GitHub Commits的时候,绿色的Verified好治愈啊。

别问我为什么闲着没事导出GPG Key,还不是想薅羊毛。

Verified

在纠结为什么Commit的时候不记录邮箱的时候,翻到了GitHub的SSH and GPG keys,于是顺手新建了一个GPG Key,下面介绍如何配置与导出GPG Key。

What is GPG?

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880(also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

翻译过来即是:GPG对数据与通信过程进行加密与签名,借此鉴定身份。

New

参考官方文档即可。

View

使用命令gpg --list-secret-keys --keyid-format LONG即可列出,大致如下:

1
2
3
4
5
6
7
$ gpg --list-secret-keys --keyid-format LONG
/c/Users/HuYadong/.gnupg/pubring.kbx
------------------------------------
sec   rsa2048/7CCFB5D53C5024CE 2020-05-10 [SC]
      140C3B1BD1CE3B87373DD4B77CCFB5D53C5024CE
uid                 [ultimate] rainvalley (Raincorn) <huyadong1234@gmail.com>
ssb   rsa2048/49CBFA72C3A2FB59 2020-05-10 [E]

这里的GPG密匙ID为7CCFB5D53C5024CE,为完整ID的简写。解释下相关内容:

sec => ‘SECret key’
ssb => ‘Secret SuBkey’
pub => ‘PUBlic key’
sub => ‘public SUBkey’
uid => ‘User ID’

  • sec 意为密匙,加密算法rsa,长度2048,创建于2020-05-10,ID简写为7CCFB5D53C5024CE。
  • uid 生成GPG Key时候的用户信息,此处的Email应与GitHub注册账号相同。
  • ssb 意为子密匙,可与主密匙分开储存与撤销。

In other words, subkeys are like a separate key pair, but automatically associated with your main key pair.

Using

  • 绑定Git与GPG Keygit config --global user.signingkey 7CCFB5D53C5024CE
  • Commit的时候使用git commit -S -m "Update"即可使用GPG来对Commit进行签名。
  • 可以使用git config --global commit.gpgsign true来避免每次提交都需要加上-S。

Export

使用前文的密匙ID进行公私匙的导出,默认导出路径为用户根目录,Windows下为C:\Users{用户名},请注意妥善保存密匙。

1
2
gpg --output Pub.gpg --armor --export 7CCFB5D53C5024CE 
gpg --output Sec.gpg --armor --export-secret-key 7CCFB5D53C5024CE

Import

根据GPG ID导入,注意路径。

1
2
gpg --import ~/Pub.gpg
gpg --allow-secret-key-import --import ~/Sec.gpg

Modify

使用命令gpg --edit-key 7CCFB5D53C5024CE即可编辑该GPG Key的相关内容。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
$ gpg --edit-key 7CCFB5D53C5024CE
gpg (GnuPG) 2.2.20-unknown; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.
sec  rsa2048/7CCFB5D53C5024CE
     created: 2020-05-10  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/49CBFA72C3A2FB59
     created: 2020-05-10  expires: never       usage: E
[ultimate] (1). rainvalley (Raincorn) <[email protected]>

gpg> help
quit        quit this menu
save        save and quit
help        show this help
fpr         show key fingerprint
grip        show the keygrip
list        list key and user IDs
uid         select user ID N
key         select subkey N
check       check signatures
sign        sign selected user IDs [* see below for related commands]
lsign       sign selected user IDs locally
tsign       sign selected user IDs with a trust signature
nrsign      sign selected user IDs with a non-revocable signature
adduid      add a user ID
addphoto    add a photo ID
deluid      delete selected user IDs
addkey      add a subkey
addcardkey  add a key to a smartcard
keytocard   move a key to a smartcard
bkuptocard  move a backup key to a smartcard
delkey      delete selected subkeys
addrevoker  add a revocation key
delsig      delete signatures from the selected user IDs
expire      change the expiration date for the key or selected subkeys
primary     flag the selected user ID as primary
pref        list preferences (expert)
showpref    list preferences (verbose)
setpref     set preference list for the selected user IDs
keyserver   set the preferred keyserver URL for the selected user IDs
notation    set a notation for the selected user IDs
passwd      change the passphrase
trust       change the ownertrust
revsig      revoke signatures on the selected user IDs
revuid      revoke selected user IDs
revkey      revoke key or selected subkeys
enable      enable key
disable     disable key
showphoto   show selected photo IDs
clean       compact unusable user IDs and remove unusable signatures from key
minimize    compact unusable user IDs and remove all signatures from key

* The 'sign' command may be prefixed with an 'l' for local signatures (lsign),
  a 't' for trust signatures (tsign), an 'nr' for non-revocable signatures
  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).

gpg> passwd

gpg>

输入help即可得到GPG的帮助,有很多实用的功能,passwd意为修改密码,请尽量避免使用空密码。

Others

在Commit的时候发现无法正常关联GitHub账户,在GitHub的账户统计中也无相关活动,如下:

似乎是因为重装系统后没有重新配置,可以通过如下命令关联账号与本地Git:

1
2
git config --global user.name [username]
git config --global user.email [email]