【Github】GPG密钥的使用以及和SSH密钥的区别
【摘要】
环境
macOS 10.13.6 (17G65)
创建GPG密钥
Github支持下面的加密协议的GPG密钥
RSAElGamalDSAECDHECDSAEdDSA
安装gnupg
...
环境
macOS 10.13.6 (17G65)
创建GPG密钥
Github支持下面的加密协议的GPG密钥
- RSA
- ElGamal
- DSA
- ECDH
- ECDSA
- EdDSA
安装gnupg
从https://www.gnupg.org/download/ 中下载gnupg
gnupg链接为 https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.9.tar.bz2
./configure
configure:
***
*** You need libgpg-error to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libgpg-error
*** (at least version 1.24 is required.)
***
configure:
***
*** You need libgcrypt to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libgcrypt/
*** (at least version 1.7.0 (API 1) is required.)
***
configure:
***
*** You need libassuan to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libassuan/
*** (at least version 2.5.0 (API 2) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version 1.3.4 using API 1 is required).
***
configure:
***
*** It is now required to build with support for the
*** New Portable Threads Library (nPth). Please install this
*** library first. The library is for example available at
*** https://gnupg.org/ftp/gcrypt/npth/
*** (at least version 1.2 (API 1) is required).
***
configure: error:
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
也就是我们要安装下面几个软件
libgpg-error
最低版本 1.24
访问网站 https://gnupg.org/ftp/gcrypt/libgpg-error/
wget https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.bz2
lixiaoyudeMBP:soft lxy$ tar -jxvf libgpg-error-1.32.tar.bz2
lixiaoyudeMBP:libgpg-error-1.32 lxy$ cd libgpg-error-1.32
lixiaoyudeMBP:libgpg-error-1.32 lxy$ ./configure
lixiaoyudeMBP:libgpg-error-1.32 lxy$ make && make install
make[3]: Nothing to be done for `install-exec-am'.
../../build-aux/install-sh -c -d '/usr/local/share/common-lisp/source/gpg-error'
/usr/bin/install -c -m 644 gpg-error.asd gpg-error-package.lisp gpg-error.lisp '/usr/local/share/common-lisp/source/gpg-error'
../../build-aux/install-sh -c -d '/usr/local/share/common-lisp/source/gpg-error'
/usr/bin/install -c -m 644 gpg-error-codes.lisp '/usr/local/share/common-lisp/source/gpg-error'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[2]: Nothing to be done for `install-exec-am'.
/Library/Developer/CommandLineTools/usr/bin/make install-data-hook
make[3]: Nothing to be done for `install-data-hook'.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
libgcrypt
最低版本 1.7.0 (API 1)
访问网站 https://gnupg.org/ftp/gcrypt/libgcrypt/
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ wget https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.bz2
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ tar -jxvf libgcrypt-1.8.3.tar.bz2
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ cd libgcrypt-1.8.3
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ ./configure
Libgcrypt v1.8.3 has been configured as follows:
Platform: Darwin (x86_64-apple-darwin17.7.0)
Hardware detection module: hwf-x86
Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish
serpent rfc2268 seed camellia idea salsa20
gost28147 chacha20
Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
sha256 sha512 sha3 tiger whirlpool stribog
blake2
Enabled kdf algorithms: s2k pkdf2 scrypt
Enabled pubkey algorithms: dsa elgamal rsa ecc
Random number generator: default
Try using jitter entropy: yes
Using linux capabilities: no
Try using Padlock crypto: yes
Try using AES-NI crypto: yes
Try using Intel PCLMUL: yes
Try using Intel SSE4.1: yes
Try using DRNG (RDRAND): yes
Try using Intel AVX: yes
Try using Intel AVX2: yes
Try using ARM NEON: n/a
Try using ARMv8 crypto: n/a
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ make && make install
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
libassuan
最低版本 2.5.0 (API 2)
访问网站 https://gnupg.org/ftp/gcrypt/libassuan/
lixiaoyudeMBP:soft lxy$ wget https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2
lixiaoyudeMBP:soft lxy$ tar -jxvf libassuan-2.5.1.tar.bz2
lixiaoyudeMBP:soft lxy$ cd libassuan-2.5.1
lixiaoyudeMBP:libassuan-2.5.1 lxy$ ./configure
Libassuan v2.5.1 has been configured as follows:
Revision: 8fc922c (36809)
Platform: x86_64-apple-darwin17.7.0
lixiaoyudeMBP:libassuan-2.5.1 lxy$ make && make install
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
libksba
最低版本 1.3.4 using API 1
访问网站
lixiaoyudeMBP:libksba-1.3.5 lxy$ wget https://gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2
lixiaoyudeMBP:libksba-1.3.5 lxy$ tar -jxvf libksba-1.3.5.tar.bz2
lixiaoyudeMBP:libksba-1.3.5 lxy$ cd libksba-1.3.5
lixiaoyudeMBP:libksba-1.3.5 lxy$ ./configure
Libksba v1.3.5 has been configured as follows:
Revision: 25cc42c (9676)
Platform: x86_64-apple-darwin17.7.0
lixiaoyudeMBP:libksba-1.3.5 lxy$ make && make install
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
npth
最低版本 1.2 (API 1)
访问网站 https://gnupg.org/ftp/gcrypt/npth/
lixiaoyudeMBP:soft lxy$ wget https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2
lixiaoyudeMBP:soft lxy$ tar -jxvf npth-1.6.tar.bz2
lixiaoyudeMBP:soft lxy$ cd npth-1.6
lixiaoyudeMBP:npth-1.6 lxy$ ./configure
npth v1.6 prepared for make
Revision: 7712879 (30482)
Platform: x86_64-apple-darwin17.7.0
lixiaoyudeMBP:npth-1.6 lxy$ make && make install
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
再次编译gnupg
lixiaoyudeMBP:gnupg-2.2.9 lxy$ ./configure
GnuPG v2.2.9 has been configured as follows:
Revision: 2b82db61c (11138)
Platform: Darwin (x86_64-apple-darwin17.7.0)
OpenPGP: yes
S/MIME: yes
Agent: yes
Smartcard: yes (without internal CCID driver)
G13: no
Dirmngr: yes
Gpgtar: yes
WKS tools: no
Protect tool: (default)
LDAP wrapper: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
Dirmngr auto start: yes
Readline support: no
LDAP support: yes
TLS support: no
TOFU support: no
Tor support: yes
lixiaoyudeMBP:gnupg-2.2.9 lxy$ make && make install
mkdir: /usr/local/libexec: Permission denied
make[2]: *** [install-libexecPROGRAMS] Error 1
make[1]: *** [install-am] Error 2
make: *** [install-recursive] Error 1
lixiaoyudeMBP:gnupg-2.2.9 lxy$ sudo su root
Password:
sh-3.2# make && make install
build-aux/install-sh -c -d '/usr/local/share/doc/gnupg'
/usr/bin/install -c -m 644 README '/usr/local/share/doc/gnupg'
/Library/Developer/CommandLineTools/usr/bin/make install-data-hook
make[3]: Nothing to be done for `install-data-hook'.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
验证邮箱
在Github个人页面中选择Emails -> Send verification email
生成密钥
lixiaoyudeMBP:~ lxy$ gpg --full-generate-key
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: ********@qq.com
Name may not start with a digit
Real name: calvin
Email address: ********@qq.com
Comment: Xiaoyu
You selected this USER-ID:
"calvin (Xiaoyu) <********@qq.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry
lixiaoyudeMBP:~ lxy$ unset DISPLAY
lixiaoyudeMBP:~ lxy$ sudo gpg --list-secret-keys --keyid-format LONG
lixiaoyudeMBP:~ lxy$ brew install pinentry
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
再次重试
lixiaoyudeMBP:~ lxy$ sudo gpg --full-generate-key
Password:
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: calvin
Email address: ***************@qq.com
Comment: Xiaoyu
You selected this USER-ID:
"calvin (Xiaoyu) <***************@qq.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /Users/lxy/.gnupg/trustdb.gpg: trustdb created
gpg: key 26AD3F854E18718F marked as ultimately trusted
gpg: directory '/Users/lxy/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/lxy/.gnupg/openpgp-revocs.d/***************.rev'
public and secret key created and signed.
pub rsa4096 2018-07-21 [SC]
***************
uid calvin (Xiaoyu) <***************@qq.com>
sub rsa4096 2018-07-21 [E]
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
在上面期间要输入密码
查看密钥
lixiaoyudeMBP:~ lxy$ sudo gpg --list-secret-keys --keyid-format LONG
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/Users/lxy/.gnupg/pubring.kbx
-----------------------------
sec rsa4096/26AD3F854E18718F 2018-07-21 [SC]
*********** //拿着这个在下面作为参数
uid [ultimate] calvin (Xiaoyu) <*******@qq.com>
ssb rsa4096/55B0ED84AFE603E4 2018-07-21 [E]
lixiaoyudeMBP:~ lxy$ sudo gpg --armor --export ***********
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFtTVB0BEAC0QjmqPO7EUW6rtLv6Htaje+sY19eUvv4I844BlGg0e4l1bd6b
**********************
1WsJSTtVO++3K9hBpeaIitfON3ClEK91db8zFnxXYjK/4GrVyQb460vp4riKDJCv
GO39PnOYieRAoV/3PbfPjEJR7hL/NexIOev2Rz8bFc17lQMkBXbH7pr7jQSCJg==
=djPM
-----END PGP PUBLIC KEY BLOCK-----
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
上面的结果中间的部分就是公钥的部分。我们将这部分放到下面的页面中,就可以了。
总结
优点
- 可以设置过期时间
缺点
- 初始配置环境比较麻烦
文章来源: coderfix.blog.csdn.net,作者:小雨青年,版权归原作者所有,如需转载,请联系作者。
原文链接:coderfix.blog.csdn.net/article/details/81147966
【版权声明】本文为华为云社区用户转载文章,如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)