next up previous contents
Next: GnuPG 密鑰上傳 Up: GnuPG Previous: GnuPG 安裝   Contents

GnuPG 密鑰產生

  1. 開始產生密鑰、加密或簽章前,必須先啟動 gpg-agent daemon,否則會有以以錯誤訊息。
    gpg --gen-key can't connect to `.gnupg/S.gpg-agent': No such file or directory
  2. 啟動 gpg-agent daemon。
    [deyu1@kvm8 ~]# gpg-agent --daemon --use-standard-socket
    gpg-agent[1687]: directory `/root/.gnupg' created
    gpg-agent[1687]: directory `/root/.gnupg/private-keys-v1.d' created
    GPG_AGENT_INFO=/root/.gnupg/S.gpg-agent:1688:1; export GPG_AGENT_INFO;
  3. 如果出現以下錯誤訊息,必須清除 DISPLAY 變數,或變更設定。
    gpg: problem with the agent: No pinentry
    gpg: Key generation canceled.
  4. 清除 DISPLAY 變數。
    [deyu1@kvm8 ~]# unset DISPLAY
  5. 變更設定。
    [deyu1@kvm8 ~]$ vim .gnupg/gpg-agent.conf
    pinentry-program /usr/bin/pinentry-curses
  6. 產生密鑰。
    [root@kvm8 ~]# gpg --gen-key
    gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
  7. 選擇加密方式。
    Please select what kind of key you want:
       (1) RSA and RSA (default)
       (2) DSA and Elgamal
       (3) DSA (sign only)
       (4) RSA (sign only)
    Your selection?
  8. 使用預設 RSA,選擇 RSA keys 長度。
    RSA keys may be between 1024 and 4096 bits long.
    What keysize do you want? (2048) 
    Requested keysize is 2048 bits
  9. 選擇密鑰有效時間,0 為永久有效。
    Please specify how long the key should be valid.
             0 = key does not expire
          <n>  = key expires in n days
          <n>w = key expires in n weeks
          <n>m = key expires in n months
          <n>y = key expires in n years
    Key is valid for? (0) 
    Key does not expire at all
  10. 確認是否正確?
    Is this correct? (y/N) y
  11. 輸入名字、eamil、別名。
    GnuPG needs to construct a user ID to identify your key.
    Real name: abc123
    Email address:
    Comment: ABC
    You selected this USER-ID:
        "abc123 (ABC) <>"
  12. 是否更改?
    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
  13. 必須輸入 Passphrase,此為你的密碼要妥善保存,否則密鑰將無法使用。
    You need a Passphrase to protect your secret key.
  14. 經過數分鐘,私鑰與公鑰都已產生。
    We need to generate a lot of random bytes. It is a good idea to perform
    some other action (type on the keyboard, move the mouse, utilize the
    disks) during the prime generation; this gives the random number
    generator a better chance to gain enough entropy.
    gpg: /home/deyu1/.gnupg/trustdb.gpg: trustdb created
    gpg: key A98B198E marked as ultimately trusted
    public and secret key created and signed.
    gpg: checking the trustdb
    gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
    gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
    pub   2048R/A98B198E 2014-05-26
          Key fingerprint = 1DD5 7E72 C442 D1E4 65E4  14CE 62B0 1911 A98B 198E
    uid                  abc123 (ABC) <>
    sub   2048R/C039E2B6 2014-05-26

De-Yu Wang 2018-08-08