## ## 生成一个Key ## 这个Key可以用于 Sign Certify Encrypt Authenticate ## d661cfbeb503:/# gpg --expert --full-generate-key gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
gpg: directory '/root/.gnupg' created Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key (14) Existing key from card Your selection? 8
Possible actions for this RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? A
Possible actions for this RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt Authenticate
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? Q RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: testa Email address: testa@example.com Comment: testa You selected this USER-ID: "testa (testa) <testa@example.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/C59DA9100483F2F71C4238464B3A00756CCA7091.rev' public and secret key created and signed.
d661cfbeb503:/app# gpg --edit-key testa gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu
Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y
sec rsa4096/4B3A00756CCA7091 created: 2026-01-16 expires: never usage: SCEA trust: ultimate validity: unknown [ unknown] (1). testa (testa) <testa@example.com> Please note that the shown key validity is not necessarily correct unless you restart the program. gpg> save Key not changed so no update needed. d661cfbeb503:/app#
d661cfbeb503:/app# gpg --delete-secret-keys testa gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y d661cfbeb503:/app# gpg --list-keys --with-keygrip --keyid-format SHORT [keyboxd] --------- pub rsa4096/6CCA7091 2026-01-16 [SCEA] C59DA9100483F2F71C4238464B3A00756CCA7091 Keygrip = BB5DEEF5B6EDA9C88276A101687AF84D328CC8F4 uid [ultimate] testa (testa) <testa@example.com>
d661cfbeb503:/app# gpg --delete-keys testa gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Delete this key from the keyring? (y/N) y d661cfbeb503:/app# gpg --list-keys --with-keygrip --keyid-format SHORT gpg: checking the trustdb gpg: no ultimately trusted keys found d661cfbeb503:/app#
d661cfbeb503:/app# gpg -d -o in2.txt out.txt.gpg gpg: encrypted with rsa4096 key, ID 4B3A00756CCA7091, created 2026-01-16 "testa (testa) <testa@example.com>" gpg: Signature made Fri Jan 16 07:11:54 2026 UTC gpg: using RSA key C59DA9100483F2F71C4238464B3A00756CCA7091 gpg: Good signature from "testa (testa) <testa@example.com>" [ultimate] d661cfbeb503:/app# ls in.txt in2.txt out.txt.gpg d661cfbeb503:/app# cat in2.txt abc
d661cfbeb503:/app# ssh-keygen -t rsa -b 4096 -C "testb@exmaple.com" Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /app/testb Enter passphrase for "/app/testb" (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /app/testb Your public key has been saved in /app/testb.pub The key fingerprint is: SHA256:wRwKd/0OVS93gZ/tRTU3uVbtVoDIeA2sjxGeTuu4wus testb@exmaple.com The key's randomart image is: +---[RSA 4096]----+ | . . o=.+ o+=*| | o =o.* +. oX| | ..+= o ooX| | *.. . B*| | oS= o .o.| | + . . .| | . o | | o . . | | .Eo.. | +----[SHA256]-----+
d661cfbeb503:/app# gpg --expert --edit-key testa gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa4096/4B3A00756CCA7091 created: 2026-01-16 expires: never usage: SCEA trust: ultimate validity: ultimate [ultimate] (1). testa (testa) <testa@example.com> gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key (14) Existing key from card Your selection? 13 Enter the keygrip: AD30946474C95802071D6A8CBEA8B9779FC8DEA5
Possible actions for this RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? A
Possible actions for this RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt Authenticate
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? E
Possible actions for this RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Authenticate
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? S
Possible actions for this RSA key: Sign Encrypt Authenticate Current allowed actions: Authenticate
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? Q Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 10y Key expires at Mon Jan 14 08:39:48 2036 UTC Is this correct? (y/N) y Really create? (y/N) y
## ## 导出最新的gpg ## d661cfbeb503:/app# gpg -a --export-secret-keys -o testa_b_SECRET.gpg testa d661cfbeb503:/app# gpg -a --export -o testa_b_public.gpg testa ## ## 删除旧的gpg ## d661cfbeb503:/app# gpg --delete-secret-and-public-keys testa testb gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.