GnuPG如何安全地分發私鑰(3)導出私鑰
提示:分發私鑰,是危險的!centos
我有好幾個電腦,只想用一對密鑰;也就是說我須要把個人私鑰,放到那幾個電腦上。這樣,我就就能夠在任意電腦上,解密和簽名以及其餘。安全
1 怎麼作
使用(臨時)公鑰把私鑰加密,而後傳到個人其餘某個電腦,再解密。ui
2 個人debian8,生成(臨時)密鑰
root@debian8:~# gpg -K加密
root@debian8:~# gpg -kcentos7
/root/.gnupg/pubring.gpgspa
------------------------import
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]sed
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>rust
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]rsa
root@debian8:~#
root@debian8:~#
(編輯這個key,而且修改trust)
root@debian8:~# gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid debian8
ssb 2048g/C1845DA4 2016-11-25
root@debian8:~# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid debian8
sub 2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]
root@debian8:~#
3 個人Centos7,生成(臨時)密鑰
[root@centos7 ~]# gpg -K
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
[root@centos7 ~]#
[root@centos7 ~]#
(編輯這個key,而且修改trust)
[root@centos7 ~]# gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid centos7
ssb 2048g/CDA873F4 2016-11-25
[root@centos7 ~]# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid centos7
sub 2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]
[root@centos7 ~]#
4 導出2個(臨時)公鑰給個人(opensuse13)電腦
root@debian8:~# gpg -a -o debian8.pub.key --export D04D1A0B
root@debian8:~#
root@debian8:~#
root@debian8:~# l debian8.pub.key
-rw-r--r-- 1 root root 1645 Nov 25 23:16 debian8.pub.key
root@debian8:~#
root@debian8:~# scp debian8.pub.key root@192.168.19.147:/root/
Password:
debian8.pub.key 100% 1645 1.6KB/s 00:00
root@debian8:~#
root@debian8:~#
[root@centos7 ~]# gpg -a -o centos7.pub.key --export 28D414A1
[root@centos7 ~]# ls -l centos7.pub.key
-rw-r--r--. 1 root root 1662 Nov 25 23:15 centos7.pub.key
[root@centos7 ~]#
[root@centos7 ~]# scp centos7.pub.key root@192.168.19.147:/root/
Password:
centos7.pub.key 100% 1662 1.6KB/s 00:00
[root@centos7 ~]#
5 個人(opensuse13)電腦導入2個(臨時)公鑰
opensuse13:~ # gpg --import debian8.pub.key
gpg: key D04D1A0B: public key "debian8" imported
gpg: Total number processed: 1
gpg: imported: 1
opensuse13:~ # gpg --import centos7.pub.key
gpg: key 28D414A1: public key "centos7" imported
gpg: Total number processed: 1
gpg: imported: 1
opensuse13:~ #
(編輯這二個key,而且修改trust)
opensuse13:~ # gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid [ultimate] FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid [unknown] debian8
sub 2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]
pub 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid [unknown] centos7
sub 2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]
opensuse13:~ #
整個過程的惟一不安全的地方就在這裏,經過scp分發2個「臨時」公鑰;沒有涉及認證,也沒有簽名!其實能夠簽名一下,或者對比指紋fingerprint,達到認證這2個公鑰的效果。
6 個人(opensuse13)導出個人私鑰
opensuse13:~ # gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
ssb 4096R/0A09DAC9 2016-11-25
opensuse13:~ # gpg -a -o FranklinYang.rsa.sec.key --export-secret-keys 276856F7
opensuse13:~ # l FranklinYang.rsa.sec.key
-rw-r--r-- 1 root root 3132 Nov 25 21:19 FranklinYang.rsa.sec.key
opensuse13:~ #
或者:
opensuse13:~ #
opensuse13:~ # gpg -o FranklinYang.sec.key --export-secret-keys FranklinYang
opensuse13:~ #
opensuse13:~ #
- 1. GnuPG如何安全地分發私鑰(2)上傳/導出分發公鑰
- 2. GnuPG如何安全地分發私鑰(5)分發個人私鑰(+簽名)
- 3. GnuPG如何安全地分發私鑰(4)加密分發個人私鑰
- 4. GnuPG如何安全地分發私鑰(1)GnuPG的用法
- 5. GnuPG如何安全地分發私鑰(6)在其餘電腦上啓用「個人密鑰」
- 6. openssl從PFX導出私鑰、公鑰
- 7. 公鑰私鑰
- 8. 公鑰和私鑰
- 9. 密鑰,私鑰,公鑰的區分
- 10. 私鑰
- 更多相關文章...
- • XSD 如何使用? - XML Schema 教程
- • ASP.NET MVC - 安全 - ASP.NET 教程
- • Composer 安裝與使用
- • PHP開發工具
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. python的安裝和Hello,World編寫
- 2. 重磅解讀:K8s Cluster Autoscaler模塊及對應華爲雲插件Deep Dive
- 3. 鴻蒙學習筆記2(永不斷更)
- 4. static關鍵字 和構造代碼塊
- 5. JVM筆記
- 6. 無法啓動 C/C++ 語言服務器。IntelliSense 功能將被禁用。錯誤: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回碼狀態含義
- 8. Java樹形結構遞歸(以時間換空間)和非遞歸(以空間換時間)
- 9. 數據預處理---缺失值
- 10. 都要2021年了,現代C++有什麼值得我們學習的?