PGP
Материал из Xgu.ru
PGP (Pretty Good Privacy) — программное обеспечение для шифрования и цифрового подписывания электронной почты. Программа PGP была создана Филом Циммерманом в 1991 году.
Существует стандарт OpenPGP, которому соответствует современный PGP и другие аналогичные программы, например GPG.
Содержание |
[править] Пример использования GnuPG
Пример использования GnuPG для работы с PGP-ключами.
$ sudo apt-get install gnupg Reading package lists... Done Building dependency tree Reading state information... Done
$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/home/igor/.gnupg' created
gpg: new configuration file `/home/igor/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/igor/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/igor/.gnupg/secring.gpg' created
gpg: keyring `/home/igor/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Wed 28 Jan 2015 08:52:14 PM EET
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Igor Chubin
Email address: igor@chub.in
Comment:
You selected this USER-ID:
"Igor Chubin <igor@chub.in>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.++++++++++.++++++++++++++++++++++++++++++.+++++.+++++.+++++.+++++.+++++++++++++++.++++++++++++++++++++++++++++++++++++++++.+++++...+++++++++++++++............>.+++++......................................>+++++....<.+++++.............>+++++...................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++.+++++++++++++++...+++++.+++++.++++++++++.++++++++++...+++++.+++++.+++++++++++++++++++++++++..+++++....+++++.++++++++++++++++++++++++++++++++++++++++..++++++++++>++++++++++>+++++....
gpg: /home/igor/.gnupg/trustdb.gpg: trustdb created
gpg: key 2CDC7BB8 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2015-01-28
pub 1024D/2CDC7998 2010-01-29 [expires: 2015-01-28]
Key fingerprint = 6770 AB29 B1E1 368D F0E3 08D8 8BC9 A63A 2CDC 7BB8
uid Igor Chubin <igor@chub.in>
sub 2048g/89D6BBEF 2010-01-29 [expires: 2015-01-28]
$ gpg --list-secret-keys
/home/igor/.gnupg/secring.gpg
-----------------------------
sec 1024D/2CDC7998 2010-01-29 [expires: 2015-01-28]
uid Igor Chubin <igor@chub.in>
ssb 2048g/89D699BBEF 2010-01-29
$ gpg --list-keys /home/igor/.gnupg/pubring.gpg ----------------------------- pub 1024D/2CDC7BB8 2010-01-29 [expires: 2015-01-28] uid Igor Chubin <igor@chub.in> sub 2048g/89D699EF 2010-01-29 [expires: 2015-01-28]
[править] Ещё
Примеры команд:
gpg --keyserver keyserver.ubuntu.com --recv-keys 437D05B5 gpg --export -a 437D05B5 > ubuntu.gpg
Ещё пример:
gpg --recv-keys 40976EAF437D05B5 gpg --export --armor 40976EAF437D05B5 | sudo apt-key add -
Примеры команд:
gpg --keyserver keyserver.ubuntu.com --recv-keys 437D05B5 gpg --export -a 437D05B5 > ubuntu.gpg
Ещё пример:
gpg --recv-keys 40976EAF437D05B5 gpg --export --armor 40976EAF437D05B5 | sudo apt-key add -
[править] Вопросы и ответы
[править] Как зашифровать и расшифровать файл с помощью gpg?
зашифровать:
gpg -c filename
расшифровать:
gpg filename.gpg
без участия пользователя:
echo password | gpg --batch -q --passphrase-fd 0 --cipher-algo AES256 -c filename
расшифровать без участия пользователя:
echo password | gpg --batch -q -o /tmp/file.tgz --passphrase-fd 0 --decrypt filename.gpg
[править] Дополнительная информация
| Криптография на Xgu.ru | ||
|---|---|---|
| Основы | Криптография |  |
| AAA | Kerberos • EAP • Host-based аутентификация в OpenSSH | |
| Шифрование данных на диске | Шифрование LVM • LUKS | |
| Шифрование сетевых данных | VPN • IPsec • OpenVPN • SSL • OpenSSL • TLS • SSH | |
| Криптография в VoIP | Шифрование звонков в Asterisk • SRTP | |
