SciTech-BigDataAIML-Github-Generating a new GPG key
Generating a new GPG key
Generating a new GPG key
If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.
TOC(Table of Contents)
In this article
- Generating a GPG key
- Further reading
- Supported GPG key algorithms
GitHub supported several GPG key algorithms
If you try to add a key generated with an unsupported algorithm, you may encounter an error.
- RSA
- ElGamal
- DSA
- ECDH
- ECDSA
- EdDSA
Generating a GPG key
Note: Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG. For more information, see "Verifying your email address."
-
Download and install the GPG command line tools command line tools for your operating system. We generally recommend installing the latest version for your operating system.
-
Open Terminal.
-
Generate a GPG key pair. Since there are multiple versions of GPG, you may need to consult the relevant man page to find the appropriate key generation command.
- If you are on version 2.1.17 or greater, paste the text below to generate a GPG key pair.
Shell :gpg --full-generate-key - If you are not on version 2.1.17 or greater, the
gpg --full-generate-keycommand doesn't work.
Paste the text below and skip to step 6.
Shell:gpg --default-new-key-algo rsa4096 --gen-key
- If you are on version 2.1.17 or greater, paste the text below to generate a GPG key pair.
-
At the prompt, specify
the kind of keyyou want, or pressEnterto accept thedefault. -
At the prompt, specify
the key sizeyou want, or pressEnterto accept thedefault. -
Enter the
length of timethe key should be valid. PressEnterto specify thedefaultselection, indicating that thekey doesn't expire. Unless you require an expiration date, we recommend accepting this default. -
Verify that your selections are correct.
-
Enter your user ID information.
Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. To keep your email address private, use your GitHub-provided no-reply email address. For more information, see "Verifying your email address" and "Setting your commit email address."
-
Type a secure passphrase.
-
Use the
gpg --list-secret-keys --keyid-format=longcommand,
to listthe long form of the GPG keys,
for which you haveboth a public and private key.
A private keyis required forsigning commits or tags.
Shell:gpg --list-secret-keys --keyid-format=longNote: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.
-
From the list of GPG keys, copy the long form of the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:
Shell:$ gpg --list-secret-keys --keyid-format=long /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] uid Hubot <hubot@example.com> ssb 4096R/4BB6D45482678BE3 2016-03-10 -
Paste the text below, substituting in the
GPG key IDyou'd like to use. In this example, the GPG key ID is3AA5C34371567BD2:gpg --armor --export 3AA5C34371567BD2 # Prints the GPG key ID, in ASCII armor format -
Copy your
GPG key, beginning with-----BEGIN PGP PUBLIC KEY BLOCK-----and ending with-----END PGP PUBLIC KEY BLOCK-----.
Sample Interaction with gpg:
**$ gpg --full-generate-key**
gpg (GnuPG) 2.2.40; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Abael He
Email address: abaelhe@icloud.com
Comment:
You selected this USER-ID: "Abael He <abaelhe@icloud.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/5E1A6E1D77B81072AD2AAC4AD2604453D5F3027D.rev'
**public and secret key created and signed**.
pub rsa4096 2024-09-27 [SC]
5E1A6E1D77B81072AD2AAC4AD2604453D5F3027D
uid Abael He <abaelhe@icloud.com>
sub rsa4096 2024-09-27 [E]
**$ gpg --list-secret-keys --keyid-format=long**
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/root/.gnupg/pubring.kbx
------------------------
sec rsa4096/D2604453D5F3027D 2024-09-27 [SC]
5E1A6E1D77B81072AD2AAC4AD2604453D5F3027D
uid [ultimate] Abael He <abaelhe@icloud.com>
ssb rsa4096/2339955A5BFA7243 2024-09-27 [E]
**$ gpg --armor --export D2604453D5F3027D**
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
**$ gpg --armor --export D2604453D5F3027D > ~/gpg_rsa4096.pubkey**
浙公网安备 33010602011771号