Пятница, 20 ноября 2009 г.

Ключики OpenPGP

Просмотров: 1776 | Подписаться на комментарии по RSS |

Создаем ключик и отвечаем на всякую бяку, которую бедет задовать приложение.

test@eeepc:~$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright © 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keyring `/home/test/.gnupg/secring.gpg' created
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Test User
Email address: test@host.local
Comment: Test Key
You selected this USER-ID:
    "Test User (Test Key) <test@host.local>"
Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)
+++++
..............+++++
gpg: key 22FC0647 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/22FC0647 2009-09-22
      Key fingerprint = 3AC2 E942 BECB 25D6 6BDE  CAE1 FADA CF01 22FC 0647
uid                  Test User (Test Key) <test@host.local>
Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.

Просматриваем только что созданный ключик.

test@eeepc:~$ gpg --list-keys
/home/test/.gnupg/pubring.gpg
-----------------------------
pub   2048R/22FC0647 2009-09-22
uid                  Test User (Test Key) <test@host.local>

Добовляем подключь для шифрования сообщений, без него содержимое не будет шифроваться.

test@eeepc:~$ gpg --edit-key 22FC0647
gpg (GnuPG) 1.4.9; Copyright © 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub  2048R/22FC0647  created: 2009-09-22  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
[ultimate] (1). Test User (Test Key) <test@host.local>
Command> addkey
Key is protected.
You need a passphrase to unlock the secret key for
user: "Test User (Test Key) <test@host.local>"
2048-bit RSA key, ID 22FC0647, created 2009-09-22
can't connect to `/tmp/seahorse-p6b7Lu/S.gpg-agent': Permission denied
gpg: can't connect to `/tmp/seahorse-p6b7Lu/S.gpg-agent': connect failed
Please select what kind of key you want:
   (2) DSA (sign only)
   (4) Elgamal (encrypt only)
   (5) RSA (sign only)
   (6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
+++++
pub  2048R/22FC0647  created: 2009-09-22  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/181C374D  created: 2009-09-22  expires: never       usage: E   
[ultimate] (1). Test User (Test Key) <test@host.local>
Command> save

Еще разок смотрим что мы тут намутили.

test@eeepc:~$ gpg --list-keys
/home/test/.gnupg/pubring.gpg
-----------------------------
pub   2048R/22FC0647 2009-09-22
uid                  Test User (Test Key) <test@host.local>
sub   2048R/181C374D 2009-09-22

Создаем отзывающий кертс и тарим его от чужих глаз.

test@eeepc:~$ gpg --output revoke.asc --gen-revoke 22FC0647
sec  2048R/22FC0647 2009-09-22 Test User (Test Key) <test@host.local>
Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 1
Enter an optional description; end it with an empty line:
> 
Reason for revocation: Key has been compromised
(No description given)
Is this okay? (y/N) y
You need a passphrase to unlock the secret key for
user: "Test User (Test Key) <test@host.local>"
2048-bit RSA key, ID 22FC0647, created 2009-09-22
can't connect to `/tmp/seahorse-p6b7Lu/S.gpg-agent': Permission denied
gpg: can't connect to `/tmp/seahorse-p6b7Lu/S.gpg-agent': connect failed
ASCII armored output forced.
File `revoke.asc' exists. Overwrite? (y/N) y
Revocation certificate created.
Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!

Содержимое отзывного кертса.

test@eeepc:~$ cat revoke.asc 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: A revocation certificate should follow
iQEfBCABAgAJBQJKuP2nAh0CAAoJEPrazwEi/AZHijQH/3SMJxJg/pz2c/39WC4G
soIvqp7g6l+5zt+XQNfCFqku2HvvQLONzXaJ/xPcVi81dsWOkjBedw8ftT9XTWoi
5VO7BpUy7GLV8vu0eXmxokEMDNr/DMzCfh3nNMOXizG2wsanXWIeIpGyzYdR9WQa
JXyYWpkrjCirPAPIdRKRg+aICg+QcxHPbY+Stv898nH8zDI6P6Sx5amMMcBbp5qC
5mYoTvwVf9qh6tM4JacbxF9ViaUdB79R2Ha1oQ5CT9v6EeeK0QmPC37GzkcQ6PCp
8Z5UUg1Ls8GhsHzmPN8RERJ2I7iv2PvxwfQT1aatkx2jg54bxXIMxO7EK0ZUWxs8
qo8=
=UXdo
-----END PGP PUBLIC KEY BLOCK-----
test@eeepc:~$

Экспортируем публичный ключик.

test@eeepc:~$ gpg --armor --export 22FC0647
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQENBEq4+GUBCADdW+uF06hKVnKTkl2e7IM5UMlin7/GrVUapZ9oYzNhcka8RPPT
FcUTjZ0bHIT5l3SOWAk+ibEH+IEwFtbNwv3TybOqtrPAOERvdRg+5Bw0bW20U6ZG
URvL94CfawhU+Z/TfdoAJcqNVnSvcbW5hnUS6OgSJBIyhk1YtZN3IuLrBrcje4R0
3KZ6tmBIjPSDmfSZWsAIC5BjST0+dNU8/M4dwnAqH/OpGauaQNZptxmE8q89/L/g
5NY5iWYOefHMQf1yLZTRF/FVgQEWyzbFxCCbmgw5IqCfqxSTRYAWCzexYNe3KR8J
8uia6YcfOnejx9ngV0P/f56ABcS5bkWTu4+BABEBAAG0JlRlc3QgVXNlciAoVGVz
dCBLZXkpIDx0ZXN0QGhvc3QubG9jYWw+iQE2BBMBAgAgBQJKuPhlAhsDBgsJCAcD
AgQVAggDBBYCAwECHgECF4AACgkQ+trPASL8BkfC7wf9EFs487xwD3JUGoQc5t7G
+RZJGgziMZXiKAbhFv0VXMzMCARiJRuV0yL1MByKbzpn9/ZszA2aiHiPL7TZqv5H
uysiqg0fG1/yaPi/IPNTSVVSSYyFwe4eZgqX+1NIY9gv8aRXLAH+O+/q9cVyvT+T
aU1dlQF0F4ciVICX/P3Er/8rftMBCYxuYeJJRVNOeGmb5a79hXW8bUs2EEJPEcTD
DqdiQ+MwnQBCYiSYUHpwys2pL64sVcZ//+y0iRXOTl+4PipejYvEdqhhsQp2slGX
EF/KmXfLpDhQXmt04BTrDlr2CpnZJ+n1LZcwWGB9wLQ5/7VwSMxLda6II5l81Sty
oLkBDQRKuPmvAQgA8nCIZH46p5FEXwDow/jMq7aV1EVP/HkR8tQh/sihgECcif2j
hhTGg8Ed9lte89ayin5RCdJm5HwRVaRo7llixsXKI28JGSd73YeBFKIC8/hbLjiZ
Bl8oz4sTWlB70IHLaxb1gpddcNL8hgSIu2xbJMGzLnvKE5LCXKa2lThQzr88rHrF
PFtkvKnDLmaDxrD/rxPfHSkKbU/FcXG5mhEMPPwiWxNxIz9s5vqC9404YW4nJzca
y6P0xgfHODNq5KXyopkwFr7YYsSwfIHdhEIAYDLAOjM5SUouA9VLVvyB6sqZjeeS
KKD5FQPQGoDPn43R1AV9IMcZGYgjoGHFFBORIQARAQABiQEfBBgBAgAJBQJKuPmv
AhsMAAoJEPrazwEi/AZH8soIAIReCEpBW42DMJ8Zl62UuAZPOySgncVYV74oGe+p
9XNMyPG9FQcT/XL+hFnyqyRy4w4zTOzhyx8u5WSwFQ5uJLz+J0k4cxmDFy54XSqp
EhfvU0OnvfEVvwvdVzQAiAjdJ71njgxI9dZQEC5r6a7wg9Ky3IwiRYDiF0juIybg
gRbFjX2ngKRANdSzNaXeVeJqRN3H4DqDdTuXnU6frnphQ1tvNLpw5kDGuv6rok9T
EqER/tlFzLF94G4X9k9Lp2+6I2f5jO8+sgGLSmNXi4laD3oLvAemrIh61Dn5sWQC
PVlJYT3pPPdS6qHaWP4OQ6Qpr606o4mOkueMC8CCxVq2zE4=
=cyJN
-----END PGP PUBLIC KEY BLOCK-----

Отправляем его кому надо или заливаем на публичный сервер.

gpg --send-key 22FC0647 # ну думаю тестовый ключик не стоит в паблик выкладывать=)
gpg --search 22FC0647 # поиск 22FC0647 на публичных серверах
gpg --recv-key 22FC0647 # импорт 22FC0647 с публичного сервера

Импорт ключа из файла blabla.asc

gpg --import blabla.asc

Проверка подлинности.

test@eeepc:~$  gpg --fingerprint
/home/test/.gnupg/pubring.gpg
-----------------------------
pub   2048R/22FC0647 2009-09-22
      Key fingerprint = 3AC2 E942 BECB 25D6 6BDE  CAE1 FADA CF01 22FC 0647
uid                  Test User (Test Key) <test@host.local>
sub   2048R/181C374D 2009-09-22

Передаем этот отпечаток 3AC2 E942 BECB 25D6 6BDE CAE1 FADA CF01 22FC при встрече или по телефону, ну кому как удобно…

Подпись.

После импорта публичного ключика делаем.

gpg --default-key 22FC0647 --edit-key ID #ID импортируемомогу ключика, после этого выйдет строка инторпритатора и там вводим что-то вроде такого.
>sign
всякая ересь
-----------
----//-----
-----------
>save

Экспортируем секретный ключик и тарим его в секретное место

test@eeepc:~$ gpg --armor --export-secret-key 22FC0647
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
lQO9BEq4+GUBCADdW+uF06hKVnKTkl2e7IM5UMlin7/GrVUapZ9oYzNhcka8RPPT
FcUTjZ0bHIT5l3SOWAk+ibEH+IEwFtbNwv3TybOqtrPAOERvdRg+5Bw0bW20U6ZG
URvL94CfawhU+Z/TfdoAJcqNVnSvcbW5hnUS6OgSJBIyhk1YtZN3IuLrBrcje4R0
3KZ6tmBIjPSDmfSZWsAIC5BjST0+dNU8/M4dwnAqH/OpGauaQNZptxmE8q89/L/g
5NY5iWYOefHMQf1yLZTRF/FVgQEWyzbFxCCbmgw5IqCfqxSTRYAWCzexYNe3KR8J
8uia6YcfOnejx9ngV0P/f56ABcS5bkWTu4+BABEBAAH+AwMCmkUdkvVY71dgL9o4
N6J5W8ziuCscUMr4bDAUXzDGPfufqUU87M4S2nhnBrck56SNeSIzridteuaKMtd6
zGJpK2DKJmT5y6KL8Hn3EtYJxF39E+h9kDWy3S02W9LrFfpgx9uIoERL6007T9Dw
10iZNqbduP73PoDlgtVIfw5YfzfnfhcHvnB7DW01a4tQ+K5nPWZjpAXDeq0se9M6
MuTVBvRk5qDamQeaKv+EPE9cE34pql/2vADtQ/TLVRYp4Dye58CJlzxipwwsFO45
YFD3EeD3mwg5vCiiawKldTPqpN36gare9oycI/zYmlUac+VHQBJZ5gvxCLx/iBy4
ou2pvicGGdDA5r22+EaasC61VHEIJmITxDV8AEw4YefjU8OQ6yyPA84kadR+uKw5
iGnO624gibC+e7X8qG4MdxjMP1s0S61eP8pLfdARoy25Fd7oR4IQc06vGJgzU3t+
n0GZIdt3WS4HpfmhxztntMQpwMB84Q/PnA5pqyv/TIg9PjGTjt/oJkXd5FhHWGYg
rwkt108SmPINX6IubJqExWLYCe57Qh/oGJLiAsDOImK59RAJ1o4Ff3TWnRINqvmk
ln/IwMgVjnq0fYfHKSdq5Y/ZmnnxTvbyXgRIwSm24Q26qwdNJ1XryuevseJWd9VG
GmzueP8FJL9pteU7BfILJ611shKFVBJZdim2sdrQ287IR+or9Vkmp5e6DoqUGohv
PPDKn3xNVid5HWD64XKFEqdgsV7tHU7TR5kDkDx9xxMUxyQqCkbZ72UKm/kwANzg
C2d7RovQUaHoWnBXbKEImHcY06hAECXO28/okkUh9EW1jHAs7JTecwzniMNT+Nsu
Rrg2sljp0QGo0PhzyM7E1SWF3ENjOcImH1HP0SI6qjIGXa2B7Dvm4+EgickZfCPG
tCZUZXN0IFVzZXIgKFRlc3QgS2V5KSA8dGVzdEBob3N0LmxvY2FsPokBNgQTAQIA
IAUCSrj4ZQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEPrazwEi/AZHwu8H
/RBbOPO8cA9yVBqEHObexvkWSRoM4jGV4igG4Rb9FVzMzAgEYiUbldMi9TAcim86
Z/f2bMwNmoh4jy+02ar+R7srIqoNHxtf8mj4vyDzU0lVUkmMhcHuHmYKl/tTSGPY
L/GkVywB/jvv6vXFcr0/k2lNXZUBdBeHIlSAl/z9xK//K37TAQmMbmHiSUVTTnhp
m+Wu/YV1vG1LNhBCTxHEww6nYkPjMJ0AQmIkmFB6cMrNqS+uLFXGf//stIkVzk5f
uD4qXo2LxHaoYbEKdrJRlxBfypl3y6Q4UF5rdOAU6w5a9gqZ2Sfp9S2XMFhgfcC0
Of+1cEjMS3WuiCOZfNUrcqCdA74ESrj5rwEIAPJwiGR+OqeRRF8A6MP4zKu2ldRF
T/x5EfLUIf7IoYBAnIn9o4YUxoPBHfZbXvPWsop+UQnSZuR8EVWkaO5ZYsbFyiNv
CRkne92HgRSiAvP4Wy44mQZfKM+LE1pQe9CBy2sW9YKXXXDS/IYEiLtsWyTBsy57
yhOSwlymtpU4UM6/PKx6xTxbZLypwy5mg8aw/68T3x0pCm1PxXFxuZoRDDz8IlsT
cSM/bOb6gveNOGFuJyc3Gsuj9MYHxzgzauSl8qKZMBa+2GLEsHyB3YRCAGAywDoz
OUlKLgPVS1b8gerKmY3nkiig+RUD0BqAz5+N0dQFfSDHGRmII6BhxRQTkSEAEQEA
Af4DAwI0dkdHE+7AwGAO7d3oYF7eDqhhoeAwjgy2/A6JwJEP1ks1rhsy/J09WSKo
xSG8q0GaDHJGvsROWe7Lcq0FiYZJSVOoPxRWmei2bCEJQR91T3FD+oyUUlUhOZEZ
5IfFj1USDsIZWvlXC23PDUirGGzIyuFwgSWDHcWtMSSs4n7fVeZmaLqx5qZLTZkz
MbBbJYq03cPS7JUSImCvsligU3fpgLRu26YARGv7TNH0e/AErOzjmwdVH8F3z3YJ
Sof6ROzw1PKV3Pp6zM2MnVubFa+oy8FHF2bEo+eDyxuqNDB17AOd9vY7dCqszxYK
zajVNw5YNovvkh4CT0FT2cfB2WNa+M19Qe48Md0FMEky6zVMVDfTqBLRgs1cG6aF
C0OR4tj4K7FaXbbo/4AyINGgekpfTm5gnONP+p7TInz7gfRsHdHXK1CXVqOcRXbA
nd3MGhfg9TJpifiu7h3pEpgTrJ3WmKU6HImljZdwVSDIWhM4S6zFGTX9gRk5tCm6
tW5Yh+tVoL2WYY7gfPYQ/Y4HDfL4+ytMAsAMJ+g+aPxVHBezd/4eC/0AygYblkgW
GBIFHuVk12raTLPiApuXEo8SvplOb5aU+j4OMxv4TGCjOdYBfYEcNOzjsbGbA09I
96+M7GSjnjrFL2Z0M2MyrVrin4l/RGsJ6/Iyiyq5NKf3WwF+CEHGY78bT/Wu2pw9
JTECqHgRUr+mvrcZs7yTRfi+w5dR3peByTDfDFw5kPZya++N7bMcwaCfyWeQA6zm
vmlJCeUPy/noZ6Byz6JwL8nfwm/0/NW7u2c/RZ2YhfAHd8Z3DZu9vt9+ncKfeU7S
zDO/cc77gS4qMzis0KJEDccdMRejJeSB1r69bqtRn2ZBQGKG/cyD/+AA2xswGr5j
5rvFccBrCrNFyUvWHJuHtN+DiQEfBBgBAgAJBQJKuPmvAhsMAAoJEPrazwEi/AZH
8soIAIReCEpBW42DMJ8Zl62UuAZPOySgncVYV74oGe+p9XNMyPG9FQcT/XL+hFny
qyRy4w4zTOzhyx8u5WSwFQ5uJLz+J0k4cxmDFy54XSqpEhfvU0OnvfEVvwvdVzQA
iAjdJ71njgxI9dZQEC5r6a7wg9Ky3IwiRYDiF0juIybggRbFjX2ngKRANdSzNaXe
VeJqRN3H4DqDdTuXnU6frnphQ1tvNLpw5kDGuv6rok9TEqER/tlFzLF94G4X9k9L
p2+6I2f5jO8+sgGLSmNXi4laD3oLvAemrIh61Dn5sWQCPVlJYT3pPPdS6qHaWP4O
Q6Qpr606o4mOkueMC8CCxVq2zE4=
=KWQC
-----END PGP PRIVATE KEY BLOCK-----
test@eeepc:~$

PS: Если что еще что-то добавлю

Метки:

Оставьте комментарий!

Не регистрировать/аноним

Используйте нормальные имена.

Если вы уже зарегистрированы как комментатор или хотите зарегистрироваться, укажите пароль и свой действующий email.
(При регистрации на указанный адрес придет письмо с кодом активации и ссылкой на ваш персональный аккаунт, где вы сможете изменить свои данные, включая адрес сайта, ник, описание, контакты и т.д.)


grin LOL cheese smile wink smirk rolleyes confused surprised big surprise tongue laugh tongue rolleye tongue wink raspberry blank stare long face ohh grrr gulp oh oh downer red face sick shut eye hmmm mad angry zipper kiss shock cool smile cool smirk cool grin cool hmm cool mad cool cheese vampire snake excaim question

(обязательно)