GnuPG高级指导导出私钥

Posted andypeker

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了GnuPG高级指导导出私钥相关的知识,希望对你有一定的参考价值。

 

1 为什么要导出分发私钥

 

友情提示:分发私钥,是危险的!

 

我有好几个电脑,只想用一对密钥;也就是说我需要把我的私钥,放到那几个电脑上。这样,我就就可以在任意电脑上,解密和签名以及其他。

 

 

1       怎么做

使用(临时)公钥把私钥加密,然后传到我的其他某个电脑,再解密。

 

 

3 我的debian8,生成(临时)密钥

 

[email protected]:~# gpg -K

[email protected]:~# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <[email protected]>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

[email protected]:~#

[email protected]:~#

 

(编辑这个key,并且修改trust)

 

 

[email protected]:~# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec  1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid                  debian8

ssb   2048g/C1845DA4 2016-11-25

 

[email protected]:~# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <[email protected]>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

pub   1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid                  debian8

sub   2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]

 

[email protected]:~#

 

 

 

4 我的Centos7,生成(临时)密钥

 

[[email protected] ~]# gpg -K

[[email protected] ~]#

[[email protected] ~]#

[[email protected] ~]# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <[email protected]>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

[[email protected] ~]#

[[email protected] ~]#

 

(编辑这个key,并且修改trust)

 

 

[[email protected] ~]# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec  1024D/28D414A1 2016-11-25 [expires: 2016-12-09]

uid                  centos7

ssb   2048g/CDA873F4 2016-11-25

 

[[email protected] ~]# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <[email protected]>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

pub   1024D/28D414A1 2016-11-25 [expires: 2016-12-09]

uid                  centos7

sub   2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]

 

[[email protected] ~]#

 

 

5 导出2个(临时)公钥给我的(opensuse13)电脑

 

[email protected]:~# gpg -a -o debian8.pub.key --export D04D1A0B

[email protected]:~#

[email protected]:~#

[email protected]:~# l debian8.pub.key

-rw-r--r-- 1 root root 1645 Nov 25 23:16 debian8.pub.key

[email protected]:~#

[email protected]:~# scp debian8.pub.key [email protected]:/root/

Password:

debian8.pub.key                            100% 1645     1.6KB/s   00:00

[email protected]:~#

[email protected]:~#

 

[[email protected] ~]# gpg -a -o centos7.pub.key --export 28D414A1

[[email protected] ~]# ls -l centos7.pub.key

-rw-r--r--. 1 root root 1662 Nov 25 23:15 centos7.pub.key

[[email protected] ~]#

[[email protected] ~]# scp centos7.pub.key [email protected]:/root/

Password:

centos7.pub.key                            100% 1662     1.6KB/s   00:00

[[email protected] ~]#

 

 

 

5 我的(opensuse13)电脑导入2个(临时)公钥

 

opensuse13:~ # gpg --import debian8.pub.key

gpg: key D04D1A0B: public key "debian8" imported

gpg: Total number processed: 1

gpg:               imported: 1

opensuse13:~ # gpg --import centos7.pub.key

gpg: key 28D414A1: public key "centos7" imported

gpg: Total number processed: 1

gpg:               imported: 1

opensuse13:~ #

 

(编辑这二个key,并且修改trust)

 

 

opensuse13:~ # gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid       [ultimate] FranklinYang (Encrypt RSA 4096) <[email protected]>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

pub   1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid       [unknown] debian8

sub   2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]

 

pub   1024D/28D414A1 2016-11-25 [expires: 2016-12-09]

uid       [unknown] centos7

sub   2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]

 

opensuse13:~ #

 

整个过程的唯一不安全的地方就在这里,通过scp分发2个“临时”公钥;没有涉及认证,也没有签名!其实可以签名一下,或者对比指纹fingerprint,达到认证这2个公钥的效果。

 

 

6 我的(opensuse13)导出我的私钥

 

opensuse13:~ # gpg -K

/root/.gnupg/secring.gpg

------------------------

sec   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <[email protected]>

ssb   4096R/0A09DAC9 2016-11-25

 

opensuse13:~ # gpg -a -o FranklinYang.rsa.sec.key --export-secret-keys 276856F7

opensuse13:~ # l FranklinYang.rsa.sec.key

-rw-r--r-- 1 root root 3132 Nov 25 21:19 FranklinYang.rsa.sec.key

opensuse13:~ #

 

或者:

 

opensuse13:~ #

opensuse13:~ # gpg -o FranklinYang.sec.key --export-secret-keys FranklinYang

opensuse13:~ #

opensuse13:~ #

以上是关于GnuPG高级指导导出私钥的主要内容,如果未能解决你的问题,请参考以下文章

GnuPG高级指导上传/导出分发公钥

GnuPG高级指导GnuPG的用法

GnuPG高级指导在其他电脑上启用“我的密钥”

sh 不同的私钥/公钥转换GnuPG,OpenSSH和OpenSSL

GnuPG

私钥密码是啥意思?