我从 keybase.io 下载了我的私钥块(保存在文件 keybase.ppk 中)。它以以下内容开头:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: Keybase OpenPGP v2.0.49
我现在想创建一个 ssh 密钥对,这样我就可以将公钥放在远程服务器上,并使用私钥登录。如何在 Linux 上执行此操作?
我尝试了在网上找到的各种方法,但我所学到的只是,我对当代密码学的应用和标准的理解非常有限:-/
答案1
经过进一步的谷歌搜索后,我终于明白了这个答案的含义:
https://security.stackexchange.com/a/9635
为了得出这个答案,需要事先做好以下工作:
gpg --import .ssh/keybase.ppk
之后,我做了:
gpg --edit-key D937A057 # removing password
gpg --export D937A057 | openpgp2ssh D937A057 > keybase.pub # generating public key
gpg --export-secret-key D937A057 | openpgp2ssh D937A057 > keybase # generating private key
gpg --delete-secret-key D937A057 # cleanup
有人会认为有更简单的方法可以做到这一点。花了整整 2 个小时才弄清楚……
答案2
GPG 可以以 OpenSSH 格式导出密钥。根据手册页:
--export-ssh-key
This command is used to export a key in the OpenSSH public key format. It requires the specification of one key by
the usual means and exports the latest valid subkey which has an authentication capability to STDOUT or to the file
given with option --output. That output can directly be added to ssh's ‘authorized_key’ file.
By specifying the key to export using a key ID or a fingerprint suffixed with an exclamation mark (!), a specific sub‐
key or the primary key can be exported. This does not even require that the key has the authentication capability
flag set.