比如 https://twitter.com/peterktodd 在个人简介贴上了自己的GPG key ID
那么可以根据GPG key ID 从key server查询/下载他的public key:
gpg --search-keys 0x7FAB114267E4FA04
gpg --recv-keys 0x7FAB114267E4FA04
如果只知道邮箱,可以先用邮箱查询。可能返回结果会不唯一,因为可能有些public key已经失效了。下面返回结果中包含从2001年开始创建的多个已经失效的public key。可以从中找出还未失效的一项,再根据这一项的key ID下载public key。
$ gpg --search-keys pete@petertodd.org
gpg: data source: http://keyserver.cns.vt.edu:11371
(1) Peter Todd <pete@petertodd.org>
2048 bit RSA key CCA4F85667E4FA04, created: 2014-06-16, expires: 2016-10-18 (revoked) (expired)
(2) Peter Todd <pete@petertodd.org>
2048 bit RSA key 7FAB114267E4FA04, created: 2012-04-25, expires: 2019-10-13
(3) Peter Todd (low security key) <pete@petertodd.ca>
Peter Todd (low security key) <pete@petertodd.net>
Peter Todd (low security key) <pete@petertodd.org>
1024 bit DSA key A4414DEF7F6D868C, created: 2007-05-01, expires: 2018-10-18 (revoked) (expired)
(4) Peter Todd <pete@petertodd.ca>
Peter Todd <pete@petertodd.net>
Peter Todd <pete@petertodd.org>
1024 bit DSA key DDB3210DB23DC564, created: 2003-07-23, expires: 2013-07-20 (revoked) (expired)
(5) Peter Todd <pete@petertodd.ca>
Peter Todd (formerly retep@penguinpowered.com) <pete@petertodd.ca>
Peter Todd (formerly retep@penguinpowered.com) <pete@retep.yi.org>
1024 bit DSA key 6F4723971C91B0DA, created: 2001-03-21, expires: 2002-03-21 (revoked) (expired)
gpg: Sorry, no terminal at all requested - can't get input
设置key server
key sever有很多个,public key被上传到任意一个key server后,它们之间会互相同步[1],不论用哪个key server都行。如果不指定key server,会默认使用hkps://hkps.pool.sks-keyservers.net,我用国内电脑ping不通,但是用国外的 VPS 可以ping的通。
如果默认的key server不稳定,可以通过参数指定使用其他的key sever[2]:
gpg --keyserver keyserver.cns.vt.edu --recv-keys 0x7FAB114267E4FA04
或者修改配置文件~/.gnupg/gpg.conf:
keyserver keyserver.cns.vt.edu
下面几个key server 用之前可以先 ping 一下试试:
- https://pgp.key-server.io/
- https://keyserver.cns.vt.edu/
- hkp://p80.pool.sks-keyservers.net:80
- keyserver.ubuntu.com
- www.gpg-keyserver.de
