gpg (GnuPG) 2.3.4; Copyright (C) 2021 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key (14) Existing key from card Your selection? 11
# 推荐使用 ECC 算法
Possible actions for this ECC key: Sign Certify Authenticate Current allowed actions: Sign Certify
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? s
# 主密钥只保留 Certify 功能,其他功能使用子密钥
Possible actions for this ECC key: Sign Certify Authenticate Current allowed actions: Certify
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y
# 主密钥永不过期即可
Real name: Editst Email address: editst@example.com Comment: You selected this USER-ID: "Editst <editst@example.com>"
# 这里按实际情况填写,注意保护自己的隐私
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
# Windnows 下会弹出窗口输入密码,注意一定要保管好!!!
gpg: revocation certificate stored as 'C:\\Users\\XXX\\AppData\\Roaming\\gnupg\\openpgp-revocs.d\\68697537A54B1F0BFC05E1D9787E848E1A98D086.rev' public and secret key created and signed.
gpg --edit-key 787E848E1A98D086 gpg (GnuPG) 2.3.4; Copyright (C) 2021 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec ed25519/787E848E1A98D086 created: 2022-01-01 expires: never usage: C trust: ultimate validity: ultimate ssb ed25519/055917609C9C0D7B created: 2022-01-01 expires: 2024-01-01 usage: S ssb ed25519/05F4A6C335157258 created: 2022-01-01 expires: 2024-01-01 usage: A ssb cv25519/C5B8214C3AD21C6C created: 2022-01-01 expires: 2024-01-01 usage: E [ultimate] (1). Editst <editst@example.com>
gpg> key 1 # 首先选中第一个子密钥
gpg> keytocard Please select where to store the key: (1) Signature key (3) Authentication key Your selection? 1 # 选择对应插槽
gpg> key 1 gpg> key 2 gpg> keytocard Please select where to store the key: (3) Authentication key Your selection? 3 gpg> key 2 gpg> key 3 gpg> keytocard Please select where to store the key: (2) Encryption key Your selection? 2
gpg/card> help quit quit this menu admin show admin commands help show this help list list all available data name change card holder's name url change URL to retrieve key fetch fetch the key specified in the card URL login change the login name lang change the language preferences salutation change card holder's salutation cafpr change a CA fingerprint forcesig toggle the signature force PIN flag generate generate new keys passwd menu to change or unblock the PIN verify verify the PIN and list all data unblock unblock the PIN using a Reset Code factory-reset destroy all keys and data kdf-setup setup KDF for PIN authentication (on/single/off) key-attr change the key attribute uif change the User Interaction Flag