gpg
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen RevisionVorhergehende Überarbeitung | |||
| gpg [2024-03-01 01:47:15] – [GPG key paar generieren] manfred | gpg [2024-06-03 12:12:58] (aktuell) – gelöscht manfred | ||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| - | ====== GPG (GnuPG) ====== | ||
| - | |||
| - | GNU Privacy Guard (auch GnuPG oder GPG genannt) ist FOSS und implementiert den OpenPGP- und in Version 2 auch den S/MIME- und den PGP/ | ||
| - | |||
| - | |||
| - | ===== Konfiguration ===== | ||
| - | |||
| - | * immer lange version der keyid anzeigen | ||
| - | * loopback für pinentry benutzen (nur auf windows, wenn man kein popup fenster möchte; auf linux besser **pinentry-curses** benutzen) | ||
| - | |||
| - | funktioniert immer (hässliches popup fenster auf windows) | ||
| - | <code c ~/ | ||
| - | keyid-format long | ||
| - | pinentry-mode ask | ||
| - | </ | ||
| - | |||
| - | windows (kein popup): | ||
| - | <code c ~/ | ||
| - | keyid-format long | ||
| - | pinentry-mode loopback | ||
| - | </ | ||
| - | |||
| - | * cache ttl für passphrase (separat für ssh) | ||
| - | * loopback pinentry erlauben | ||
| - | |||
| - | <code c ~/ | ||
| - | default-cache-ttl 3600 | ||
| - | default-cache-ttl-ssh 3600 | ||
| - | max-cache-ttl 28800 | ||
| - | max-cache-ttl-ssh 28800 | ||
| - | allow-loopback-pinentry | ||
| - | </ | ||
| - | |||
| - | **Unter Windows: ** Umgebungsvariable anlegen | ||
| - | GNUPGHOME=%userprofile%\.gnupg | ||
| - | |||
| - | evtl. Dateien vom alten ins neue dir verschieben (powershell commands) | ||
| - | > mv $env: | ||
| - | > rm -r $env: | ||
| - | |||
| - | |||
| - | ===== GPG Agent neustarten ===== | ||
| - | |||
| - | gpg agent restart bzw. start/stop (z.B. bei dem error: **gpg: can't connect to the agent: Invalid value passed to IPC**) | ||
| - | > gpg-connect-agent /bye | ||
| - | > gpg-connect-agent killagent /bye | ||
| - | |||
| - | das ''/ | ||
| - | |||
| - | |||
| - | ===== Anwendung ===== | ||
| - | |||
| - | |||
| - | ==== GPG sign testen ==== | ||
| - | |||
| - | > echo " | ||
| - | |||
| - | **Wichtig!** | ||
| - | Wenn das Signieren mit GPG nicht geht, liegt es womöglich daran, | ||
| - | dass GPG die TTY nicht findet und deshalb nicht nach der Passphrase fragen kann | ||
| - | > echo ' | ||
| - | |||
| - | ==== GPG key paar generieren ==== | ||
| - | |||
| - | GPG (CLI-Version) auf FreeBSD 14.0 installieren: | ||
| - | > pkg install security/ | ||
| - | |||
| - | eine GPG-Schlüsselpaar (privaten + öffentlichen Schlüssel) erzeugen: | ||
| - | > gpg --full-generate-key | ||
| - | gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH | ||
| - | This is free software: you are free to change and redistribute it. | ||
| - | There is NO WARRANTY, to the extent permitted by law. | ||
| - | | ||
| - | gpg: directory '/ | ||
| - | Please select what kind of key you want: | ||
| - | (1) RSA and RSA | ||
| - | (2) DSA and Elgamal | ||
| - | (3) DSA (sign only) | ||
| - | (4) RSA (sign only) | ||
| - | (9) ECC (sign and encrypt) *default* | ||
| - | (10) ECC (sign only) | ||
| - | (14) Existing key from card | ||
| - | Your selection? | ||
| - | Please select which elliptic curve you want: | ||
| - | (1) Curve 25519 *default* | ||
| - | (4) NIST P-384 | ||
| - | (6) Brainpool P-256 | ||
| - | Your selection? | ||
| - | Please specify how long the key should be valid. | ||
| - | 0 = key does not expire | ||
| - | < | ||
| - | <n>w = key expires in n weeks | ||
| - | <n>m = key expires in n months | ||
| - | <n>y = key expires in n years | ||
| - | Key is valid for? (0) | ||
| - | Key does not expire at all | ||
| - | Is this correct? (y/N) y | ||
| - | |||
| - | * '' | ||
| - | * Namen und E-Mail eintragen | ||
| - | |||
| - | ==== GPG key editieren ==== | ||
| - | |||
| - | > gpg --edit-key XXXXXXXXXXXXXXXX | ||
| - | |||
| - | |||
| - | ==== GPG key auflisten ==== | ||
| - | |||
| - | **Wichtig: | ||
| - | |||
| - | |||
| - | === public key === | ||
| - | |||
| - | > gpg -k | ||
| - | |||
| - | === private key === | ||
| - | |||
| - | > gpg -K | ||
| - | |||
| - | ==== GPG key exportieren ==== | ||
| - | |||
| - | **Wichtig: | ||
| - | |||
| - | Wenn man keine Key für '' | ||
| - | |||
| - | |||
| - | === public key === | ||
| - | |||
| - | > gpg -a -o gpg-public-keys.asc --export XXXXXXXXXXXXXXXX | ||
| - | |||
| - | === private key === | ||
| - | |||
| - | > gpg -a -o gpg-private-keys.asc --export-secret-keys XXXXXXXXXXXXXXXX | ||
| - | |||
| - | ==== GPG ownertrust exportieren ==== | ||
| - | |||
| - | empfohlen statt __trustdb.gpg__ zu sichern | ||
| - | |||
| - | > gpg --export-ownertrust > gpg-ownertrust.txt | ||
| - | |||
| - | ==== GPG key importieren ==== | ||
| - | |||
| - | > gpg --import gpg-public-keys.asc | ||
| - | > gpg --import gpg-private-keys.asc | ||
| - | |||
| - | ==== GPG ownertrust importieren ==== | ||
| - | |||
| - | > gpg --import-ownertrust gpg-ownertrust.txt | ||
| - | |||
| - | ==== GPG key lokal exportieren und auf anderer maschine importieren ==== | ||
| - | |||
| - | > gpg -a --export XXXXXXXXXXXXXXXX | ssh other-machine gpg --import | ||
| - | |||
| - | ==== GPG key auf anderer maschine exportieren und lokal importieren ==== | ||
| - | |||
| - | > ssh other-machine gpg -a --export XXXXXXXXXXXXXXXX | gpg --import | ||
| - | |||
| - | ==== GPG key vertrauen ==== | ||
| - | |||
| - | nach import erforderlich, | ||
| - | |||
| - | > gpg --edit-key XXXXXXXXXXXXXXXX | ||
| - | gpg> trust | ||
| - | gpg> save | ||
| - | |||
/home/http/wiki/data/attic/gpg.1709257635.txt · Zuletzt geändert: von manfred