-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
542 lines (332 loc) · 63.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
<meta name="browsermode" content="application">
<meta name="apple-touch-fullscreen" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-title" content="INX">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<meta name="msapplication-navbutton-color" content="#666666">
<meta name= "format-detection" content="telephone=no" />
<meta name="subtitle" content="the dotINX">
<link rel="apple-touch-startup-image" media="(device-width: 375px)" href="assets/apple-launch-1125x2436.png">
<link rel="apple-touch-startup-image" media="(orientation: landscape)" href="assets/apple-touch-startup-image-2048x1496.png">
<link rel="stylesheet" href="/style/style.css">
<script>
var nlviconfig = {
title: "INX",
author: "inx",
baseUrl: "/",
theme: {
scheme: "banderole",
lightbox: true,
animate: true,
search: true,
friends: false,
reward: false,
pjax: false,
lazy: false,
toc: true
}
}
</script>
<link rel="stylesheet" href="/script/lib/lightbox/css/lightbox.min.css">
<link rel="stylesheet" href="/syuanpi/syuanpi.min.css">
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-BZJJNPXPY4"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-BZJJNPXPY4');
</script>
<style>
@font-face {
font-family: "Allura";
src: url('/font/allura/allura.ttf');
}
</style>
<title>
INX
| the dotINX
</title>
<meta name="generator" content="Hexo 7.1.1"></head>
<body>
<div class="container">
<header class="header" id="header">
<div class="header-wrapper">
<div class="logo">
<div class="logo-inner syuanpi tvIn" style="display:none;">
<h1><a href="/">INX</a></h1>
<span id="subtitle">the dotINX</span>
</div>
</div>
<nav class="main-nav">
<ul class="main-nav-list syuanpi tvIn">
<li class="menu-item">
<a href="javascript:;" id="search-btn" aria-label="Search">
<i class="iconfont icon-search"></i>
</a>
</li>
<li class="menu-item">
<a href="/" id="article">
<span class="base-name">
ARTICLE
</span>
</a>
</li>
<li class="menu-item">
<a href="/archives" id="archives">
<span class="base-name">
ARCHIVES
</span>
</a>
</li>
<li class="menu-item">
<a href="javascript:;" id="tags">
<span class="base-name">
TAGS
</span>
</a>
</li>
<li class="menu-item">
<a href="/about" id="about">
<span class="base-name">
ABOUT
</span>
</a>
</li>
</ul>
</nav>
</div>
</header>
<div class="mobile-header" id="mobile-header">
<div class="mobile-header-nav">
<div class="mobile-header-item" id="mobile-left">
<div class="header-menu-item">
<div class="header-menu-line"></div>
</div>
</div>
<h1 class="mobile-header-title">
<a href="/">INX</a>
</h1>
<div class="mobile-header-item"></div>
</div>
<div class="mobile-header-body">
<ul class="mobile-header-list">
<li class="mobile-nav-item syuanpi fadeInRightShort back-0">
<a href="/" >
ARTICLE
</a>
</li>
<li class="mobile-nav-item syuanpi fadeInRightShort back-1">
<a href="/archives" >
ARCHIVES
</a>
</li>
<li class="mobile-nav-item syuanpi fadeInRightShort back-2">
<a href="javascript:;" id="mobile-tags">
TAGS
</a>
</li>
<li class="mobile-nav-item syuanpi fadeInRightShort back-3">
<a href="/about" >
ABOUT
</a>
</li>
</ul>
</div>
</div>
<div class="container-inner" style="display:none;">
<main class="main" id="main">
<div class="main-wrapper">
<section class="posts">
<article class="
post
">
<header class="post-header">
<div class="post-time syuanpi fadeInRightShort back-1">
<div class="post-time-wrapper">
<time>2024-11-30</time>
</div>
</div>
<h1 class="post-title syuanpi fadeInRightShort back-2">
<a href="/2024/11/30/gnupg-2024/">(WIP) 在2024年入门你的 GnuPG</a>
</h1>
</header>
<div class="post-content syuanpi fadeInRightShort back-3">
<blockquote>
<p>请注意,本文章尚未完工且处于写作的初期阶段,因此本博客不对内容的连续性存在保证。<br>(话说都 5202 年了马上怎么还在写2024年的入门啊喂!</p>
</blockquote>
<p>虽然我个人对 GPG 的了解大抵是始于2020年时出于好奇接触到了 GPG,并成功的被 Kleopatra 那复杂的界面吸引。但是在2024年之前我对于 PGP 的理解都停留在玩具层面上,在详细的入门了 GnuPG 后,写下了这篇文章。</p>
<h2 id="概念"><a href="#概念" class="headerlink" title="概念"></a>概念</h2><p>在 PGP(Pretty Good Privacy)中,存在<code>公钥->私钥A[认证、签名]、私钥B[加密]、密钥C...</code>的关系。需要注意的是,由于这个体系不可避免的在 RSA 等非对称的加密算法,或是 Curve25519 等签名算法的基础上进行了拓展来实现高级功能,所以这里的名词与非对称加密的名词有出入。读者可以在实践中自行揣摩他们应有的意思,但是在这里,让我们暂时的忘记大部分密码学的内容,光记住<code>公钥是可以公开的,私钥是必须保密的</code>的原则,继续向下看。</p>
<h2 id="预先准备"><a href="#预先准备" class="headerlink" title="预先准备"></a>预先准备</h2><p>如果你希望正式的实战的话,作者在这里推荐 <a target="_blank" rel="noopener" href="https://tails.net/">Tails</a> 作为你安装的系统。当然了,如果你还需要热热身,也可以使用其他的系统。具体如何使用 Tails 实战,我们将在文章最后讲解。</p>
<p>首先,让我们确认一下系统。如果你是 Windows 操作系统的话,只需要下载并安装 <a target="_blank" rel="noopener" href="https://www.gpg4win.org/">Gpg4win</a> 就好了,因为作者并不建议你使用 Windows 在正式的实战环节,所以默认的配置一路 Next 就可以了。安装好后,执行 <code>gpg --version</code> ,如果输出的内容和下面的大差不差,那么就说明你的操作并无异常。</p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">PS</span> C:\Users\apple> gpg <span class="literal">--version</span></span><br><span class="line">gpg (GnuPG) <span class="number">2.4</span>.<span class="number">7</span></span><br><span class="line">libgcrypt <span class="number">1.11</span>.<span class="number">0</span></span><br><span class="line">Copyright (C) <span class="number">2024</span> g10 Code GmbH</span><br><span class="line">License GNU GPL<span class="literal">-3</span>.<span class="number">0</span><span class="operator">-or</span><span class="literal">-later</span> <https://gnu.org/licenses/gpl.html></span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">Home: C:\Users\apple\AppData\Roaming\gnupg</span><br><span class="line">Supported algorithms:</span><br><span class="line">Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA</span><br><span class="line">Cipher: IDEA, <span class="number">3</span>DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,</span><br><span class="line"> CAMELLIA128, CAMELLIA192, CAMELLIA256</span><br><span class="line">Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224</span><br><span class="line">Compression: Uncompressed, ZIP, ZLIB, BZIP2</span><br></pre></td></tr></table></figure>
<p>那么,如果你是 Linux 系统,你的系统如果是由社区维护的,那么大概率已经带有了一个 GnuPG,因为你的包管理器需要它来实现对软件包的信任。对每个系统如何安装,在此就不多赘述了,总之,安装完成后,执行 <code>gpg --version</code> ,如果和下面的大差不差,也说明你成功安装了 GnuPG。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~$ gpg --version</span><br><span class="line">gpg (GnuPG) 2.2.27</span><br><span class="line">libgcrypt 1.9.4</span><br><span class="line">Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html></span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">Home: /home/apple/.gnupg</span><br><span class="line">Supported algorithms:</span><br><span class="line">Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA</span><br><span class="line">Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,</span><br><span class="line"> CAMELLIA128, CAMELLIA192, CAMELLIA256</span><br><span class="line">Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224</span><br><span class="line">Compression: Uncompressed, ZIP, ZLIB, BZIP2</span><br></pre></td></tr></table></figure>
<h2 id="创建你的密钥"><a href="#创建你的密钥" class="headerlink" title="创建你的密钥"></a>创建你的密钥</h2><p>首先,我们在安装了<code>GnuPG</code>后,它并不会给你创建你的密钥对。我们需要执行<code>gpg --full-gen-key</code>来创建我们的密钥对。具体步骤见下。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~$ gpg --full-gen-key <span class="comment"># Step 0,键入命令</span></span><br><span class="line">gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">Please <span class="keyword">select</span> what kind of key you want:</span><br><span class="line"> (1) RSA and RSA (default)</span><br><span class="line"> (2) DSA and Elgamal</span><br><span class="line"> (3) DSA (sign only)</span><br><span class="line"> (4) RSA (sign only)</span><br><span class="line"> (14) Existing key from card</span><br><span class="line">Your selection? 1 <span class="comment">#Step 1,输入数字选择密钥类型,我们选择最广泛的 RSA</span></span><br><span class="line">RSA keys may be between 1024 and 4096 bits long.</span><br><span class="line">What keysize <span class="keyword">do</span> you want? (3072) 4096 <span class="comment">#Step 2,输入 RSA 密钥长度,我们直接拉满</span></span><br><span class="line">Requested keysize is 4096 bits</span><br><span class="line">Please specify how long the key should be valid.</span><br><span class="line"> 0 = key does not expire</span><br><span class="line"> <n> = key expires <span class="keyword">in</span> n days</span><br><span class="line"> <n>w = key expires <span class="keyword">in</span> n weeks</span><br><span class="line"> <n>m = key expires <span class="keyword">in</span> n months</span><br><span class="line"> <n>y = key expires <span class="keyword">in</span> n years</span><br><span class="line">Key is valid <span class="keyword">for</span>? (0) 10y <span class="comment">#Step 3,输入密钥过期时间,因为只要过期前我们就能修改过期时间,所以设置一个不会忽略掉的时间就可以,这里我偷懒写了10年</span></span><br><span class="line">Key expires at Tue Nov 28 02:09:38 2034 CST</span><br><span class="line">Is this correct? (y/N) y <span class="comment">#Step 4,如果上面没输错的话,这里写y表示正确</span></span><br><span class="line"></span><br><span class="line">GnuPG needs to construct a user ID to identify your key.</span><br><span class="line"></span><br><span class="line">Real name: INXINX <span class="comment">#Step 5,这里写你的名字,可以真名可以网名,如果要上传 Keyserver 建议慎重考虑是否要自己透露真名。注意:不同于 Kleopatra,这里必须是5字符以上的名字。</span></span><br><span class="line">Email address: [email protected] <span class="comment">#Step 6,这里写你的邮箱,可以真的可以假的,如果要上传 Keyserver 建议慎重考虑是否需要透露真实邮箱。如果是 GitHub 使用的话,可以选择后期添加 UID,也可以这里写真实邮箱。</span></span><br><span class="line">Comment: <span class="comment">#Step 7,备注,可以不填</span></span><br><span class="line">You selected this USER-ID:</span><br><span class="line"> <span class="string">"INXINX <[email protected]>"</span></span><br><span class="line"></span><br><span class="line">Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o <span class="comment">#Step 8,前面没写错就填o,这里会让你创建密码,请一定记住,不可以调过。</span></span><br><span class="line"><span class="comment">#Step 9,这里如果你是桌面发行版就随机大幅度晃鼠标,如果是命令行就随机扣键盘,总之就是为系统随机源增加额外的熵来更安全、也更快的生成私钥</span></span><br><span class="line">We need to generate a lot of random bytes. It is a good idea to perform</span><br><span class="line">some other action (<span class="built_in">type</span> on the keyboard, move the mouse, utilize the</span><br><span class="line">disks) during the prime generation; this gives the random number</span><br><span class="line">generator a better chance to gain enough entropy.</span><br><span class="line">We need to generate a lot of random bytes. It is a good idea to perform</span><br><span class="line">some other action (<span class="built_in">type</span> on the keyboard, move the mouse, utilize the</span><br><span class="line">disks) during the prime generation; this gives the random number</span><br><span class="line">generator a better chance to gain enough entropy.</span><br><span class="line">gpg: /home/apple/.gnupg/trustdb.gpg: trustdb created</span><br><span class="line">gpg: key 21E0EC557D72FA40 marked as ultimately trusted</span><br><span class="line">gpg: directory <span class="string">'/home/apple/.gnupg/openpgp-revocs.d'</span> created</span><br><span class="line">gpg: revocation certificate stored as <span class="string">'/home/apple/.gnupg/openpgp-revocs.d/A707BC2D981BF018B66B62A021E0EC557D72FA40.rev'</span></span><br><span class="line">public and secret key created and signed.</span><br><span class="line"></span><br><span class="line">pub rsa4096 2024-11-29 [SC] [expires: 2034-11-27]</span><br><span class="line"> A707BC2D981BF018B66B62A021E0EC557D72FA40</span><br><span class="line">uid INXINX <[email protected]></span><br><span class="line">sub rsa4096 2024-11-29 [E] [expires: 2034-11-27]</span><br></pre></td></tr></table></figure>
<p>最后,我们它告诉我们我们的信息,下面是常用的缩写,摘自<a target="_blank" rel="noopener" href="https://ulyc.github.io/2021/01/13/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%8A/">C的博客</a>。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">A => Authentication</span><br><span class="line">C => Certify</span><br><span class="line">E => Encrypt</span><br><span class="line">S => Sign</span><br><span class="line">? => Unknown capability</span><br><span class="line">sec => Secret Key</span><br><span class="line">ssb => Secret SuBkey</span><br><span class="line">pub => Public Key</span><br><span class="line">sub => Public Subkey</span><br></pre></td></tr></table></figure>
<h2 id="创建子密钥"><a href="#创建子密钥" class="headerlink" title="创建子密钥"></a>创建子密钥</h2><p>具有<code>Certify</code>属性的密钥是十分重要的,由它控制着整个公钥的各个密钥。由于其地位过于高,我们更推荐使用更容易吊销的子密钥,而不是只能随着整个公钥一起吊销的具有 Certify 的密钥进行签名(<code>Signature</code>)。</p>
<p>那么让我们来添加子密钥,添加子密钥需要进入密钥库的交互界面<code>gpg --edit-key <部分名字或最少末8位指纹></code>在这里,指纹指的是你的具有<code>Certify</code>属性的密钥(主密钥)的公钥。需要注意的是只要你提供的名字或指纹<strong>末尾</strong>能够唯一匹配你的 GPG 公钥,就可以成功进入交互界面。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~$ gpg --edit-key 7D72FA40 <span class="comment">#Step 0, 进入交互模式</span></span><br><span class="line">gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">Secret key is available.</span><br><span class="line"></span><br><span class="line">sec rsa4096/21E0EC557D72FA40</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: SC</span><br><span class="line"> trust: ultimate validity: ultimate</span><br><span class="line">ssb rsa4096/C02468B357B3AD0E</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: E</span><br><span class="line">[ultimate] (1). INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">gpg> addkey <span class="comment">#Step 1, 为密钥对添加子密钥</span></span><br><span class="line">Please <span class="keyword">select</span> what kind of key you want:</span><br><span class="line"> (3) DSA (sign only)</span><br><span class="line"> (4) RSA (sign only)</span><br><span class="line"> (5) Elgamal (encrypt only)</span><br><span class="line"> (6) RSA (encrypt only)</span><br><span class="line"> (14) Existing key from card</span><br><span class="line">Your selection? 4 <span class="comment">#Setp 2, 这里,我们添加一个适用于签名(S)的 RSA 子密钥</span></span><br><span class="line">RSA keys may be between 1024 and 4096 bits long.</span><br><span class="line">What keysize <span class="keyword">do</span> you want? (3072) <span class="comment">#Step 3, 这里,由于是 RSA 密钥,需要输入密钥长度,这里可以直接回车选择默认的长度,也可以输入一个1024到4096中间的数(比如2048)来创建不同长度的子密钥</span></span><br><span class="line">Requested keysize is 3072 bits</span><br><span class="line">Please specify how long the key should be valid.</span><br><span class="line"> 0 = key does not expire</span><br><span class="line"> <n> = key expires <span class="keyword">in</span> n days</span><br><span class="line"> <n>w = key expires <span class="keyword">in</span> n weeks</span><br><span class="line"> <n>m = key expires <span class="keyword">in</span> n months</span><br><span class="line"> <n>y = key expires <span class="keyword">in</span> n years</span><br><span class="line">Key is valid <span class="keyword">for</span>? (0) 3y <span class="comment">#Step 4, 这里是输入子密钥的过期时间,按情况输入即可,后续可以修改</span></span><br><span class="line">Key expires at Tue Nov 30 15:14:36 2027 CST</span><br><span class="line">Is this correct? (y/N) y <span class="comment">#Step 5, 如果信息没错的话就输入 y 然后回车</span></span><br><span class="line">Really create? (y/N) y <span class="comment">#Step 6, 确认是否创建,确认的话输入 y 然后回车,会提示你输入密钥库的密码。</span></span><br><span class="line">We need to generate a lot of random bytes. It is a good idea to perform</span><br><span class="line">some other action (<span class="built_in">type</span> on the keyboard, move the mouse, utilize the</span><br><span class="line">disks) during the prime generation; this gives the random number</span><br><span class="line">generator a better chance to gain enough entropy.</span><br><span class="line"></span><br><span class="line">sec rsa4096/21E0EC557D72FA40</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: SC</span><br><span class="line"> trust: ultimate validity: ultimate</span><br><span class="line">ssb rsa4096/C02468B357B3AD0E</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: E</span><br><span class="line">ssb rsa3072/AFF13A388E7B909B</span><br><span class="line"> created: 2024-11-30 expires: 2027-11-30 usage: S</span><br><span class="line">[ultimate] (1). INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">gpg> save <span class="comment">#Step 7, 记得修改完成后不要手快 Ctrl+C 或者 q 退出,记得保存,不然你的操作不会保存</span></span><br><span class="line">apple@centos:~$</span><br></pre></td></tr></table></figure>
<p>读者可以自行创建另一个用于加密(<code>E</code>)的密钥来试手。</p>
<h2 id="创建吊销证书"><a href="#创建吊销证书" class="headerlink" title="创建吊销证书"></a>创建吊销证书</h2><blockquote>
<p>假如你忘了主密钥的密码,或者丢失了对主密钥的控制权(丢失,被夺取),如果没有撤销凭证的话, 除了一个个通知你的朋友们没有任何办法 证明你不再使用这个密钥,这简直是灾难。</p>
</blockquote>
<p>吊销证书,可以在发布公钥后吊销你的整个公钥,建议多备份一份防止让别人有可乘之机。创建吊销证书的方法是使用 <code>gpg --gen-revoke -ao <保存吊销证书的文件名> <部分名字或最少8位末指纹></code>。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg --gen-revoke -ao revoke.pgp INX <span class="comment">#Step 0, 创建吊销证书,在这里我使用部分名字来做示范</span></span><br><span class="line"></span><br><span class="line">sec rsa4096/21E0EC557D72FA40 2024-11-29 INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">Create a revocation certificate <span class="keyword">for</span> this key? (y/N) y <span class="comment">#Step 1, 输入 y 确认创建吊销证书</span></span><br><span class="line">Please <span class="keyword">select</span> the reason <span class="keyword">for</span> the revocation: <span class="comment"># 在下面我会给这五个选项逐一翻译</span></span><br><span class="line"> 0 = No reason specified <span class="comment"># 没有标注理由</span></span><br><span class="line"> 1 = Key has been compromised <span class="comment"># 密钥已被泄漏</span></span><br><span class="line"> 2 = Key is superseded <span class="comment"># 密钥已被取代</span></span><br><span class="line"> 3 = Key is no longer used <span class="comment"># 密钥不再使用</span></span><br><span class="line"> Q = Cancel <span class="comment"># 退出创建流程</span></span><br><span class="line">(Probably you want to <span class="keyword">select</span> 1 here)</span><br><span class="line">Your decision? 3 <span class="comment">#Step 2, 选择你的原因,我们这里选择3,密钥不再使用</span></span><br><span class="line">Enter an optional description; end it with an empty line:</span><br><span class="line">> <span class="comment">#Step 3, 输入额外的说明,可以不填直接回车</span></span><br><span class="line">Reason <span class="keyword">for</span> revocation: Key is no longer used</span><br><span class="line">(No description given)</span><br><span class="line">Is this okay? (y/N) y <span class="comment">#Step 4, 确认创建吊销证书</span></span><br><span class="line">Revocation certificate created.</span><br><span class="line"></span><br><span class="line">Please move it to a medium <span class="built_in">which</span> you can hide away; <span class="keyword">if</span> Mallory gets</span><br><span class="line">access to this certificate he can use it to make your key unusable.</span><br><span class="line">It is smart to <span class="built_in">print</span> this certificate and store it away, just <span class="keyword">in</span> <span class="keyword">case</span></span><br><span class="line">your media become unreadable. But have some caution: The <span class="built_in">print</span> system of</span><br><span class="line">your machine might store the data and make it available to others!</span><br></pre></td></tr></table></figure>
<p>现在我们就有了一张吊销证书了。</p>
<h2 id="备份你的密钥"><a href="#备份你的密钥" class="headerlink" title="备份你的密钥"></a>备份你的密钥</h2><p>因为现在密钥仅存在了电脑的用户的密钥库中,重装系统就会丢失,而且甚至是仅仅通过你设定的密钥就能解密。我们将其备份出来,保存在自己的其他加密设备上(最简单的方式就是打一个没有目录信息的加密压缩包)。</p>
<h3 id="备份公钥"><a href="#备份公钥" class="headerlink" title="备份公钥"></a>备份公钥</h3><p>每次对密钥进行操作本质上都会操作你的公钥,为了使我们导出的每一个私钥相互关联,我们先导出公钥。</p>
<p>使用<code>gpg -ao <保存公钥的文件名> --export <部分名字或最少8位末指纹></code>导出你的公钥信息,这个文件并不会包含你的隐私信息,因此是可以安全传播的。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg -ao public_key --<span class="built_in">export</span> INXINX <span class="comment"># 导出公钥,这里我们使用了用户真名全名进行操作</span></span><br><span class="line">apple@centos:~/gpg-tutorial$ <span class="built_in">ls</span></span><br><span class="line">public_key revoke.pgp</span><br></pre></td></tr></table></figure>
<p>需要注意如果你的账户全名带有空格,需要使用<code>\ </code>进行空格的转义或者使用双引号将字符串包裹起来。例如,我们这里有一个真名叫做<code>INX Fung Example</code>的密钥。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~$ gpg -ao p_ex --<span class="built_in">export</span> INX\ Fung\ Example</span><br><span class="line">apple@centos:~$ gpg -ao p_ex_str --<span class="built_in">export</span> <span class="string">"INX Fung Example"</span></span><br><span class="line">apple@centos:~$ <span class="built_in">ls</span></span><br><span class="line">p_ex p_ex_str</span><br></pre></td></tr></table></figure>
<h3 id="备份私钥"><a href="#备份私钥" class="headerlink" title="备份私钥"></a>备份私钥</h3><p>首先,我们使用<code>gpg --fingerprint -K --keyid-format long</code>列出全部密钥来。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg --fingerprint -K --keyid-format long</span><br><span class="line">/home/apple/.gnupg/pubring.kbx</span><br><span class="line">------------------------------</span><br><span class="line">sec rsa4096/21E0EC557D72FA40 2024-11-29 [SC] [expires: 2034-11-27]</span><br><span class="line"> Key fingerprint = A707 BC2D 981B F018 B66B 62A0 21E0 EC55 7D72 FA40</span><br><span class="line">uid [ultimate] INXINX <[email protected]></span><br><span class="line">ssb rsa4096/C02468B357B3AD0E 2024-11-29 [E] [expires: 2034-11-27]</span><br><span class="line">ssb rsa3072/AFF13A388E7B909B 2024-11-30 [S] [expires: 2027-11-30]</span><br></pre></td></tr></table></figure>
<p>我们需要逐个导出每一个私钥,请注意,在这里我们的私钥需要使用各个<code>sec</code>或<code>ssb</code>的指纹来指定,也就是<code>算法/</code>后面的十六进制串,导出单个私钥的命令为<code>gpg -ao <存储私钥的文件名> --export-secret-key <对应密钥的公钥指纹>!</code>(注意末尾的感叹号,否则会导出全部的子密钥的私钥)。在这个例子中,我们需要执行如下的内容。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg -ao inxinx-seckey --export-secret-key 21E0EC557D72FA40!</span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg -ao inxinx-enckey --export-secret-key C02468B357B3AD0E!</span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg -ao inxinx-sgnkey --export-secret-key AFF13A388E7B909B!</span><br><span class="line">apple@centos:~/gpg-tutorial$ <span class="comment">#需要注意,每次回车后都会要求你输入密钥对的密码。</span></span><br></pre></td></tr></table></figure>
<p>成功后,你的密钥就已经成功导出了。</p>
<h2 id="删除机器上的密钥"><a href="#删除机器上的密钥" class="headerlink" title="删除机器上的密钥"></a>删除机器上的密钥</h2><p>安全期间,我不建议你把你的主密钥放在一个能接触互联网的环境下,当然这是实战环节的内容。在这里,我们可以通过删除密钥、再次导入密钥的方式来练习基本的 GnuPG 操作。</p>
<h3 id="删除私钥"><a href="#删除私钥" class="headerlink" title="删除私钥"></a>删除私钥</h3><p>删除私钥的命令是<code>gpg --delete-secret-keys <部分名字或主密钥、子密钥最少8位末指纹></code>。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg --delete-secret-keys INXINX <span class="comment">#Step 0, 删除私钥</span></span><br><span class="line">gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">sec rsa4096/21E0EC557D72FA40 2024-11-29 INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">Delete this key from the keyring? (y/N) y <span class="comment">#Step 1, 确认</span></span><br><span class="line">This is a secret key! - really delete? (y/N) y <span class="comment">#Step 2, 再次确认是否删除,回车后会提示删除哪些密钥</span></span><br></pre></td></tr></table></figure>
<p>需要注意,删除私钥并不彻底。</p>
<blockquote>
<p>由于gpg生成的私钥会在你的磁盘上使用明文储存,所以一个单独的 <code>rm</code> 或者右键删除 并不能彻底删除掉,可以使用 wipe 工具。如果你使用的是 SSD 且没有 启用全盘加密,是没法彻底删除的。</p>
</blockquote>
<p>在实战环节中我将会详细的讲述如何规避此问题。</p>
<h3 id="删除公钥"><a href="#删除公钥" class="headerlink" title="删除公钥"></a>删除公钥</h3><p>删除私钥的命令是<code>gpg --delete-keys <部分名字或最少8位末指纹></code>。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg --delete-keys INX <span class="comment">#Step 0, 删除密钥</span></span><br><span class="line">gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">pub rsa4096/21E0EC557D72FA40 2024-11-29 INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">Delete this key from the keyring? (y/N) y <span class="comment">#Step 1, 确认删除</span></span><br></pre></td></tr></table></figure>
<p>你可能会好奇,为什么需要先介绍删除私钥而非公钥。原因在于,如果先行删除公钥的话,实际上并不能成功删除,报错见下。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg --delete-keys INX <span class="comment"># 删除公钥</span></span><br><span class="line">gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">gpg: there is a secret key <span class="keyword">for</span> public key <span class="string">"INX"</span>!</span><br><span class="line">gpg: use option <span class="string">"--delete-secret-keys"</span> to delete it first.</span><br></pre></td></tr></table></figure>
<p>它会提示我们,这里尚存私钥,需要先删除私钥。</p>
<h3 id="同时删去公钥和私钥"><a href="#同时删去公钥和私钥" class="headerlink" title="同时删去公钥和私钥"></a>同时删去公钥和私钥</h3><p>实际上,<code>GnuPG</code>存在一个同时删去公钥和私钥的参数<code>--delete-secret-and-public-keys</code>。因此我们可以快速的同时删去两者</p>
<h2 id="导入密钥"><a href="#导入密钥" class="headerlink" title="导入密钥"></a>导入密钥</h2><p>导入密钥不仅可以导入公钥,也可以导入私钥。需要注意的是单独导入私钥无法体现完整的密钥关系,导入公钥方可搭建其密钥的框架来。</p>
<p>具体的导入命令为 <code>gpg --import <文件名></code>。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg --import inxinx-seckey <span class="comment">#Example 1, 单独导入私钥,会要求输入密码</span></span><br><span class="line">gpg: key 21E0EC557D72FA40: public key <span class="string">"INXINX <[email protected]>"</span> imported</span><br><span class="line">gpg: key 21E0EC557D72FA40: secret key imported</span><br><span class="line">gpg: Total number processed: 1</span><br><span class="line">gpg: imported: 1</span><br><span class="line">gpg: secret keys <span class="built_in">read</span>: 1</span><br><span class="line">gpg: secret keys imported: 1</span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg -k <span class="comment"># 查看当前密钥库状态</span></span><br><span class="line">gpg: checking the trustdb</span><br><span class="line">gpg: no ultimately trusted keys found</span><br><span class="line">/home/apple/.gnupg/pubring.kbx</span><br><span class="line">------------------------------</span><br><span class="line">pub rsa4096 2024-11-29 [SC] [expires: 2034-11-27]</span><br><span class="line"> A707BC2D981BF018B66B62A021E0EC557D72FA40</span><br><span class="line">uid [ unknown] INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg --import public_key <span class="comment">#Example 2, 导入公钥</span></span><br><span class="line">gpg: key 21E0EC557D72FA40: <span class="string">"INXINX <[email protected]>"</span> 2 new signatures</span><br><span class="line">gpg: key 21E0EC557D72FA40: <span class="string">"INXINX <[email protected]>"</span> 2 new subkeys</span><br><span class="line">gpg: Total number processed: 1</span><br><span class="line">gpg: new subkeys: 2</span><br><span class="line">gpg: new signatures: 2</span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg -k <span class="comment"># 查看当前密钥库状态,不展示私钥状况</span></span><br><span class="line">/home/apple/.gnupg/pubring.kbx</span><br><span class="line">------------------------------</span><br><span class="line">pub rsa4096 2024-11-29 [SC] [expires: 2034-11-27]</span><br><span class="line"> A707BC2D981BF018B66B62A021E0EC557D72FA40</span><br><span class="line">uid [ unknown] INXINX <[email protected]></span><br><span class="line">sub rsa4096 2024-11-29 [E] [expires: 2034-11-27]</span><br><span class="line">sub rsa3072 2024-11-30 [S] [expires: 2027-11-30]</span><br><span class="line"></span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg -K <span class="comment"># 查看当前密钥库状态,展示私钥状况。其中带有#的项目代表缺少对应的私钥</span></span><br><span class="line">/home/apple/.gnupg/pubring.kbx</span><br><span class="line">------------------------------</span><br><span class="line">sec rsa4096 2024-11-29 [SC] [expires: 2034-11-27]</span><br><span class="line"> A707BC2D981BF018B66B62A021E0EC557D72FA40</span><br><span class="line">uid [ unknown] INXINX <[email protected]></span><br><span class="line">ssb<span class="comment"># rsa4096 2024-11-29 [E] [expires: 2034-11-27]</span></span><br><span class="line">ssb<span class="comment"># rsa3072 2024-11-30 [S] [expires: 2027-11-30]</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>
<p>读者可以自行尝试删除、导入密钥试手。</p>
<p>需要注意,有时导入私钥会遇到报错无法正常导入,此时加入参数<code>--allow-secret-key-import</code>尝试,若仍无法导入,可以试试删去<code>.gnupg</code>文件夹(<strong>这是十分危险的操作,请在操作前至少进行一次备份,并清楚自己在做什么</strong>)并通过<code>gpg -k</code>重建密钥库。</p>
<h2 id="信任密钥"><a href="#信任密钥" class="headerlink" title="信任密钥"></a>信任密钥</h2><p>如果你足够细心,会发现我们的密钥在删除并再次导入后的信任登记会变成 <code>unknown</code> 这是因为我们对自己密钥的信任等级在删除公钥的时候一并删除了。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br></pre></td><td class="code"><pre><span class="line">apple@centos:~/gpg-tutorial$ gpg -K <span class="comment"># 查看信任情况</span></span><br><span class="line">/home/apple/.gnupg/pubring.kbx</span><br><span class="line">------------------------------</span><br><span class="line">sec rsa4096 2024-11-29 [SC] [expires: 2034-11-27]</span><br><span class="line"> A707BC2D981BF018B66B62A021E0EC557D72FA40</span><br><span class="line">uid [ unknown] INXINX <[email protected]></span><br><span class="line">ssb<span class="comment"># rsa4096 2024-11-29 [E] [expires: 2034-11-27]</span></span><br><span class="line">ssb<span class="comment"># rsa3072 2024-11-30 [S] [expires: 2027-11-30]</span></span><br><span class="line"></span><br><span class="line">apple@centos:~/gpg-tutorial$ gpg --edit-key inx <span class="comment">#Step 0, 进入密钥编辑模式</span></span><br><span class="line">gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">Secret key is available.</span><br><span class="line"></span><br><span class="line">sec rsa4096/21E0EC557D72FA40</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: SC</span><br><span class="line"> trust: unknown validity: unknown</span><br><span class="line">sub rsa4096/C02468B357B3AD0E</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: E</span><br><span class="line">sub rsa3072/AFF13A388E7B909B</span><br><span class="line"> created: 2024-11-30 expires: 2027-11-30 usage: S</span><br><span class="line">[ unknown] (1). INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">gpg> trust <span class="comment">#Step 1, 修改信任等级</span></span><br><span class="line">sec rsa4096/21E0EC557D72FA40</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: SC</span><br><span class="line"> trust: unknown validity: unknown</span><br><span class="line">sub rsa4096/C02468B357B3AD0E</span><br><span class="line"> created: 2024-11-29 expires: 2034-11-27 usage: E</span><br><span class="line">sub rsa3072/AFF13A388E7B909B</span><br><span class="line"> created: 2024-11-30 expires: 2027-11-30 usage: S</span><br><span class="line">[ unknown] (1). INXINX <[email protected]></span><br><span class="line"></span><br><span class="line">Please decide how far you trust this user to correctly verify other <span class="built_in">users</span><span class="string">' keys</span></span><br><span class="line"><span class="string">(by looking at passports, checking fingerprints from different sources, etc.) # 接下来是对信任等级的逐个翻译</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string"> 1 = I don'</span>t know or won<span class="string">'t say # 我不知道,抑或是我不想说</span></span><br><span class="line"><span class="string"> 2 = I do NOT trust # 我坚决不信</span></span><br><span class="line"><span class="string"> 3 = I trust marginally # 我半信半疑,适合网友</span></span><br><span class="line"><span class="string"> 4 = I trust fully # 我完全相信,适合已经线下确认过对方的身份</span></span><br><span class="line"><span class="string"> 5 = I trust ultimately # 我终极相信。请只用在自己的密钥上</span></span><br><span class="line"><span class="string"> m = back to the main menu</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">Your decision? 5 #Step 2, 输入选择由于是自己的密钥,我们选择5,终极相信</span></span><br><span class="line"><span class="string">Do you really want to set this key to ultimate trust? (y/N) y</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">sec rsa4096/21E0EC557D72FA40</span></span><br><span class="line"><span class="string"> created: 2024-11-29 expires: 2034-11-27 usage: SC</span></span><br><span class="line"><span class="string"> trust: ultimate validity: unknown</span></span><br><span class="line"><span class="string">sub rsa4096/C02468B357B3AD0E</span></span><br><span class="line"><span class="string"> created: 2024-11-29 expires: 2034-11-27 usage: E</span></span><br><span class="line"><span class="string">sub rsa3072/AFF13A388E7B909B</span></span><br><span class="line"><span class="string"> created: 2024-11-30 expires: 2027-11-30 usage: S</span></span><br><span class="line"><span class="string">[ unknown] (1). INXINX <[email protected]></span></span><br><span class="line"><span class="string">Please note that the shown key validity is not necessarily correct</span></span><br><span class="line"><span class="string">unless you restart the program.</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">gpg> save #Step 3, 保存密钥</span></span><br><span class="line"><span class="string">Key not changed so no update needed.</span></span><br><span class="line"><span class="string">apple@centos:~/gpg-tutorial$ gpg -K # 查看信任情况</span></span><br><span class="line"><span class="string">gpg: checking the trustdb</span></span><br><span class="line"><span class="string">gpg: marginals needed: 3 completes needed: 1 trust model: pgp</span></span><br><span class="line"><span class="string">gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u</span></span><br><span class="line"><span class="string">gpg: next trustdb check due at 2034-11-27</span></span><br><span class="line"><span class="string">/home/apple/.gnupg/pubring.kbx</span></span><br><span class="line"><span class="string">------------------------------</span></span><br><span class="line"><span class="string">sec rsa4096 2024-11-29 [SC] [expires: 2034-11-27]</span></span><br><span class="line"><span class="string"> A707BC2D981BF018B66B62A021E0EC557D72FA40</span></span><br><span class="line"><span class="string">uid [ultimate] INXINX <[email protected]> # 可以发现信任等级恢复了</span></span><br><span class="line"><span class="string">ssb# rsa4096 2024-11-29 [E] [expires: 2034-11-27]</span></span><br><span class="line"><span class="string">ssb# rsa3072 2024-11-30 [S] [expires: 2027-11-30]</span></span><br><span class="line"><span class="string"></span></span><br></pre></td></tr></table></figure>
<h2 id="实战"><a href="#实战" class="headerlink" title="实战"></a>实战</h2><h2 id="参考文献"><a href="#参考文献" class="headerlink" title="参考文献"></a>参考文献</h2><p>[1] 《2021年,用更现代的方法使用PGP(上,中,下)》 <a target="_blank" rel="noopener" href="https://ulyc.github.io/2021/01/13/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%8A/">2021年,用更现代的方法使用PGP(上) - C的博客 |UlyC</a> <a target="_blank" rel="noopener" href="https://ulyc.github.io/2021/01/18/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%AD/">2021年,用更现代的方法使用PGP(中) - C的博客 |UlyC</a> <a target="_blank" rel="noopener" href="https://ulyc.github.io/2021/01/26/2021%E5%B9%B4-%E7%94%A8%E6%9B%B4%E7%8E%B0%E4%BB%A3%E7%9A%84%E6%96%B9%E6%B3%95%E4%BD%BF%E7%94%A8PGP-%E4%B8%8B/">2021年,用更现代的方法使用PGP(下) - C的博客 |UlyC</a></p>
<p>[2] 《OpenPGP 最佳实践 - 密钥服务器》<a target="_blank" rel="noopener" href="https://nova.moe/openpgp-best-practices-keyserver-and-configuration/">OpenPGP 最佳实践 - 密钥服务器 | Nova Kwok’s Awesome Blog</a></p>
<p>[3] Pico Keys <a target="_blank" rel="noopener" href="https://www.picokeys.com/getting-started/">Getting Started - Pico Keys</a></p>
<p>[4] 《GPG使用指南》<a target="_blank" rel="noopener" href="https://gaoweix.com/gpg-guide/">GPG 使用指南 | val’s Blog</a></p>
</div>
<div class="post-tags syuanpi fadeInRightShort back-3">
<a href="/tags/GnuPG-Tutorial-WIP/">GnuPG , Tutorial, WIP</a>
</div>
</article>
<article class="
post
">
<header class="post-header">
<div class="post-time syuanpi fadeInRightShort back-1">
<div class="post-time-wrapper">
<time>2024-11-21</time>
</div>
</div>
<h1 class="post-title syuanpi fadeInRightShort back-2">
<a href="/2024/11/21/hello-world/">Hello World, 但是中文。</a>
</h1>
</header>
<div class="post-content syuanpi fadeInRightShort back-3">
<p>欢迎来到 <a target="_blank" rel="noopener" href="https://hexo.io/">Hexo</a>!这是您的第一篇文章。请查看 <a target="_blank" rel="noopener" href="https://hexo.io/docs/">documentation</a> 了解更多信息。如果您在使用 Hexo 时遇到任何问题,可以在 <a target="_blank" rel="noopener" href="https://hexo.io/docs/troubleshooting.html">troubleshooting</a> 中找到答案,也可以在 <a target="_blank" rel="noopener" href="https://github.com/hexojs/hexo/issues">GitHub</a> 上向我提问。</p>
<h3 id="快速入门"><a href="#快速入门" class="headerlink" title="快速入门"></a>快速入门</h3><h3 id="创建一个新职位"><a href="#创建一个新职位" class="headerlink" title="创建一个新职位"></a>创建一个新职位</h3><figure class="highlight plaintext"><figcaption><span>bash</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo new "我的新帖"</span><br></pre></td></tr></table></figure>
<p>更多信息: <a target="_blank" rel="noopener" href="https://hexo.io/docs/writing.html">写作</a></p>
<h3 id="运行服务器"><a href="#运行服务器" class="headerlink" title="运行服务器"></a>运行服务器</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo 服务器</span><br></pre></td></tr></table></figure>
<p>更多信息: <a target="_blank" rel="noopener" href="https://hexo.io/docs/server.html">服务器</a></p>
<h3 id="生成静态文件"><a href="#生成静态文件" class="headerlink" title="生成静态文件"></a>生成静态文件</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo generate</span><br></pre></td></tr></table></figure>
<p>更多信息: <a target="_blank" rel="noopener" href="https://hexo.io/docs/generating.html">生成</a></p>
<h3 id="部署到远程站点"><a href="#部署到远程站点" class="headerlink" title="部署到远程站点"></a>部署到远程站点</h3><figure class="highlight plaintext"><figcaption><span>bash</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo deploy</span><br></pre></td></tr></table></figure>
<p>更多信息: <a target="_blank" rel="noopener" href="https://hexo.io/docs/one-command-deployment.html">部署</a></p>
<p>通过DeepL.com(免费版)翻译</p>
</div>
</article>
</section>
<nav class="pagination">
<span class="page-number current">1</span>
</nav>
</div>
</main>
<footer class="footer syuanpi fadeIn" id="footer">
<hr>
<div class="footer-wrapper">
<div class="left">
<div class="contact-icon">
<a target="_blank" rel="noopener" href="https://twitter.com/inxdot" class="iconfont icon-twitter" title="twitter"></a>
<a target="_blank" rel="noopener" href="https://github.com/dotinx" class="iconfont icon-github" title="github"></a>
</div>
</div>
<div class="right">
<div class="copyright">
<div class="info">
<span>©</span>
<span>2022 ~ 2024</span>
<span>❤</span>
<span>inx</span>
</div>
<div class="theme">
<span>
Powered by
<a href="http://hexo.io/" target="_blank" rel="noopener">Hexo </a>
</span>
<span>
Theme
<a target="_blank" rel="noopener" href="https://github.com/ColMugX/hexo-theme-Nlvi"> Nlvi </a>
</span>
</div>
</div>
</div>
</div>
</footer>
</div>
<div class="tagcloud" id="tagcloud">
<div class="tagcloud-taglist">
<div class="tagcloud-tag">
<button>GnuPG , Tutorial, WIP</button>
</div>
</div>
<div class="tagcloud-postlist active">
<h2>GnuPG , Tutorial, WIP</h2>
<div class="tagcloud-post">
<a href="/2024/11/30/gnupg-2024/">
<time class="tagcloud-posttime">2024 / 11 / 30</time>
<span>(WIP) 在2024年入门你的 GnuPG</span>
</a>
</div>
</div>
</div>
</div>
<div class="backtop syuanpi melt toTop" id="backtop">
<i class="iconfont icon-up"></i>
<span style="text-align:center;font-family:Georgia;"><span style="font-family:Georgia;" id="scrollpercent">1</span>%</span>
</div>
<div class="search" id="search">
<div class="input">
<input type="text" id="search-input" placeholder="搜索一下?" autofocus>
</div>
<div id="search-result"></div>
</div>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/jquery.min.js"></script>
<script></script>
<script src="/script/lib/lightbox/js/lightbox.min.js" async></script>
<script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
<script>
MathJax = {
tex: {
tags: 'ams'
}
};
</script>
<script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js"></script>
<script src="/script/scheme/banderole.js"></script>
<script src="/script/bootstarp.js"></script>
</body>
</html>