如何在 gpg 中查找要与 --export-ssh-key 一起使用的密钥 ID

tag-icon tag-icon command-line ssh gnupg
如何在 gpg 中查找要与 --export-ssh-key 一起使用的密钥 ID

我想使用gpg --export-ssh-key,但我不知道如何提供密钥 ID。我有以下密钥:

> gpg --list-keys --keyid-format SHORT
pub   rsa3072/D54EC263 2022-04-30 [SC]
      7EEC0CEDA1346EDFB258D09B5C3AEC88D54EC263
uid         [ultimate] Firstname Lastname <[email protected]>
sub   rsa3072/AAE31E9D 2022-04-30 [E]

但这些似乎都不起作用:

> gpg --export-ssh-key D54EC263
gpg: key "D54EC263" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
> gpg --export-ssh-key AAE31E9D
gpg: key "AAE31E9D" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
> gpg --export-ssh-key 0xD54EC263
gpg: key "0xD54EC263" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
> gpg --export-ssh-key 0xAAE31E9D
gpg: key "0xAAE31E9D" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
> gpg --export-ssh-key "rsa3072/D54EC263"
gpg: key "rsa3072/D54EC263" not found: No public key
gpg: export as ssh key failed: No public key
> gpg --export-ssh-key "rsa3072/AAE31E9D"
gpg: key "rsa3072/AAE31E9D" not found: No public key
gpg: export as ssh key failed: No public key
> gpg --export-ssh-key 7EEC0CEDA1346EDFB258D09B5C3AEC88D54EC263
gpg: key "7EEC0CEDA1346EDFB258D09B5C3AEC88D54EC263" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key

我究竟做错了什么?

答案1

SSH 密钥是A[uthentication] 子密钥,而密钥中当前存在的只是D54EC263S[ign] 和C[ertify] 密钥以及E[ncryption] 子密钥,因此A必须创建/添加一个子密钥D54EC263

例如:

  • PS $  gpg -K

  C:/Users/JW0914/AppData/Roaming/gnupg/pubring.kbx
  ------------------------------------------------
  sec   rsa4096 2018-12-15 [SC]
        0B6D27185174FF9314DF24A746F7A27A2EAB9D23
  uid           [ultimate] Name <[email protected]>
  ssb>  rsa2048 2018-12-15 [S]
  ssb>  rsa2048 2018-12-15 [E]
  ssb>  rsa2048 2018-12-15 [A]
  ssb   nistp256 2018-12-15 [A]
  ssb   ed25519 2018-12-15 [A]
    如果存储在硬件密钥上(例如上面的 YubiKey),则只有第一个SEA子密钥有效S(每个、EA插槽一个钥匙);如果使用多个 SSH 密钥,请确保最常用的密钥是第一A个子密钥。

gpg --export-ssh-key <hash>将仅导出最后一个A子项 [ed25519],因此,如果存在多个A子项,并且最后一个子项不是要导出的子项,请!在子项末尾使用<hash>!

  1. PS $  gpg --edit-key 2EAB9D23

  Secret key is available.

  sec  rsa4096/46F7A27A2EAB9D23
      created: 2018-12-15  expires: never       usage: SC
      trust: ultimate      validity: ultimate
  ssb  rsa2048/67C181BAC34E1EEB
      created: 2018-12-15  expires: never       usage: S
      card-no: 0000 00000000
  ssb  rsa2048/23046D6912055172
      created: 2018-12-15  expires: never       usage: E
      card-no: 0000 00000000
  ssb  rsa2048/29737E4DC004161B
      created: 2018-12-15  expires: never       usage: A
      card-no: 0000 00000000
  ssb  nistp256/4F2AE89500A1ABC4
      created: 2018-12-15  expires: never       usage: A
  ssb  ed25519/17CDD27C70DFA6B7
      created: 2018-12-15  expires: never       usage: A
  [ultimate] (1). Name <[email protected]>

  gpg> quit


  2. PS $  gpg --export-ssh-key C004161B!

  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+hv8siVQ/1miJTMZ5ZuQ/TD8Geg9zNsUCctJloflkFATQ8dexrjHik0kyw+YJE5zlSs8nCQMlwZCbCPJs5aY7nsvUIGgeTmTNvJ3ORaezNTbeJ2Pooa4gCU7XDMS/FwLcIaKd4vsVgBpBfWQKuu/UTbOwlgO2M2vdtOUL5/mwbxu4oSO3miq9v1ylyiPU3UbCVnb7mctDv+IpjhEWIJV6OdNfSzN2jB2XYx4TvvEud5hNqifYjNPdzjm8S4sNuTEZ49m4juGEHAJoSydYdGDz9p3TNDMMlLtQj9VnL+V4mfUVJQy8Ufy1g0KmwcsLDw29Vv/S+0V8eZXRHzrsUktJ openpgp:0xC004161B

    而没有!
    PS $  gpg --export-ssh-key C004161B

  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrnfDncMjiXBmoVCwnvTVSF6erVZjtArAXZNMfiG/SR openpgp:0x70DFA6B7

相关内容