GnuPG高级指导导出私钥
Posted andypeker
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了GnuPG高级指导导出私钥相关的知识,希望对你有一定的参考价值。
1 为什么要导出分发私钥
友情提示:分发私钥,是危险的!
我有好几个电脑,只想用一对密钥;也就是说我需要把我的私钥,放到那几个电脑上。这样,我就就可以在任意电脑上,解密和签名以及其他。
1 怎么做
使用(临时)公钥把私钥加密,然后传到我的其他某个电脑,再解密。
3 我的debian8,生成(临时)密钥
[email protected]:~# gpg -K
[email protected]:~# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <[email protected]>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
(编辑这个key,并且修改trust)
[email protected]:~# gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid debian8
ssb 2048g/C1845DA4 2016-11-25
[email protected]:~# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <[email protected]>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid debian8
sub 2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]
4 我的Centos7,生成(临时)密钥
[[email protected] ~]# gpg -K
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <[email protected]>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
[[email protected] ~]#
[[email protected] ~]#
(编辑这个key,并且修改trust)
[[email protected] ~]# gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid centos7
ssb 2048g/CDA873F4 2016-11-25
[[email protected] ~]# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <[email protected]>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid centos7
sub 2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]
[[email protected] ~]#
5 导出2个(临时)公钥给我的(opensuse13)电脑
[email protected]:~# gpg -a -o debian8.pub.key --export D04D1A0B
[email protected]:~# l debian8.pub.key
-rw-r--r-- 1 root root 1645 Nov 25 23:16 debian8.pub.key
[email protected]:~# scp debian8.pub.key [email protected]:/root/
Password:
debian8.pub.key 100% 1645 1.6KB/s 00:00
[[email protected] ~]# gpg -a -o centos7.pub.key --export 28D414A1
[[email protected] ~]# ls -l centos7.pub.key
-rw-r--r--. 1 root root 1662 Nov 25 23:15 centos7.pub.key
[[email protected] ~]#
[[email protected] ~]# scp centos7.pub.key [email protected]:/root/
Password:
centos7.pub.key 100% 1662 1.6KB/s 00:00
[[email protected] ~]#
5 我的(opensuse13)电脑导入2个(临时)公钥
opensuse13:~ # gpg --import debian8.pub.key
gpg: key D04D1A0B: public key "debian8" imported
gpg: Total number processed: 1
gpg: imported: 1
opensuse13:~ # gpg --import centos7.pub.key
gpg: key 28D414A1: public key "centos7" imported
gpg: Total number processed: 1
gpg: imported: 1
opensuse13:~ #
(编辑这二个key,并且修改trust)
opensuse13:~ # gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid [ultimate] FranklinYang (Encrypt RSA 4096) <[email protected]>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid [unknown] debian8
sub 2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]
pub 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid [unknown] centos7
sub 2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]
opensuse13:~ #
整个过程的唯一不安全的地方就在这里,通过scp分发2个“临时”公钥;没有涉及认证,也没有签名!其实可以签名一下,或者对比指纹fingerprint,达到认证这2个公钥的效果。
6 我的(opensuse13)导出我的私钥
opensuse13:~ # gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <[email protected]>
ssb 4096R/0A09DAC9 2016-11-25
opensuse13:~ # gpg -a -o FranklinYang.rsa.sec.key --export-secret-keys 276856F7
opensuse13:~ # l FranklinYang.rsa.sec.key
-rw-r--r-- 1 root root 3132 Nov 25 21:19 FranklinYang.rsa.sec.key
opensuse13:~ #
或者:
opensuse13:~ #
opensuse13:~ # gpg -o FranklinYang.sec.key --export-secret-keys FranklinYang
opensuse13:~ #
opensuse13:~ #
以上是关于GnuPG高级指导导出私钥的主要内容,如果未能解决你的问题,请参考以下文章