0

编辑:很抱歉造成混乱。其实我想知道是否可以使用私钥进行加密。(这也自动意味着签名。)我希望通过运行脚本在 C 程序中执行此操作。

顺便说一句,用私钥加密是向观众发送签名消息的好主意,观众将用我的公钥对其进行解密?

老问题:如何在 GNU/Linux 中使用我自己的私钥使用 gpg 对文件“签名”?我看到了手册页,但它没有提供任何有关此的信息。另外,对方如何验证我以这种方式创建的签名?

如果可能,请提供命令行选项来完成此操作。

我在 SO 上看到了其他问题,但他们谈论的是 Android、JAVA 等。我只想要命令行选项。谢谢。

4

1 回答 1

0

手册页实际上确实提供了有关签名的信息。

有3个主要选择:

  1. -s直接用/签署文件--sign
    • 完全修改文件,在其中嵌入签名——可以使用或不使用-aASCII 盔甲选项
  2. -s直接使用/ --signAND 对文件进行签名--clearsign
    • 用纯文本 ASCII 签名包装文件
  3. -b使用/创建分离签名--detach-sign
    • 将签名保存到单独的文件 - 可以使用或不使用-a

这是我依次进行每个操作然后进行验证的示例。

  1. 嵌入签名,修改原始文件(需要使用gpg -d获取文件的原始内容)。

    $ cp /etc/issue .
    $ gpg -sa <issue>issue.asc
    
    You need a passphrase to unlock the secret key for
    user: "Rsaw Rsaw <rsaw@devnull>"
    2048-bit RSA key, ID 211A2D3E, created 2012-08-24
    
    $ cat issue.asc   
    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v1.4.12 (GNU/Linux)
    
    owEBcQGO/pANAwACASZpDtshGi0+ActBYgBQoI3pRmVkb3JhIHJlbGVhc2UgMTcg
    KEJlZWZ5IE1pcmFjbGUpCktlcm5lbCBcciBvbiBhbiBcbSAoXGwpCgqJARwEAAEC
    AAYFAlCgjekACgkQJmkO2yEaLT5C3Af/fGDDoCA+6ddDUqbOZa96RNZrQPvvuT2m
    ZnPEnXonqkTEf0OLOJFHWPTsMK5SKdSWx14gvaiSbQTGTKdqUiaSBfBs+tenJ39S
    zQrZPctqKYvBbk848qiBO6tHgf8npNmg2yeY2YKjR6+02bHadg9wiujjazutuSKY
    xEDvaIoDpCl1bsbOF7ZI8zxcpFx366PZybC/fEvA+R4sDFP4QiYDPg0MKmrUlsJa
    1l9gE8e1LEZC2wXDuSCffL6dODFbCvHgU4IyUze1lX5CZHFPs5Y9kI+yBb9f9sYH
    UzOHJDISHMephS1WPqP5JXlkwiiUNTEk4qnTQRalud+yAHBeEZtrtA==
    =fYHs
    -----END PGP MESSAGE-----
    $ gpg --verify issue.asc 
    gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    $ gpg -d issue.asc 
    Fedora release 17 (Beefy Miracle)
    Kernel \r on an \m (\l)
    
    gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    
  2. 包装 clearsign 签名。

    $ gpg -s --clearsign <issue>issue.asc
    
    You need a passphrase to unlock the secret key for
    user: "Rsaw Rsaw <rsaw@devnull>"
    2048-bit RSA key, ID 211A2D3E, created 2012-08-24
    
    $ cat issue.asc   
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    Fedora release 17 (Beefy Miracle)
    Kernel \r on an \m (\l)
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)
    
    iQEcBAEBAgAGBQJQoI65AAoJECZpDtshGi0+XLwH/0q7M+6aVvM2XMwy36R+zbYv
    IjF/GBUgEFRO53a0xCi6lhw10Wp4tpmZLeJJwFb2xNGu7/1SaB4pk/PhSk4xU5Bx
    3FepXaHvbwoB+Km2jqCnB1BNowJa4UecPk7pBoBPbBFv6GomecMYv1a3tORStmwe
    3UIF99HgCilivjbJoGI6h7en7yq2LwwQLpHNs8dY8rlurQfHM5CMv5RpF9jCDEJS
    MHKN52Urcx1/ROam/YjyP+Pa+PZF4x19q+obdHOsNCyqAIlYcfsUjCoiCGF8FjPM
    00ha0aaw9dHezmqyAE9nWE5SYB571iVcO1xIoGk+jl78HSwpxpf5hssavDwT2go=
    =o6WZ
    -----END PGP SIGNATURE-----
    $ gpg -v issue.asc
    gpg: armor header: Hash: SHA1
    gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
    gpg: original file name=''
    File `issue' exists. Overwrite? (y/N) 
    gpg: Interrupt caught ... exiting
    
    $ gpg --verify issue.asc
    gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    $ gpg -d issue.asc
    Fedora release 17 (Beefy Miracle)
    Kernel \r on an \m (\l)
    
    gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    
  3. 分离签名(要求与签名文件同名,加上扩展名.sig.asc或要求用户明确指定分离签名文件和签名文件)。

    $ gpg -ba <issue>issue.sig
    
    You need a passphrase to unlock the secret key for
    user: "Rsaw Rsaw <rsaw@devnull>"
    2048-bit RSA key, ID 211A2D3E, created 2012-08-24
    
    $ cat issue.sig   
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)
    
    iQEcBAABAgAGBQJQoI8zAAoJECZpDtshGi0+x2cH/RsM2LAeXTZkL792jJTVyoyg
    Iz/RT3aBZqnqXu2H4O2YB897Qr4vbnoCc5uaTxm4z4jujkRs5l5vfL184Yui+o9g
    eJW/Q+RegiMdgZMGY48xqz0sJMM1q2nJGy1c5qqX59IuUzslVkw+HxzPnChQHDBV
    B7EraKoIvJS8KzHdXF/sQtUnJAlg4ItKW/uc/gNRz7G2O9tCdyTuddlTA6b3dV0I
    gYCeF3TMgBMpkrDyYmVc9BkheIZDwy9ce1sRDYFmGpbD/Smae4mXeTgurEbe2bFJ
    TqRkB4tMMl4xRd1s+Wtbj3f3hxsLTZn3Wq1n9UlL5Ga/+Tx3gZQAIUYLPwwyD7k=
    =G2Qp
    -----END PGP SIGNATURE-----
    $ gpg --verify issue.sig
    gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    $ mv issue.sig my-issue.sig
    $ gpg --verify -v my-issue.sig
    gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
    gpg: no signed data
    gpg: can't hash datafile: file open error
    $ gpg --verify my-issue.sig issue
    gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    $ mv my-issue.sig issue.asc
    $ gpg -v --verify issue.asc
    gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
    gpg: assuming signed data in `issue'
    gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
    gpg: using PGP trust model
    gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
    gpg: binary signature, digest algorithm SHA1
    

所以这应该涵盖这一点。

为了将来参考,这个问题不应该发布在 Stackoverflow 上,并且可能会被移动或关闭。它属于Unix 和 LinuxSuperuser

于 2012-11-12T06:00:01.700 回答