GPG memo

gpg_memo.md

鍵の作成

$ gpg --gen-key

いろいろ聞かれるので答える。

鍵をなくした時や盗まれた時に無効化できるように revoke certificate を作る。

$ gpg --gen-revoke -o "revoke.cert" "KeyID"

revoke.cert は秘密の場所に大事に取っておく。

鍵のリスト

公開鍵

$ gpg -k

秘密鍵

$ gpg -K

sec => 'SECret key'
ssb => 'Secret SuBkey'
pub => 'PUBlic key'
sub => 'public SUBkey'

長い key id の表示 --keyid-format LONG

鍵のエクスポート

公開鍵

$ gpg --export -a -o "public.key" "KeyID"

秘密鍵

$ gpg --export-secret-keys -a -o "private.key" "KeyID"

鍵の削除

公開鍵（keyring からの削除）

$ gpg --delete-key "KeyID"

秘密鍵

$ gpg --delete-secret-key "KeyID"

パスフレーズ変更

$ gpg --edit-key "KeyID"
// 鍵の一覧が表示されるので選択
> 1
> passwd
// 新しい passphrase を入力
> save

鍵の期限が迫ってきたら

$ gpg --edit-key "KeyID"
// 鍵の一覧が表示されるので選択
> 1
> expire
// 新しい期限を入力
> save
$ gpg --keyserver pgp.mit.edu --send-keys "KeyID"

参考

鍵の無効化

予め作っておいた revoke.cert を読み込み、keyserver へ送る。

$ gpg --import "revoke.cert"
$ gpg --keyserver pgp.mit.edu --send-keys "KeyID"

更新。

$ LANG=C gpg2 --edit-key D2468DA4689FA7A5FF9F042A86B3D89C07FF496F
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa3072/86B3D89C07FF496F
     created: 2018-10-05  expired: 2020-10-04  usage: SC  
     trust: ultimate      validity: expired
ssb  rsa3072/BB6A68E10C319849
     created: 2018-10-05  expired: 2020-10-04  usage: E   
[ expired] (1). Takashi Kawachi <tkawachi@gmail.com>

gpg> 1

sec  rsa3072/86B3D89C07FF496F
     created: 2018-10-05  expired: 2020-10-04  usage: SC  
     trust: ultimate      validity: expired
ssb  rsa3072/BB6A68E10C319849
     created: 2018-10-05  expired: 2020-10-04  usage: E   
[ expired] (1)* Takashi Kawachi <tkawachi@gmail.com>

gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Fri Jan 20 00:40:58 2023 JST
Is this correct? (y/N) y

sec  rsa3072/86B3D89C07FF496F
     created: 2018-10-05  expires: 2023-01-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa3072/BB6A68E10C319849
     created: 2018-10-05  expired: 2020-10-04  usage: E   
[ultimate] (1)* Takashi Kawachi <tkawachi@gmail.com>

gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.
gpg> key 1

sec  rsa3072/86B3D89C07FF496F
     created: 2018-10-05  expires: 2023-01-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb* rsa3072/BB6A68E10C319849
     created: 2018-10-05  expired: 2020-10-04  usage: E   
[ultimate] (1)* Takashi Kawachi <tkawachi@gmail.com>

gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Fri Jan 20 00:41:45 2023 JST
Is this correct? (y/N) y

sec  rsa3072/86B3D89C07FF496F
     created: 2018-10-05  expires: 2023-01-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb* rsa3072/BB6A68E10C319849
     created: 2018-10-05  expires: 2023-01-19  usage: E   
[ultimate] (1)* Takashi Kawachi <tkawachi@gmail.com>

gpg> save

$ LANG=C gpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys D2468DA4689FA7A5FF9F042A86B3D89C07FF496F
gpg: sending key 86B3D89C07FF496F to hkp://pool.sks-keyservers.net