1. key、public key、private key
文档: http://en.wikipedia.org/wiki/Public-key_cryptography
gpg使用--gen-key 命令生成的key种类有:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
DSA and Elgamal支持加密和签名
单独的DSA、RSA只支持签名
2. 加密与签名
关于签名与加密这两个概念需要明白:
Use of these keys allows protection of the authenticity of a message by creating a digital signature of a message using the private key, which can be verified using the public key. It also allows protection of the confidentiality and integrity of a message, by public key encryption, encrypting the message using the public key, which can only be decrypted using the private key.
private key 加密, public key解密,称为签名
public key 加密, private key解密, 称为加密
II. key管理
1. 查看
分为public key的查看和private key的查看:
[jessinio@niowork ~]$ gpg --list-keys
/home/jessinio/.gnupg/pubring.gpg
---------------------------------
pub 1024D/140A3126 2011-01-26
uid jessinio.liang (liang qingxi)
sub 2048g/94134411 2011-01-26
[jessinio@niowork ~]$ gpg --list-secret-keys
/home/jessinio/.gnupg/secring.gpg
---------------------------------
sec 1024D/140A3126 2011-01-26
uid jessinio.liang (liang qingxi)
ssb 2048g/94134411 2011-01-26
2. 导出/导入/删除
也分为private key和public key:
[jessinio@niowork ~]$ gpg --armor --export 140A3126
[jessinio@niowork ~]$ gpg --armor --export-secret-key 140A3126
同理,删除是使用--delete-key和--delete-secret-key子命令完成。
II. key使用
1. 签名
使用jessinio@gmail.com的private key签名
$ gpg --output doc.sig --sign doc
用户jessinio测试数据:
[jessinio@niowork ~]$ gpg --verify doc.gpg
gpg: Signature made Fri 28 Jan 2011 02:31:06 PM CST using DSA key ID 140A3126
gpg: Good signature from "jessinio.liang (liang qingxi)
用户jessinio解开签名数据:
[jessinio@niowork ~]$ gpg --output doc --decrypt doc.gpg
1.1 detach sign
签名后的数据在没有解开的情况下是无法使用的, 所以有时为了方便数据的查看, 会把签名与数据分开, 这种叫detach sign
2. 加密/解密
使用jessinio@gmail.com的public key加密
$ gpg --output doc.gpg --encrypt --recipient jessinio@gmail.com doc
解密与解开签名了的数据是一样行为。
3. 对称加密
[jessinio@niowork tmp]$ gpg --output 11 -c testfile.tar.gz
[jessinio@niowork tmp]$ file 11
11: DOS executable (COM)
[jessinio@niowork tmp]$ diff testfile.tar.gz 11
Binary files testfile.tar.gz and 11 differ
[jessinio@niowork tmp]$ gpg --output 11.tar.gz -d 11
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
[jessinio@niowork tmp]$ diff 11.tar.gz testfile.tar.gz
[jessinio@niowork tmp]$
gpg的完整使用手册: http://www.gnupg.org/gph/en/manual.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.