如何使用 gpg 续订过期的加密子密钥

Question 1

列出你的钥匙。


$ gpg --list-keys
...
-------------------------------
pub   rsa2048 2019-09-07 [SC] [expires: 2020-11-15]
      AF4RGH94ADC84
uid           [ultimate] Jill Doe (CX) <[email protected]>
sub   rsa2048 2019-09-07 [E] [expired: 2019-09-09]

pub   rsa2048 2019-12-13 [SC] [expires: 2020-11-15]
      7DAA371777412
uid           [ultimate] Jill Doe <[email protected]>
-------------------------------
...

我们要编辑密钥 AF4RGH94ADC84。该子项是列表中名为的第二个子项ssb


$ gpg --edit-key AF4RGH94ADC84

gpg> list

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

所以我们要编辑第一个子项（ssb）

ssb  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

当您选择键 (1) 时，您应该会看到其旁边的 *，例如ssb*。然后就可以设置过期时间然后保存了。

gpg> key 1

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb*  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

gpg> expire
...

Changing expiration time for a subkey.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years

Key is valid for? (0) 2y
Key expires at Wed 9 Sep 16:20:33 2021 GMT
Is this correct? (y/N) y

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb*  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expires: 2021-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
...

gpg> save

退出前不要忘记保存更改！

Answer

列出你的钥匙。


$ gpg --list-keys
...
-------------------------------
pub   rsa2048 2019-09-07 [SC] [expires: 2020-11-15]
      AF4RGH94ADC84
uid           [ultimate] Jill Doe (CX) <[email protected]>
sub   rsa2048 2019-09-07 [E] [expired: 2019-09-09]

pub   rsa2048 2019-12-13 [SC] [expires: 2020-11-15]
      7DAA371777412
uid           [ultimate] Jill Doe <[email protected]>
-------------------------------
...

我们要编辑密钥 AF4RGH94ADC84。该子项是列表中名为的第二个子项ssb


$ gpg --edit-key AF4RGH94ADC84

gpg> list

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

所以我们要编辑第一个子项（ssb）

ssb  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

当您选择键 (1) 时，您应该会看到其旁边的 *，例如ssb*。然后就可以设置过期时间然后保存了。

gpg> key 1

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb*  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

gpg> expire
...

Changing expiration time for a subkey.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years

Key is valid for? (0) 2y
Key expires at Wed 9 Sep 16:20:33 2021 GMT
Is this correct? (y/N) y

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb*  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expires: 2021-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
...

gpg> save

退出前不要忘记保存更改！

Question 2

gpg (2.2.41) 中有一个（较新的？）选项，您可以仅使用以下命令一次性扩展所有子项：
gpg --quick-set-expire <1> <2> <3>

意义：

<1> 您的密钥指纹（来自gpg --list-secret-keys）
<2> 您希望将过期期限延长多长时间
<3> 可选地，要延长的子密钥指纹（'*'以延长所有未过期的子密钥）

例如：
gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w '*'

Answer

gpg (2.2.41) 中有一个（较新的？）选项，您可以仅使用以下命令一次性扩展所有子项：
gpg --quick-set-expire <1> <2> <3>

意义：

<1> 您的密钥指纹（来自gpg --list-secret-keys）
<2> 您希望将过期期限延长多长时间
<3> 可选地，要延长的子密钥指纹（'*'以延长所有未过期的子密钥）

例如：
gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w '*'

Question 3

我通过安装和使用 openPGP 解决了这个问题。点击“过期”按钮；它不接受“永不过期”，但您可以设置未来的日期。

Answer

我通过安装和使用 openPGP 解决了这个问题。点击“过期”按钮；它不接受“永不过期”，但您可以设置未来的日期。

如何使用 gpg 续订过期的加密子密钥

答案1

答案2

答案3

相关内容