如何在 Gitee 上使用 GPG
GPG Key 生成与导出
Windows
-
生成 GPG Key
输入用户名和邮箱,注意邮箱必须与 Gitee 提交邮箱一致
- 导出
MacOS
-
下载并安装 https://gpgtools.org/
-
生成 GPG Key
输入用户名和邮箱,注意邮箱必须与 Gitee 提交邮箱一致
- 导出公钥
Ubuntu 16.04/18.04
- 安装
sudo apt install gnupg2 # Ubuntu 16.04
sudo apt install gnupg # Ubuntu 18.04
- 生成 GPG Key
gpg2 --full-gen-key # Ubuntu 16.04 gpg 版本 < 2.1.17
gpg --full-generate-key # Ubuntu 18.04 gpg 版本 >= 2.1.17
请选择您要使用的密钥种类:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (仅用于签名)
(4) RSA (仅用于签名)
您的选择?1 <- 选择密钥类型
RSA 密钥长度应在 1024 位与 4096 位之间。
您想要用多大的密钥尺寸?(3072) 3072
您所要求的密钥尺寸是 3072 位
请设定这把密钥的有效期限。
0 = 密钥永不过期
<n> = 密钥在 n 天后过期
<n>w = 密钥在 n 周后过期
<n>m = 密钥在 n 月后过期
<n>y = 密钥在 n 年后过期
密钥的有效期限是?(0) 1y <- 有效期
密钥于 2020 年 05 月 04 日 星期一 14 时 38 分 48 秒 CST 过期
以上正确吗?(y/n) y <- 确定
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
真实姓名:YOUR_NAME <- 用户名
电子邮件地址:gitee@gitee.com <- 邮箱,需要与 Gitee 提交邮箱保持一致
注释:Gitee GPG Key <- 注释
您选定了这个用户标识:
“YOUR_NAME (Gitee GPG Key) <gitee@gitee.com>”
更改姓名 (N)、注释 (C)、电子邮件地址 (E) 或确定 (O)/退出 (Q)?O
gpg: 密钥 B0A02972E266DD6D 被标记为绝对信任
gpg: revocation certificate stored as 'xxx'
公钥和私钥已经生成并经签名。
pub rsa3072 2019-05-05 [SC] [有效至:2020-05-04]
8086B4D21B3118A83CC16CEBB0A02972E266DD6D <- Key ID
uid likui (Gitee GPG Key) <gitee@gitee.com>
sub rsa3072 2019-05-05 [E] [有效至:2020-05-04]
- 导出 GPG 公钥
gpg --armor --export 8086B4D21B3118A83CC16CEBB0A02972E266DD6D
GPG Key 配置与使用
- 配置 Git
git config --global user.signingkey 8086B4D21B3118A83CC16CEBB0A02972E266DD6D
- 添加到 Gitee 账户
GPG 公钥验证状态,GPG 邮箱为当前用户已激活邮箱验证才能通过:
删除
仅移除 GPG 公钥,验证通过的 Commit 签名状态保持不变注销
移除 GPG 公钥并且将已验证的 Commit 签名状态修改为未验证
- 使用 GPG 签名进行提交
git commit -S -m "YOUR COMMIT MESSAGE"
git log --show-signature # 查看签名状态
4.查看签名状态
- Commit 验证通过的条件为:commit 提交邮箱与 commit GPG 签名所使用的公钥邮箱一致且 GPG 公钥验证通过。
查看 GPG 公钥
-
输入
https://gitee.com/{username}.gpg
-
选择用户个人资料右上角的设置页面进入安全设置 - GPG 公钥
-
Gitee 平台 GPG 公钥:https://gitee.com/gitee.gpg
如何使用平台 GPG 公钥进行签名验证?
- 导入平台 GPG 公钥
jane@zh ~ (master !*+%) » curl https://gitee.com/gitee.gpg | gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 919 100 919 0 0 1058 0 --:--:-- --:--:-- --:--:-- 1057
gpg: key 4AEE18F83AFDEB23: public key "Gitee (web-flow commit signing.) <noreply@gitee.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
- 将平台 GPG 公钥设置为绝对信任
jane@zh ~ (master !*+%) » gpg --edit-key 63A71EA590E6E55E5ADED924173E9B9CA92EEF8F
gpg (GnuPG) 2.2.29; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa2048/4AEE18F83AFDEB23
created: 2017-08-16 expires: never usage: SC
trust: unknown validity: unknown
[ unknown] (1). Gitee (web-flow commit signing) <noreply@gitee.com>
gpg> trust
pub rsa2048/4AEE18F83AFDEB23
created: 2017-08-16 expires: never usage: SC
trust: unknown validity: unknown
[ unknown] (1). Gitee (web-flow commit signing) <noreply@gitee.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa2048/4AEE18F83AFDEB23
created: 2017-08-16 expires: never usage: SC
trust: ultimate validity: unknown
[ unknown] (1). Gitee (web-flow commit signing) <noreply@gitee.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg>
- 查看 commit 签名状态,
Good signature
表示正常
commit b5fd988cafde32e01cb21662ee3452995674c3d9 (tag: v1.1, tag: v1, tag: k, tag: gpg2, tag: gpg1, tag: KK)
gpg: Signature made 一 11/15 15:07:11 2021 CST
gpg: using RSA key 4AEE18F83AFDEB23
gpg: Good signature from "Gitee (web-flow commit signing.) <noreply@gitee.com>" [ultimate]
Author: bestjane <mr.bestjane@gmail.com>
Date: Mon Nov 15 15:07:11 2021 +0800
Create laravel.yml