0%

gpg

gpg基础使用

安装

https://www.gnupg.org/

常用命令

1
2
3
4
5
6
7
8
9
10
11
12
gpg --list-keys 查看密钥列表

gpg --fingerprint [用户ID] 查看公钥指纹

gpg --armor --output public-key.txt --export [用户ID] 输出公钥

gpg --keyserver hkp://keys.gnupg.net --search-keys [用户ID] 搜索别人的密钥

把自己的公钥上传到公钥服务器,这样别人就可以搜索到自己:
gpg --keyserver hkp://keys.gnupg.net --send-keys EDAF59E6A99B74AF7F57F590F6F1BF7F72991603

用户ID指的是生成自己的公钥和私钥时时设置的用户名,我设置的是OX007

生成公钥与私钥

1
2
3
4
5
6
7
8
9
10
11
12
jun@zhangjunshengdeMacBook-Pro Desktop % gpg --full-generate-key
...经过确认设置,最后提示生成成功:

gpg: key F6F1BF7F72991603 marked as ultimately trusted
gpg: directory '/Users/jun/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/jun/.gnupg/openpgp-revocs.d/EDAF59E6A99B74AF7F57F590F6F1BF7F72991603.rev'
public and secret key created and signed.

pub rsa2048 2019-11-08 [SC]
EDAF59E6A99B74AF7F57F590F6F1BF7F72991603
uid OX007 <[email protected]>
sub rsa2048 2019-11-08 [E]

测试签名

签名:
给 index.php 文件签名后,得到签名文件:index.php.gpg

1
gpg --armor --detach-sign index.php

验证签名:

1
2
3
4
jun@zhangjunshengdeMacBook-Pro Desktop % gpg --verify index.php.asc index.php
gpg: Signature made Fri Nov 8 19:44:48 2019 CST
gpg: using RSA key EDAF59E6A99B74AF7F57F590F6F1BF7F72991603
gpg: Good signature from "OX007 <[email protected]>" [ultimate]

验证PHP源码包签名

1.下载

1
2
wget https://www.php.net/distributions/php-7.3.6.tar.gz
wget https://www.php.net/distributions/php-7.3.6.tar.gz.asc

2.倒入公钥

1
2
3
4
jun@zhangjunshengdeMacBook-Pro Desktop % gpg --keyserver hkp://keys.gnupg.net --recv-key CBAF69F173A0FEA4B537F470D66C9593118BCCB6
gpg: key D66C9593118BCCB6: public key "Christoph M. Becker <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1

3.验证

1
2
3
4
5
6
7
8
jun@zhangjunshengdeMacBook-Pro Desktop % gpg --verify php-7.3.6.tar.gz.asc php-7.3.6.tar.gz
gpg: Signature made Tue May 28 17:45:55 2019 CST
gpg: using RSA key CBAF69F173A0FEA4B537F470D66C9593118BCCB6
gpg: issuer "[email protected]"
gpg: Good signature from "Christoph M. Becker <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CBAF 69F1 73A0 FEA4 B537 F470 D66C 9593 118B CCB6

Good signature表示签名和软件包是匹配的,签名验证成功,但是WARNING提示该密钥未通过可信签名认证,那么本地认证该key即可:

1
gpg --sign-key CBAF69F173A0FEA4B537F470D66C9593118BCCB6

然后再次验证:

1
2
3
4
5
6
7
8
9
10
un@zhangjunshengdeMacBook-Pro Desktop % gpg --verify php-7.3.6.tar.gz.asc php-7.3.6.tar.gz                                      
gpg: Signature made Tue May 28 17:45:55 2019 CST
gpg: using RSA key CBAF69F173A0FEA4B537F470D66C9593118BCCB6
gpg: issuer "[email protected]"
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-06-04
gpg: Good signature from "Christoph M. Becker <[email protected]>" [full]

欢迎关注我的其它发布渠道