綾小路龍之介の素人思考

[pgp] 副鍵(sub)の追加

pgpで副鍵を追加する方法。副鍵ってどうして必要なんだろう。

まずは現在の鍵の情報を確認。今のところ副鍵は1つ。

$ gpg --list-key XXXXXXXX
pub   4096R/XXXXXXXX 2012-02-10
uid                  AYANOKOUZI, Ryuunosuke
uid                  AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>
sub   4096R/YYYYYYYY 2012-02-10

この鍵に副鍵を追加する。途中でこの鍵のパスフレーズと、新しい副鍵のパスフレーズを聞かれる。

$ gpg --edit-key XXXXXXXX
gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  4096R/XXXXXXXX  created: 2012-02-10  expires: never       usage: SC
                     trust: ultimate      validity: ultimate
sub  4096R/YYYYYYYY  created: 2012-02-10  expires: never       usage: E
[ultimate] (1). AYANOKOUZI, Ryuunosuke
[ultimate] (2)  AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>

gpg> addkey
Key is protected.

You need a passphrase to unlock the secret key for
user: "AYANOKOUZI, Ryuunosuke"
4096-bit RSA key, ID XXXXXXXX, created 2012-02-10

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection?
Invalid selection.
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 281 more bytes)
..........+++++
..+++++

pub  4096R/XXXXXXXX  created: 2012-02-10  expires: never       usage: SC
                     trust: ultimate      validity: ultimate
sub  4096R/YYYYYYYY  created: 2012-02-10  expires: never       usage: E
sub  2048R/ZZZZZZZZ  created: 2012-02-10  expires: never       usage: S
[ultimate] (1). AYANOKOUZI, Ryuunosuke
[ultimate] (2)  AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>

gpg> quit
Save changes? (y/N) y

最後に変更内容の確認。副鍵が追加されたことがわかる。

$ gpg --list-key XXXXXXXX
pub   4096R/XXXXXXXX 2012-02-10
uid                  AYANOKOUZI, Ryuunosuke
uid                  AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>
sub   4096R/YYYYYYYY 2012-02-10
sub   2048R/ZZZZZZZZ 2012-02-10

リファレンス

  1. S/MIMEでセキュアな電子メール環境をつくる!
  2. 研修で教えてくれない!:第18回「PGP? S/MIME? 電子署名の違いを学ぶ」 - ITmedia Biz.ID
  3. What is "PGP"
  4. How to add and delete key components with GnuPG

ソーシャルブックマーク

  1. はてなブックマーク
  2. Google Bookmarks
  3. del.icio.us

ChangeLog

  1. Posted: 2010-04-16T08:49:48+09:00
  2. Modified: 2010-04-16T08:49:48+09:00
  3. Generated: 2017-03-14T23:09:16+09:00