导入钥匙

GPG 私钥可以被复制或者导入进 Yubikey,下面的例子是把私钥导入 Yubikey。

【译者注:私钥一旦被导入 Yubikey 即无法导出,建议冷备份

  1.  gpg --edit-key <keyId>
  3. gpg> toggle
  4. gpg> key 1
  5. gpg> keytocard
  7. Please select where to store the key:
  8.    (1) Signature key
  9.    (3) Authentication key
  10. Your selection? 1
  12. gpg> key 1
  13. gpg> key 2
  14. gpg> keytocard
  16. Please select where to store the key:
  17.    (2) Encryption key
  18. Your selection? 2
  20. gpg> key 2
  21. gpg> key 3
  22. gpg> keytocard
  24. Please select where to store the key:
  25.    (3) Authentication key
  26. Your selection? 3
  28. gpg> quit

确保私钥已经被移动到 Yubikey 中:

  1.  gpg --list-secret-keys

如果你看到 ssb>,它显示的的是 Yubikey 上私钥的存根,意味着导入已经成功。

然后检查一下设备状态:

  1.  gpg --card-status