【Github】GPG密钥的使用以及和SSH密钥的区别
环境
macOS 10.13.6 (17G65)javascript
建立GPG密钥
Github支持下面的加密协议的GPG密钥java
- RSA
- ElGamal
- DSA
- ECDH
- ECDSA
- EdDSA
安装gnupg
从https://www.gnupg.org/download/ 中下载gnupg
gnupg连接为 https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.9.tar.bz2linux
./configure
configure:
***
*** You need libgpg-error to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libgpg-error
*** (at least version 1.24 is required.)
***
configure:
***
*** You need libgcrypt to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libgcrypt/
*** (at least version 1.7.0 (API 1) is required.)
***
configure:
***
*** You need libassuan to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libassuan/
*** (at least version 2.5.0 (API 2) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version 1.3.4 using API 1 is required).
***
configure:
***
*** It is now required to build with support for the
*** New Portable Threads Library (nPth). Please install this
*** library first. The library is for example available at
*** https://gnupg.org/ftp/gcrypt/npth/
*** (at least version 1.2 (API 1) is required).
***
configure: error:
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***
也就是咱们要安装下面几个软件git
libgpg-error
最低版本 1.24web
访问网站 https://gnupg.org/ftp/gcrypt/libgpg-error/redis
wget https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.bz2
lixiaoyudeMBP:soft lxy$ tar -jxvf libgpg-error-1.32.tar.bz2
lixiaoyudeMBP:libgpg-error-1.32 lxy$ cd libgpg-error-1.32
lixiaoyudeMBP:libgpg-error-1.32 lxy$ ./configure
lixiaoyudeMBP:libgpg-error-1.32 lxy$ make && make install
make[3]: Nothing to be done for `install-exec-am'.
../../build-aux/install-sh -c -d '/usr/local/share/common-lisp/source/gpg-error'
/usr/bin/install -c -m 644 gpg-error.asd gpg-error-package.lisp gpg-error.lisp '/usr/local/share/common-lisp/source/gpg-error'
../../build-aux/install-sh -c -d '/usr/local/share/common-lisp/source/gpg-error'
/usr/bin/install -c -m 644 gpg-error-codes.lisp '/usr/local/share/common-lisp/source/gpg-error'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[2]: Nothing to be done for `install-exec-am'.
/Library/Developer/CommandLineTools/usr/bin/make install-data-hook
make[3]: Nothing to be done for `install-data-hook'.
libgcrypt
最低版本 1.7.0 (API 1)sql
访问网站 https://gnupg.org/ftp/gcrypt/libgcrypt/app
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ wget https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.bz2
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ tar -jxvf libgcrypt-1.8.3.tar.bz2
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ cd libgcrypt-1.8.3
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ ./configure
Libgcrypt v1.8.3 has been configured as follows:
Platform: Darwin (x86_64-apple-darwin17.7.0)
Hardware detection module: hwf-x86
Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish
serpent rfc2268 seed camellia idea salsa20
gost28147 chacha20
Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
sha256 sha512 sha3 tiger whirlpool stribog
blake2
Enabled kdf algorithms: s2k pkdf2 scrypt
Enabled pubkey algorithms: dsa elgamal rsa ecc
Random number generator: default
Try using jitter entropy: yes
Using linux capabilities: no
Try using Padlock crypto: yes
Try using AES-NI crypto: yes
Try using Intel PCLMUL: yes
Try using Intel SSE4.1: yes
Try using DRNG (RDRAND): yes
Try using Intel AVX: yes
Try using Intel AVX2: yes
Try using ARM NEON: n/a
Try using ARMv8 crypto: n/a
lixiaoyudeMBP:libgcrypt-1.8.3 lxy$ make && make install
libassuan
最低版本 2.5.0 (API 2)dom
访问网站 https://gnupg.org/ftp/gcrypt/libassuan/ide
lixiaoyudeMBP:soft lxy$ wget https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2
lixiaoyudeMBP:soft lxy$ tar -jxvf libassuan-2.5.1.tar.bz2
lixiaoyudeMBP:soft lxy$ cd libassuan-2.5.1
lixiaoyudeMBP:libassuan-2.5.1 lxy$ ./configure
Libassuan v2.5.1 has been configured as follows:
Revision: 8fc922c (36809)
Platform: x86_64-apple-darwin17.7.0
lixiaoyudeMBP:libassuan-2.5.1 lxy$ make && make install
libksba
最低版本 1.3.4 using API 1
访问网站
lixiaoyudeMBP:libksba-1.3.5 lxy$ wget https://gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2
lixiaoyudeMBP:libksba-1.3.5 lxy$ tar -jxvf libksba-1.3.5.tar.bz2
lixiaoyudeMBP:libksba-1.3.5 lxy$ cd libksba-1.3.5
lixiaoyudeMBP:libksba-1.3.5 lxy$ ./configure
Libksba v1.3.5 has been configured as follows:
Revision: 25cc42c (9676)
Platform: x86_64-apple-darwin17.7.0
lixiaoyudeMBP:libksba-1.3.5 lxy$ make && make install
npth
最低版本 1.2 (API 1)
访问网站 https://gnupg.org/ftp/gcrypt/npth/
lixiaoyudeMBP:soft lxy$ wget https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2
lixiaoyudeMBP:soft lxy$ tar -jxvf npth-1.6.tar.bz2
lixiaoyudeMBP:soft lxy$ cd npth-1.6
lixiaoyudeMBP:npth-1.6 lxy$ ./configure
npth v1.6 prepared for make
Revision: 7712879 (30482)
Platform: x86_64-apple-darwin17.7.0
lixiaoyudeMBP:npth-1.6 lxy$ make && make install
再次编译gnupg
lixiaoyudeMBP:gnupg-2.2.9 lxy$ ./configure
GnuPG v2.2.9 has been configured as follows:
Revision: 2b82db61c (11138)
Platform: Darwin (x86_64-apple-darwin17.7.0)
OpenPGP: yes
S/MIME: yes
Agent: yes
Smartcard: yes (without internal CCID driver)
G13: no
Dirmngr: yes
Gpgtar: yes
WKS tools: no
Protect tool: (default)
LDAP wrapper: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
Dirmngr auto start: yes
Readline support: no
LDAP support: yes
TLS support: no
TOFU support: no
Tor support: yes
lixiaoyudeMBP:gnupg-2.2.9 lxy$ make && make install
mkdir: /usr/local/libexec: Permission denied
make[2]: *** [install-libexecPROGRAMS] Error 1
make[1]: *** [install-am] Error 2
make: *** [install-recursive] Error 1
lixiaoyudeMBP:gnupg-2.2.9 lxy$ sudo su root
Password:
sh-3.2# make && make install
build-aux/install-sh -c -d '/usr/local/share/doc/gnupg'
/usr/bin/install -c -m 644 README '/usr/local/share/doc/gnupg'
/Library/Developer/CommandLineTools/usr/bin/make install-data-hook
make[3]: Nothing to be done for `install-data-hook'.
验证邮箱
在Github我的页面中选择Emails -> Send verification email
生成密钥
lixiaoyudeMBP:~ lxy$ gpg --full-generate-key
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: ********@qq.com Name may not start with a digit Real name: calvin Email address: ********@qq.com Comment: Xiaoyu You selected this USER-ID: "calvin (Xiaoyu) <********@qq.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry
lixiaoyudeMBP:~ lxy$ unset DISPLAY
lixiaoyudeMBP:~ lxy$ sudo gpg --list-secret-keys --keyid-format LONG
lixiaoyudeMBP:~ lxy$ brew install pinentry
再次重试
lixiaoyudeMBP:~ lxy$ sudo gpg --full-generate-key
Password:
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: calvin
Email address: ***************@qq.com
Comment: Xiaoyu
You selected this USER-ID:
"calvin (Xiaoyu) <***************@qq.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /Users/lxy/.gnupg/trustdb.gpg: trustdb created
gpg: key 26AD3F854E18718F marked as ultimately trusted
gpg: directory '/Users/lxy/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/lxy/.gnupg/openpgp-revocs.d/***************.rev'
public and secret key created and signed.
pub rsa4096 2018-07-21 [SC]
***************
uid calvin (Xiaoyu) <***************@qq.com>
sub rsa4096 2018-07-21 [E]
在上面期间要输入密码
查看密钥
lixiaoyudeMBP:~ lxy$ sudo gpg --list-secret-keys --keyid-format LONG
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/Users/lxy/.gnupg/pubring.kbx -----------------------------
sec rsa4096/26AD3F854E18718F 2018-07-21 [SC]
*********** //拿着这个在下面做为参数
uid [ultimate] calvin (Xiaoyu) <*******@qq.com> ssb rsa4096/55B0ED84AFE603E4 2018-07-21 [E] lixiaoyudeMBP:~ lxy$ sudo gpg --armor --export ***********
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFtTVB0BEAC0QjmqPO7EUW6rtLv6Htaje+sY19eUvv4I844BlGg0e4l1bd6b
**********************
1WsJSTtVO++3K9hBpeaIitfON3ClEK91db8zFnxXYjK/4GrVyQb460vp4riKDJCv
GO39PnOYieRAoV/3PbfPjEJR7hL/NexIOev2Rz8bFc17lQMkBXbH7pr7jQSCJg==
=djPM
-----END PGP PUBLIC KEY BLOCK-----
上面的结果中间的部分就是公钥的部分。咱们将这部分放到下面的页面中,就能够了。
总结
优势
- 能够设置过时时间
缺点
- 初始配置环境比较麻烦