• 导入钥匙

    导入钥匙

    GPG 私钥可以被复制或者导入进 Yubikey,下面的例子是把私钥导入 Yubikey。

    【译者注:私钥一旦被导入 Yubikey 即无法导出,建议冷备份

    1. gpg --edit-key <keyId>
    2. gpg> toggle
    3. gpg> key 1
    4. gpg> keytocard
    5. Please select where to store the key:
    6. (1) Signature key
    7. (3) Authentication key
    8. Your selection? 1
    9. gpg> key 1
    10. gpg> key 2
    11. gpg> keytocard
    12. Please select where to store the key:
    13. (2) Encryption key
    14. Your selection? 2
    15. gpg> key 2
    16. gpg> key 3
    17. gpg> keytocard
    18. Please select where to store the key:
    19. (3) Authentication key
    20. Your selection? 3
    21. gpg> quit

    确保私钥已经被移动到 Yubikey 中:

    1. gpg --list-secret-keys

    如果你看到 ssb>,它显示的的是 Yubikey 上私钥的存根,意味着导入已经成功。

    然后检查一下设备状态:

    1. gpg --card-status