Linux: GnuPG – управление GPG ключами

Автор: | 09/10/2017
 

Документация – тут>>> и тут>>>.

Установка

Устанавливаем:

[simterm]

$ sudo pacman -S gnupg

[/simterm]

Проверяем:

[simterm]

$ gpg --version
gpg (GnuPG) 2.1.22
libgcrypt 1.8.0
...

[/simterm]

Файлы хранятся в /home/user/:

[simterm]

$ ls -l ~/.gnupg/
total 184
drwx------ 2 setevoy setevoy  4096 Mar  8 18:47 crls.d
-rw------- 1 setevoy setevoy  2649 Mar  8 18:45 dirmngr.conf
-rw------- 1 setevoy setevoy  5191 Mar  8 18:45 gpg.conf
drwx------ 2 setevoy setevoy  4096 Mar  9 12:09 private-keys-v1.d
-rw-r--r-- 1 setevoy setevoy 80802 May  7 18:41 pubring.kbx
-rw-r--r-- 1 setevoy setevoy 78701 May  7 07:28 pubring.kbx~
-rw------- 1 setevoy setevoy  1200 May  7 18:41 trustdb.gpg

[/simterm]

Файлы настроек – ~/.gnupg/gpg.conf и ~/.gnupg/dirmngr.conf

Проверить список добавленных в хранилище ключей:

[simterm]

$ gpg --list-keys
/home/setevoy/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2013-05-31 [SC] [expires: 2018-06-04]
      8048643BA2C840F4F92A195FF54984BFA16C640F
uid           [ unknown] Glenn Randers-Pehrson (mozilla) <[email protected]>
uid           [ unknown] Glenn Randers-Pehrson (libpng) <[email protected]>
...

[/simterm]

Это ключи разработчиков из AUR.

Создание ключа

Создаём свой ключ:

[simterm]

$ gpg --full-gen-key                                                                                                            
gpg (GnuPG) 2.1.22; Copyright (C) 2017 Free Software Foundation, Inc.                                                                                                   
This is free software: you are free to change and redistribute it.                                                                                                      
There is NO WARRANTY, to the extent permitted by law.                                                                                                                   

Please select what kind of key you want:                                                                                                                                
   (1) RSA and RSA (default)                                                                                                                                            
   (2) DSA and Elgamal                                                                                                                                                  
   (3) DSA (sign only)                                                                                                                                                  
   (4) RSA (sign only)                                                                                                                                                  
Your selection?                                                                                                                                                         
RSA keys may be between 1024 and 4096 bits long.                                                                                                                        
What keysize do you want? (2048)                                                                                                                                        
Requested keysize is 2048 bits                                                                                                                                          
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Arseny Zinchenko
Email address: [email protected]
Comment:
You selected this USER-ID:
    "Arseny Zinchenko <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
...

pub   rsa2048 2017-08-11 [SC]
      63677A14C55A3BAD231A9C07EBED10E2C2F4FEE7
uid                      Arseny Zinchenko <[email protected]>
sub   rsa2048 2017-08-11 [E]

[/simterm]

Проверяем список ключей ещё раз:

[simterm]

$ gpg --list-keys
/home/setevoy/.gnupg/pubring.kbx
...

pub   rsa2048 2017-08-11 [SC]
      63677A14C55A3BAD231A9C07EBED10E2C2F4FEE7
uid           [ultimate] Arseny Zinchenko <[email protected]>
sub   rsa2048 2017-08-11 [E]

[/simterm]

Export public ключа

Что бы получить свой ключ, например для добавления в Github – выполняем:

[simterm]

$ gpg --armor --export [email protected]
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFmOAxwBCAC37ZU1mSaDOeAlLAqRUrl7lsKS6pr/iC/o7CufdviSfbhZj5S4
...
wC3zJGQlc/2+jT7hBtlXG5GeP1hPWsOUlgY663bvAEcsKQ==
=1zJL
-----END PGP PUBLIC KEY BLOCK-----

[/simterm]

Приватные ключи

Список приватных ключей:

[simterm]

$ gpg --list-secret-keys
/home/setevoy/.gnupg/pubring.kbx
--------------------------------
sec   rsa2048 2017-08-11 [SC]
      6***7
uid           [ultimate] Arseny Zinchenko <[email protected]>
ssb   rsa2048 2017-08-11 [E]

[/simterm]

keybase

Если пользуетесь keybase – добавление ключа:

[simterm]

$ keybase pgp select
#    Algo    Key Id             Created   UserId
=    ====    ======             =======   ======
1    2048R   EBED10E2C2F4FEE7             Arseny Zinchenko <[email protected]>
Choose a key: EBED10E2C2F4FEE7
Choose a key (1-1, or q to cancel): 1
▶ INFO Bundle unlocked: EBED10E2C2F4FEE7
▶ INFO Generated new PGP key:
▶ INFO   user: Arseny Zinchenko <[email protected]>
▶ INFO   2048-bit RSA key, ID EBED10E2C2F4FEE7, created 2017-08-11
▶ INFO Key EBED10E2C2F4FEE7 imported

[/simterm]

Готово.