key - GNU/Linux gpg 如何使用私钥加密

Question

编辑：很抱歉造成混乱。其实我想知道是否可以使用私钥进行加密。（这也自动意味着签名。）我希望通过运行脚本在 C 程序中执行此操作。

顺便说一句，用私钥加密是向观众发送签名消息的好主意，观众将用我的公钥对其进行解密？

老问题：如何在 GNU/Linux 中使用我自己的私钥使用 gpg 对文件“签名”？我看到了手册页，但它没有提供任何有关此的信息。另外，对方如何验证我以这种方式创建的签名？

如果可能，请提供命令行选项来完成此操作。

我在 SO 上看到了其他问题，但他们谈论的是 Android、JAVA 等。我只想要命令行选项。谢谢。

Answer 1

手册页实际上确实提供了有关签名的信息。

有3个主要选择：

1. -s直接用/签署文件--sign
   • 完全修改文件，在其中嵌入签名——可以使用或不使用-aASCII 盔甲选项
2. -s直接使用/ --signAND 对文件进行签名--clearsign
   • 用纯文本 ASCII 签名包装文件
3. -b使用/创建分离签名--detach-sign
   • 将签名保存到单独的文件 - 可以使用或不使用-a

这是我依次进行每个操作然后进行验证的示例。

1. 嵌入签名，修改原始文件（需要使用gpg -d获取文件的原始内容）。

   $ cp /etc/issue .
   $ gpg -sa <issue>issue.asc
   
   You need a passphrase to unlock the secret key for
   user: "Rsaw Rsaw <rsaw@devnull>"
   2048-bit RSA key, ID 211A2D3E, created 2012-08-24
   
   $ cat issue.asc   
   -----BEGIN PGP MESSAGE-----
   Version: GnuPG v1.4.12 (GNU/Linux)
   
   owEBcQGO/pANAwACASZpDtshGi0+ActBYgBQoI3pRmVkb3JhIHJlbGVhc2UgMTcg
   KEJlZWZ5IE1pcmFjbGUpCktlcm5lbCBcciBvbiBhbiBcbSAoXGwpCgqJARwEAAEC
   AAYFAlCgjekACgkQJmkO2yEaLT5C3Af/fGDDoCA+6ddDUqbOZa96RNZrQPvvuT2m
   ZnPEnXonqkTEf0OLOJFHWPTsMK5SKdSWx14gvaiSbQTGTKdqUiaSBfBs+tenJ39S
   zQrZPctqKYvBbk848qiBO6tHgf8npNmg2yeY2YKjR6+02bHadg9wiujjazutuSKY
   xEDvaIoDpCl1bsbOF7ZI8zxcpFx366PZybC/fEvA+R4sDFP4QiYDPg0MKmrUlsJa
   1l9gE8e1LEZC2wXDuSCffL6dODFbCvHgU4IyUze1lX5CZHFPs5Y9kI+yBb9f9sYH
   UzOHJDISHMephS1WPqP5JXlkwiiUNTEk4qnTQRalud+yAHBeEZtrtA==
   =fYHs
   -----END PGP MESSAGE-----
   $ gpg --verify issue.asc 
   gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ gpg -d issue.asc 
   Fedora release 17 (Beefy Miracle)
   Kernel \r on an \m (\l)
   
   gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   

2. 包装 clearsign 签名。

   $ gpg -s --clearsign <issue>issue.asc
   
   You need a passphrase to unlock the secret key for
   user: "Rsaw Rsaw <rsaw@devnull>"
   2048-bit RSA key, ID 211A2D3E, created 2012-08-24
   
   $ cat issue.asc   
   -----BEGIN PGP SIGNED MESSAGE-----
   Hash: SHA1
   
   Fedora release 17 (Beefy Miracle)
   Kernel \r on an \m (\l)
   
   -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.12 (GNU/Linux)
   
   iQEcBAEBAgAGBQJQoI65AAoJECZpDtshGi0+XLwH/0q7M+6aVvM2XMwy36R+zbYv
   IjF/GBUgEFRO53a0xCi6lhw10Wp4tpmZLeJJwFb2xNGu7/1SaB4pk/PhSk4xU5Bx
   3FepXaHvbwoB+Km2jqCnB1BNowJa4UecPk7pBoBPbBFv6GomecMYv1a3tORStmwe
   3UIF99HgCilivjbJoGI6h7en7yq2LwwQLpHNs8dY8rlurQfHM5CMv5RpF9jCDEJS
   MHKN52Urcx1/ROam/YjyP+Pa+PZF4x19q+obdHOsNCyqAIlYcfsUjCoiCGF8FjPM
   00ha0aaw9dHezmqyAE9nWE5SYB571iVcO1xIoGk+jl78HSwpxpf5hssavDwT2go=
   =o6WZ
   -----END PGP SIGNATURE-----
   $ gpg -v issue.asc
   gpg: armor header: Hash: SHA1
   gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
   gpg: original file name=''
   File `issue' exists. Overwrite? (y/N) 
   gpg: Interrupt caught ... exiting
   
   $ gpg --verify issue.asc
   gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ gpg -d issue.asc
   Fedora release 17 (Beefy Miracle)
   Kernel \r on an \m (\l)
   
   gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   

3. 分离签名（要求与签名文件同名，加上扩展名.sig或.asc或要求用户明确指定分离签名文件和签名文件）。

   $ gpg -ba <issue>issue.sig
   
   You need a passphrase to unlock the secret key for
   user: "Rsaw Rsaw <rsaw@devnull>"
   2048-bit RSA key, ID 211A2D3E, created 2012-08-24
   
   $ cat issue.sig   
   -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.12 (GNU/Linux)
   
   iQEcBAABAgAGBQJQoI8zAAoJECZpDtshGi0+x2cH/RsM2LAeXTZkL792jJTVyoyg
   Iz/RT3aBZqnqXu2H4O2YB897Qr4vbnoCc5uaTxm4z4jujkRs5l5vfL184Yui+o9g
   eJW/Q+RegiMdgZMGY48xqz0sJMM1q2nJGy1c5qqX59IuUzslVkw+HxzPnChQHDBV
   B7EraKoIvJS8KzHdXF/sQtUnJAlg4ItKW/uc/gNRz7G2O9tCdyTuddlTA6b3dV0I
   gYCeF3TMgBMpkrDyYmVc9BkheIZDwy9ce1sRDYFmGpbD/Smae4mXeTgurEbe2bFJ
   TqRkB4tMMl4xRd1s+Wtbj3f3hxsLTZn3Wq1n9UlL5Ga/+Tx3gZQAIUYLPwwyD7k=
   =G2Qp
   -----END PGP SIGNATURE-----
   $ gpg --verify issue.sig
   gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ mv issue.sig my-issue.sig
   $ gpg --verify -v my-issue.sig
   gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
   gpg: no signed data
   gpg: can't hash datafile: file open error
   $ gpg --verify my-issue.sig issue
   gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ mv my-issue.sig issue.asc
   $ gpg -v --verify issue.asc
   gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
   gpg: assuming signed data in `issue'
   gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
   gpg: using PGP trust model
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   gpg: binary signature, digest algorithm SHA1
   

所以这应该涵盖这一点。

为了将来参考，这个问题不应该发布在 Stackoverflow 上，并且可能会被移动或关闭。它属于Unix 和 Linux或Superuser。