gpg加密算法适用解析
gpg是一个用户个人加密和签名协议,在gpg协议里面既有对称密码也有非对称密码,对称密码主要是用来加密数据的,非对称密码主要是用来加密对称密码和数字签名的。
数据加密过程,首先随机生成对称密码,然后使用对称密码加密数据,然后使用公钥加密对称密码,将加密以后的数据和对称密码发送给接受者,接受者使用私钥解密对称密码,然后使用对称密码解密信息
数字签名过程,首先计算数据文件的数字摘要,然后使用私钥对数字摘要进行签名,接受者使用同样的算法对数据进行摘要,并用公钥解密签名,然后对比计算出来的摘要和公钥解密出来的摘要如果一致则签名有效,否则无效
第一步生成gpg公钥和私钥
[root@Gate ~]# gpg --gen-key gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: duan xiongchun Email address: duanxiongchun@gmail.com
第二步查看gpg的指纹和公钥
[root@svn ~]gpg --list-key --fingerprint /root/.gnupg/pubring.gpg ------------------------------------------------------------------- pub 2048R/41E38D0D 2014-03-26 key fingerprint = BA55 3B18 64E9 468C BF7E 8AD1 1415 C9AA 41E3 8D0D uid duan xiongchun <duanxiongchun@gmail.com> sub 2048R/259E9D51 2014-03-26
导出gpg公钥数据
gpg --armor --export duanxiongchun > DUANXIONGCHUN-GPG-KEY
到另一台电脑上导入公钥
gpg --import DUANXIONGCHUN-GPG-KEY
数据加密
gpg --encrypt --recipient duanxiongchun install.log
数据解密
gpg --decrypt --recipient duanxiongchun install.log.gpg >> install.gpg
数据签名
gpg --local-user duanxiongchun --clearsign --armor install.log gpg --local-user duanxiongchun --detach-sign install.log
签名验证
gpg --verify --recipient duanxinogchun inistall.log.gpg gpg --decrypt --recipient duanxiongchun install.log.gpg
添加到rpm信任
rpm --import DUANXIONGCHUN-GPG-KEY
签名自己生成的rpm包
echo '%_gpg_name 41E38D0D' > ~/.rpmmacros rpm -resign openssh-keycat-6.4p1-1.el7.x86_64.rpm
上一篇: 菲律宾官网被黑 上面还挂了中国国旗