gpt4 book ai didi

gnupg - 是否可以(本地)使用签名子 key 对 UID 进行签名

转载 作者:行者123 更新时间:2023-12-01 14:07:30 25 4
gpt4 key购买 nike

我正在尝试为系统帐户添加信任(以在使用它来使用该 key 加密数据时停止烦人的消息)。我已经设置了子 key 和一个离线主 key :

$ gpg --edit-key AAAAAAAA
[...]
Secret key is available.

pub 4096R/AAAAAAAA created: 2015-09-09 expires: never usage: SC
trust: ultimate validity: ultimate
sub 4096R/BBBBBBBB created: 2015-09-09 expires: never usage: E
sub 4096R/CCCCCCCC created: 2015-09-09 expires: never usage: S
sub 4096R/DDDDDDDD created: 2015-09-09 expires: never usage: A

$ gpg --list-secret-keys
sec# 4096R/AAAAAAAA 2015-09-09
uid $NAME <$EMAIL>
ssb 4096R/BBBBBBBB 2015-09-09
ssb 4096R/CCCCCCCC 2015-09-09
ssb 4096R/DDDDDDDD 2015-09-09

如果我想签署一份文件,我可以使用:

$ gpg --encrypt --sign --recipient AAAAAAAA --local-user CCCCCCCC! --output out.gpg in.gpg

它完全使用指定的子 key 进行签名(尽管在这种情况下 AAAAAAAA 实际上不可用,因此在任何情况下都不能使用)。但是,如果我尝试执行类似于 lsign 另一个 UID 的操作:

$ gpg --lsign-key --local-user CCCCCCCC! 'Mentor Root'                                                                                                                          

pub 4096R/DDDDDDDD created: 2015-09-14 expires: never usage: SC
trust: undefined validity: unknown
sub 4096R/EEEEEEEE created: 2015-09-14 expires: never usage: E
[ unknown] (1). $OTHER_NAME <$OTHER_EMAIL>


pub 4096R/DDDDDDDD created: 2015-09-14 expires: never usage: SC
trust: undefined validity: unknown
Primary key fingerprint: DDDD DDDD DDDD DDDD DDDD DDDD DDDD DDDD DDDD DDDD

$OTHER_NAME <$OTHER_EMAIL>

Are you sure that you want to sign this key with your
key "$NAME <$EMAIL>" (AAAA)

The signature will be marked as non-exportable.

Really sign? (y/N) y
gpg: secret key parts are not available
gpg: signing failed: general error

Key not changed so no update needed.

这只是 gpg 的硬性限制,还是我遗漏了某些步骤?

(或者同样有可能,我是否完全误解了这一切的意图?)

编辑:CCCCCCCC 子键不具有 C 能力只是简单吗?有没有可能有一个具有C能力的子项(粗略搜索似乎不是)?

最佳答案

只有主键才有C的认证能力。您不能使用子 key 签署(认证) key /用户 ID。

来自 RFC 4880, OpenPGP, 12.1 Key Structures :

In a V4 key, the primary key MUST be a key capable of certification.The subkeys may be keys of any other type.

数学上可能允许认证子 key ,但标准阻止了它。

关于gnupg - 是否可以(本地)使用签名子 key 对 UID 进行签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32565954/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com