id和对应邮箱。
Comment:     # 备注可以留空


# Step 7 确认用户ID
You selected this USER-ID:
    "linus <linust@outlook.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?


# Step 8 可以输入口令，用于保护密钥文件。
┌──────────────────────────────────────────────────────┐
│ Please enter the passphrase to                       │
│ protect your new key                                 │ 
│                                                      │
│ Passphrase: ________________________________________ │
│                                                      │
│       <OK>                              <Cancel>     │
└──────────────────────────────────────────────────────┘


# Step 9 等待生成密钥
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.


# Step 10 完成
gpg: key 05DB0F94ACFB538A marked as ultimately trusted
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D6CF870BFD5E2B817529D9E605DB0F94ACFB538A.rev'
public and secret key created and signed.

pub   rsa4096 2022-10-30 [SC]
      D6CF870BFD5E2B817529D9E605DB0F94ACFB538A      # 你的 key id
uid                      linus <linus@outlook.com>
sub   rsa3072 2022-10-30 [E]      # 这个是自动生成的用于加密的子密钥


# 以下是常见缩写释义：
A    =>    Authentication
C    =>    Certify
E    =>    Encrypt
S    =>    Sign
?    =>    Unknown capability

# Step 0
gpg --expert --edit-key linus   # user-id or keyid


# Step 1 进入交互界面
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/0x05DB0F94ACFB538A
     created: 2022-10-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa3072/0x6FABD7D15A591683
     created: 2022-10-30  expires: never       usage: E
[ultimate] (1). linus <linus@outlook.com>C


# Step 2 输入命令addkey
gpg> addkey


# Step 3 选择子密钥类型。这里可以选择 8，表示 RSA 自定义功能。
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection?


# Step 4 选择子密钥功能。若用于 ssh 登录认证，则只需保留 Authenticate 功能。
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt    # 这里显示的是当前已选择的功能列表

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection?


# Step 5 输入子密钥长度
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)


# Step 6 输入过期时长
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)


# Step 7 确认过期时间
Key does not expire at all
Is this correct? (y/N)


# Step 8 确认创建
Really create? (y/N)


# Step 9 输入主密钥口令，以进行主子密钥相互认证
┌────────────────────────────────────────────────────────────────┐
│ Please enter the passphrase to unlock the OpenPGP secret key:  │
│ "linus <linus@outlook.com>"                                    │
│ 4096-bit RSA key, ID 0x05DB0F94ACFB538A,                       │
│ created 2022-10-30.                                            │
│                                                                │
│                                                                │
│ Passphrase: __________________________________________________ │
│                                                                │
│         <OK>                                    <Cancel>       │
└────────────────────────────────────────────────────────────────┘


# Step 10 完成
sec  rsa4096/0x05DB0F94ACFB538A
     created: 2022-10-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa3072/0x6FABD7D15A591683
     created: 2022-10-30  expires: never       usage: E
ssb  rsa3072/0xBCFF5460DD4F3110
     created: 2022-10-30  expires: never       usage: A
[ultimate] (1). linus <linus@outlook.com>