GitHub Commits的时候,绿色的Verified好治愈啊。

别问我为什么闲着没事导出GPG Key,还不是想薅羊毛。

Verified

在纠结为什么Commit的时候不记录邮箱的时候,翻到了GitHub的SSH and GPG keys,于是顺手新建了一个GPG Key,下面介绍如何配置与导出GPG Key。

What is GPG?

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880(also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

翻译过来即是:GPG对数据与通信过程进行加密与签名,借此鉴定身份。

New

参考官方文档即可。

View

使用命令gpg --list-secret-keys --keyid-format LONG即可列出,大致如下:

1
2
3
4
5
6
7
$ gpg --list-secret-keys --keyid-format LONG
/c/Users/HuYadong/.gnupg/pubring.kbx
------------------------------------
sec rsa2048/7CCFB5D53C5024CE 2020-05-10 [SC]
140C3B1BD1CE3B87373DD4B77CCFB5D53C5024CE
uid [ultimate] rainvalley (Raincorn) <huyadong1234@gmail.com>
ssb rsa2048/49CBFA72C3A2FB59 2020-05-10 [E]

这里的GPG密匙ID为7CCFB5D53C5024CE,为完整ID的简写。解释下相关内容:

sec => ‘SECret key’
ssb => ‘Secret SuBkey’
pub => ‘PUBlic key’
sub => ‘public SUBkey’
uid => ‘User ID’

  • sec 意为密匙,加密算法rsa,长度2048,创建于2020-05-10,ID简写为7CCFB5D53C5024CE。
  • uid 生成GPG Key时候的用户信息,此处的Email应与GitHub注册账号相同。
  • ssb 意为子密匙,可与主密匙分开储存与撤销。

In other words, subkeys are like a separate key pair, but automatically associated with your main key pair.

Using

  • 绑定Git与GPG Keygit config --global user.signingkey 7CCFB5D53C5024CE
  • Commit的时候使用git commit -S -m "Update"即可使用GPG来对Commit进行签名。
  • 可以使用git config --global commit.gpgsign true来避免每次提交都需要加上-S。

Export

使用前文的密匙ID进行公私匙的导出,默认导出路径为用户根目录,Windows下为C:\Users{用户名},请注意妥善保存密匙。

1
2
gpg --output Pub.gpg --armor --export 7CCFB5D53C5024CE 
gpg --output Sec.gpg --armor --export-secret-key 7CCFB5D53C5024CE

Import

根据GPG ID导入,注意路径。

1
2
gpg --import ~/Pub.gpg
gpg --allow-secret-key-import --import ~/Sec.gpg

Modify

使用命令gpg --edit-key 7CCFB5D53C5024CE即可编辑该GPG Key的相关内容。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
$ gpg --edit-key 7CCFB5D53C5024CE
gpg (GnuPG) 2.2.20-unknown; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.
sec rsa2048/7CCFB5D53C5024CE
created: 2020-05-10 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/49CBFA72C3A2FB59
created: 2020-05-10 expires: never usage: E
[ultimate] (1). rainvalley (Raincorn) <huyadong1234@gmail.com>

gpg> help
quit quit this menu
save save and quit
help show this help
fpr show key fingerprint
grip show the keygrip
list list key and user IDs
uid select user ID N
key select subkey N
check check signatures
sign sign selected user IDs [* see below for related commands]
lsign sign selected user IDs locally
tsign sign selected user IDs with a trust signature
nrsign sign selected user IDs with a non-revocable signature
adduid add a user ID
addphoto add a photo ID
deluid delete selected user IDs
addkey add a subkey
addcardkey add a key to a smartcard
keytocard move a key to a smartcard
bkuptocard move a backup key to a smartcard
delkey delete selected subkeys
addrevoker add a revocation key
delsig delete signatures from the selected user IDs
expire change the expiration date for the key or selected subkeys
primary flag the selected user ID as primary
pref list preferences (expert)
showpref list preferences (verbose)
setpref set preference list for the selected user IDs
keyserver set the preferred keyserver URL for the selected user IDs
notation set a notation for the selected user IDs
passwd change the passphrase
trust change the ownertrust
revsig revoke signatures on the selected user IDs
revuid revoke selected user IDs
revkey revoke key or selected subkeys
enable enable key
disable disable key
showphoto show selected photo IDs
clean compact unusable user IDs and remove unusable signatures from key
minimize compact unusable user IDs and remove all signatures from key

* The 'sign' command may be prefixed with an 'l' for local signatures (lsign),
a 't' for trust signatures (tsign), an 'nr' for non-revocable signatures
(nrsign), or any combination thereof (ltsign, tnrsign, etc.).

gpg> passwd

gpg>

输入help即可得到GPG的帮助,有很多实用的功能,passwd意为修改密码,请尽量避免使用空密码。

Others

在Commit的时候发现无法正常关联GitHub账户,在GitHub的账户统计中也无相关活动,如下:

似乎是因为重装系统后没有重新配置,可以通过如下命令关联账号与本地Git:

1
2
git config --global user.name [username]
git config --global user.email [email]