使用智能卡/Yubikey 签署消息

使用智能卡/Yubikey 签署消息

因此,我经历了一个非常标准的 GPG 密钥设置过程,然后将addtokey所述密钥移动到 Yubikey 4 上。

现在,在新的设置下,我想尝试使用用这些密钥来签署某些东西。

之后gpg --card-edit > fetch > quit过程中,我得到以下信息:

❯ Desktop gpg --list-keys
/Users/ec/.gnupg/pubring.kbx
----------------------------
pub   rsa2048/0x2BE8A417BF406E87 2018-08-16 [SC] [expires: 2020-08-15]
      Key fingerprint = 3867 0E24 7DC7 5E49 4B48  744E 2BE8 A417 BF40 6E87
uid                   [ unknown] Elliott Cable <[email protected]>
sub   rsa2048/0x7A596C9A746CB1F0 2018-08-16 [E] [expires: 2020-08-15]

❯ Desktop gpg --card-status
Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006075491570000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 07549157
Name of cardholder: Elliott Cable
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : https://keybase.io/elliottcable/key.asc
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: B4F5 4290 6FF0 F1ED CC83  FA8F 8C14 9643 D99F 3060
      created ....: 2018-08-16 18:24:26
Encryption key....: B36C 0811 5520 0A59 6F5D  1F72 03AE 8E13 EAB1 F828
      created ....: 2018-08-16 18:25:02
Authentication key: C149 9C3B 42EE DBCA 0AD5  736E 2341 9C21 21A9 4D0D
      created ....: 2018-08-16 18:25:21
General key info..: [none]

❯ Desktop gpg -sa message.txt
gpg: no default secret key: No public key
gpg: signing failed: No public key

我做错了什么?如何使用这个密钥配置的 Yubikey 来签名?

答案1

您需要使用该-u选项来指定要是。

gpg --sign -u <key-id> message.txt

用于gpg --list-secret-keys获取密钥 ID。

相关内容