如何在gpg(gnupg(
中通过subkey(多个subkey(e((加密pub rsa4096/22E49AB870AD169A 2017-03-09 [SC]
uid [ultimate] Jack Wonda <wangjievibeke@foxmail.com>
uid [ultimate] 王杰 <jack20130107@qq.com>
sub rsa4096/D39A707D61F13A26 2017-03-09 [E] [expires: 2020-04-25]
sub rsa4096/11FAB3E82F75B202 2017-04-24 [S] [expires: 2019-04-24]
sub rsa4096/B305BA41FD1F7793 2017-04-26 [E] [expires: 2019-04-26]
我有两个用于加密的子钥匙,但是现在我只能使用最后一个子钥匙(B305BA41FD1F7793(。
例如:
gpg2 -r D39A707D61F13A26 -e doc
File 'doc.gpg' exists. Overwrite? (y/N) y
gpg2 -d doc.gpg
gpg: encrypted with 4096-bit RSA key, ID B305BA41FD1F7793, created 2017-04-26
"Jack Wonda <wangjievibeke@foxmail.com>"
123456
即使我指定了第一个子键,它仍然会转到最后一个。
您可以通过在其ID上附加感叹点来强制GPG使用特定键。在您的情况下:
gpg2 -r 0xD39A707D61F13A26! -e doc
您甚至可以要求GPG使用两个键进行加密(因此,您可以使用任何一个关联的公共密钥解密(:
gpg2 -r 0xD39A707D61F13A26! -r 0xB305BA41FD1F7793! -e doc
根据安装在我的拱门系统上的manpage(奇怪的是,我在其他地方都找不到具有相同信息的同一版本(:
如何指定用户ID
有不同的方法将用户ID指定到GNUPG。他们中有一些 仅适用于GPG其他人仅适用于GPGSM。这里是 指定密钥的全部方法列表:
By key Id. This format is deduced from the length of the string and its content or 0x prefix. The key Id of an X.509 certificate are the low 64 bits of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for all automated processing the fingerprint should be used. When using gpg an exclamation mark (!) may be appended to force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use. The last four lines of the example give the key ID in their long form as internally used by the OpenPGP protocol. You can see the long key ID using the option --with-colons.