欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

gpg加密算法适用解析

程序员文章站 2022-03-15 23:09:29
在使用红帽系统的yum安装包时,有一个选项是gpgcheck选项,在刚开始学习时,我都是默认关闭该选项,最近终于明白gpg怎么使用了 gpg是一个用户个人加密和签名协议,在gpg...
在使用红帽系统的yum安装包时,有一个选项是gpgcheck选项,在刚开始学习时,我都是默认关闭该选项,最近终于明白gpg怎么使用了

gpg是一个用户个人加密和签名协议,在gpg协议里面既有对称密码也有非对称密码,对称密码主要是用来加密数据的,非对称密码主要是用来加密对称密码和数字签名的。

数据加密过程,首先随机生成对称密码,然后使用对称密码加密数据,然后使用公钥加密对称密码,将加密以后的数据和对称密码发送给接受者,接受者使用私钥解密对称密码,然后使用对称密码解密信息

数字签名过程,首先计算数据文件的数字摘要,然后使用私钥对数字摘要进行签名,接受者使用同样的算法对数据进行摘要,并用公钥解密签名,然后对比计算出来的摘要和公钥解密出来的摘要如果一致则签名有效,否则无效

第一步生成gpg公钥和私钥

[root@Gate ~]# gpg --gen-key gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: duan xiongchun Email address: duanxiongchun@gmail.com

 

第二步查看gpg的指纹和公钥

[root@svn ~]gpg --list-key --fingerprint /root/.gnupg/pubring.gpg ------------------------------------------------------------------- pub 2048R/41E38D0D 2014-03-26 key fingerprint = BA55 3B18 64E9 468C BF7E 8AD1 1415 C9AA 41E3 8D0D uid duan xiongchun <duanxiongchun@gmail.com> sub 2048R/259E9D51 2014-03-26

 

导出gpg公钥数据

gpg --armor --export duanxiongchun > DUANXIONGCHUN-GPG-KEY

到另一台电脑上导入公钥

gpg --import DUANXIONGCHUN-GPG-KEY

 

数据加密

gpg --encrypt --recipient duanxiongchun install.log

数据解密

gpg --decrypt --recipient duanxiongchun install.log.gpg >> install.gpg

数据签名

gpg --local-user duanxiongchun --clearsign --armor install.log gpg --local-user duanxiongchun --detach-sign install.log

 

签名验证

gpg --verify --recipient duanxinogchun inistall.log.gpg gpg --decrypt --recipient duanxiongchun install.log.gpg

添加到rpm信任

rpm --import DUANXIONGCHUN-GPG-KEY

签名自己生成的rpm包

echo '%_gpg_name 41E38D0D' > ~/.rpmmacros rpm -resign openssh-keycat-6.4p1-1.el7.x86_64.rpm