我正在尝试生成无需密码的无人值守 OpenPGP 密钥,以便在服务器上自动部署安全文件。
手动生成时一切顺利(使用gpg --no-permission-warning --homedir . --gen-key 2>&1
),但在批处理模式下,似乎没有创建任何东西。
以下是测试脚本:
#!/bin/bash
echo '-- Generating entropy'
sudo dd if=/dev/sda of=/dev/null &
TASK_PID=$!
#GPG Key parameters
cat > gpgparams <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: User Name
Name-Email: user@server
Expire-Date: 0
%pubring userserver.pub
%secring userserver.sec
%commit
%echo done
EOF
echo '-- Generating keys'
gpg --no-permission-warning --homedir . --batch --gen-key gpgparams 2>&1
echo "Result: $?"
echo "Files:"
ls -al
echo && echo '-- Killing entropy generator'
sudo kill $TASK_PID
echo && echo '-- Listing keys'
gpg --homedir . --list-keys
echo && echo '-- exporting public key'
gpg --homedir . --export -a user@server > pubkey.txt 2>&1
echo "Files:"
ls -al
echo "Content of public key:"
cat pubkey.txt
echo && echo '-- Printing versions'
echo '> Ubuntu version'
lsb_release -d
echo '> GPG version'
gpg --version --homedir .
结果如下:
-- Generating entropy
-- Generating keys
gpg: keyring `./secring.gpg' created
gpg: keyring `./pubring.gpg' created
gpg: Generating a basic OpenPGP key
........+++++
...............+++++
..+++++
...+++++
gpg: done
Result: 0
Files:
total 28
drwx------ 2 user user 4096 Oct 24 11:12 .
drwxrwxr-x 9 user user 4096 Oct 23 23:11 ..
-rw-rw-r-- 1 user user 232 Oct 24 11:11 gpgparams
-rw------- 1 user user 0 Oct 24 11:11 pubring.gpg
-rw------- 1 user user 600 Oct 24 11:12 random_seed
-rw------- 1 user user 0 Oct 24 11:11 secring.gpg
-rwxrwxr-x 1 user user 918 Oct 24 11:11 testScript.sh
-rw-rw-r-- 1 user user 1461 Oct 24 11:12 userserver.pub
-rw------- 1 user user 2763 Oct 24 11:12 userserver.sec
-- Killing entropy generator
-- Listing keys
gpg: ./trustdb.gpg: trustdb created
-- exporting public key
Files:
total 36
drwx------ 2 user user 4096 Oct 24 11:12 .
drwxrwxr-x 9 user user 4096 Oct 23 23:11 ..
-rw-rw-r-- 1 user user 232 Oct 24 11:11 gpgparams
-rw-rw-r-- 1 user user 31 Oct 24 11:12 pubkey.txt
-rw------- 1 user user 0 Oct 24 11:11 pubring.gpg
-rw------- 1 user user 600 Oct 24 11:12 random_seed
-rw------- 1 user user 0 Oct 24 11:11 secring.gpg
-rwxrwxr-x 1 user user 918 Oct 24 11:11 testScript.sh
-rw------- 1 user user 40 Oct 24 11:12 trustdb.gpg
-rw-rw-r-- 1 user user 1461 Oct 24 11:12 userserver.pub
-rw------- 1 user user 2763 Oct 24 11:12 userserver.sec
Content of public key:
gpg: WARNING: nothing exported
-- Printing versions
> Ubuntu version
Description: Ubuntu 15.04
> GPG version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: .
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
我主要关注的是无人值守密钥生成的文档,它与 gpg 的 2.0 版相关。
我是否遗漏了版本 1 的某些特殊之处?这与熵的产生有关吗?我是不是哪里做错了?
--
以下是使用--secret-keyring
和--keyring
标志的工作脚本:
#!/bin/bash
echo '-- Generating entropy'
sudo dd if=/dev/sda of=/dev/null &
TASK_PID=$!
#GPG Key parameters
cat > gpgparams <<EOF
Key-Type: RSA
Key-Length: 2048
Key-Usage: encrypt
Subkey-Type: RSA
Subkey-Length: 2048
Subkey-Usage: encrypt
Name-Real: User Name
Name-Comment: none
Name-Email: user@server
Expire-Date: 0
%pubring userserver.pub
%secring userserver.sec
%commit
%echo done
EOF
echo '-- Generating keys'
gpg --no-tty --no-permission-warning --homedir . --batch --gen-key gpgparams 2>&1
echo "Result: $?"
echo "Files:"
ls -al
echo && echo '-- Killing entropy generator'
sudo kill $TASK_PID
echo && echo '-- Listing keys'
gpg --homedir . --no-default-keyring --secret-keyring ./userserver.sec --keyring ./userserver.pub --list-secret-keys
echo && echo '-- exporting public key'
gpg --homedir . --no-default-keyring --secret-keyring ./userserver.sec --keyring ./userserver.pub --export -a user@server > pubkey.txt 2>&1
echo "Files:"
ls -al
echo "Content of public key:"
cat pubkey.txt
答案1
查看文件列表,问题实际上似乎有些pubring.gpg
明显secring.gpg
:方式太小(嗯,空的)。
查看原因,在生成密钥时,您userserver.pub
分别指定userserver.sec
为目标,而导出命令使用默认位置pubring.gpg
和运行secring.gpg
。
删除生成参数中的那些行:
%pubring userserver.pub
%secring userserver.sec
或者使用附加参数运行导出(当然还有密钥的列表)--keyring userserver.pub --secret-keyring userserver.sec
。