PGP
Материал из Xgu.ru
PGP (Pretty Good Privacy) — программное обеспечение для шифрования и цифрового подписывания электронной почты. Программа PGP была создана Филом Циммерманом в 1991 году.
Существует стандарт OpenPGP, которому соответствует современный PGP и другие аналогичные программы, например GPG.
Содержание |
[править] Пример использования GnuPG
Пример использования GnuPG для работы с PGP-ключами.
$ sudo apt-get install gnupg Reading package lists... Done Building dependency tree Reading state information... Done
$ gpg --gen-key gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory `/home/igor/.gnupg' created gpg: new configuration file `/home/igor/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/igor/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/igor/.gnupg/secring.gpg' created gpg: keyring `/home/igor/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 5y Key expires at Wed 28 Jan 2015 08:52:14 PM EET Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Igor Chubin Email address: igor@chub.in Comment: You selected this USER-ID: "Igor Chubin <igor@chub.in>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .++++++++++.++++++++++++++++++++++++++++++.+++++.+++++.+++++.+++++.+++++++++++++++.++++++++++++++++++++++++++++++++++++++++.+++++...+++++++++++++++............>.+++++......................................>+++++....<.+++++.............>+++++...................+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+++++.+++++++++++++++...+++++.+++++.++++++++++.++++++++++...+++++.+++++.+++++++++++++++++++++++++..+++++....+++++.++++++++++++++++++++++++++++++++++++++++..++++++++++>++++++++++>+++++.... gpg: /home/igor/.gnupg/trustdb.gpg: trustdb created gpg: key 2CDC7BB8 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2015-01-28 pub 1024D/2CDC7998 2010-01-29 [expires: 2015-01-28] Key fingerprint = 6770 AB29 B1E1 368D F0E3 08D8 8BC9 A63A 2CDC 7BB8 uid Igor Chubin <igor@chub.in> sub 2048g/89D6BBEF 2010-01-29 [expires: 2015-01-28] $ gpg --list-secret-keys /home/igor/.gnupg/secring.gpg ----------------------------- sec 1024D/2CDC7998 2010-01-29 [expires: 2015-01-28] uid Igor Chubin <igor@chub.in> ssb 2048g/89D699BBEF 2010-01-29
$ gpg --list-keys /home/igor/.gnupg/pubring.gpg ----------------------------- pub 1024D/2CDC7BB8 2010-01-29 [expires: 2015-01-28] uid Igor Chubin <igor@chub.in> sub 2048g/89D699EF 2010-01-29 [expires: 2015-01-28]
[править] Ещё
Примеры команд:
gpg --keyserver keyserver.ubuntu.com --recv-keys 437D05B5 gpg --export -a 437D05B5 > ubuntu.gpg
Ещё пример:
gpg --recv-keys 40976EAF437D05B5 gpg --export --armor 40976EAF437D05B5 | sudo apt-key add -
Примеры команд:
gpg --keyserver keyserver.ubuntu.com --recv-keys 437D05B5 gpg --export -a 437D05B5 > ubuntu.gpg
Ещё пример:
gpg --recv-keys 40976EAF437D05B5 gpg --export --armor 40976EAF437D05B5 | sudo apt-key add -
[править] Вопросы и ответы
[править] Как зашифровать и расшифровать файл с помощью gpg?
зашифровать:
gpg -c filename
расшифровать:
gpg filename.gpg
без участия пользователя:
echo password | gpg --batch -q --passphrase-fd 0 --cipher-algo AES256 -c filename
расшифровать без участия пользователя:
echo password | gpg --batch -q -o /tmp/file.tgz --passphrase-fd 0 --decrypt filename.gpg
[править] Дополнительная информация
Криптография на Xgu.ru | ||
---|---|---|
Основы | Криптография | |
AAA | Kerberos • EAP • Host-based аутентификация в OpenSSH | |
Шифрование данных на диске | Шифрование LVM • LUKS | |
Шифрование сетевых данных | VPN • IPsec • OpenVPN • SSL • OpenSSL • TLS • SSH | |
Криптография в VoIP | Шифрование звонков в Asterisk • SRTP |