如何通过GPG(GnuPG)中的子键(多个子键(e))进行加密
pub rsa4096/22E49AB870AD169A 2017-03-09 [SC]
uid [ultimate] Jack Wonda <wangjievibeke@foxmail.com>
uid [ultimate] 王杰 <jack20130107@qq.com>
sub rsa4096/D39A707D61F13A26 2017-03-09 [E] [expires: 2020-04-25]
sub rsa4096/11FAB3E82F75B202 2017-04-24 [S] [expires: 2019-04-24]
sub rsa4096/B305BA41FD1F7793 2017-04-26 [E] [expires: 2019-04-26]
我有两个用于加密的子密钥,但是现在我只能使用最后一个子密钥(B305BA41FD1F7793)。
例如:
gpg2 -r D39A707D61F13A26 -e doc
File 'doc.gpg' exists. Overwrite? (y/N) y
gpg2 -d doc.gpg
gpg: encrypted with 4096-bit RSA key, ID B305BA41FD1F7793, created 2017-04-26
"Jack Wonda <wangjievibeke@foxmail.com>"
123456
即使我指定了第一个子键,它仍将转到最后一个子键。
答案 0 :(得分:1)
您可以通过在其ID上附加感叹号来强制gpg使用特定键。在你的情况下:
gpg2 -r 0xD39A707D61F13A26! -e doc
您甚至可以要求gpg使用两个键进行加密(这样您就可以使用其中一个相关的公钥进行解密):
gpg2 -r 0xD39A707D61F13A26! -r 0xB305BA41FD1F7793! -e doc
根据Arch系统上安装的联机帮助页(奇怪的是,我无法在其他地方找到相同版本的相同版本):
如何指定用户ID
有多种方法可以为GnuPG指定用户ID。他们中有一些 只对gpg有效,其他只对gpgsm有用。这里是 指定密钥的完整方式列表:
By key Id. This format is deduced from the length of the string and its content or 0x prefix. The key Id of an X.509 certificate are the low 64 bits of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for all automated processing the fingerprint should be used. When using gpg an exclamation mark (!) may be appended to force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use. The last four lines of the example give the key ID in their long form as internally used by the OpenPGP protocol. You can see the long key ID using the option --with-colons.