GnuPG如何安全地分发私钥(3)导出私钥
提示:分发私钥,是危险的!centos
我有好几个电脑,只想用一对密钥;也就是说我须要把个人私钥,放到那几个电脑上。这样,我就就能够在任意电脑上,解密和签名以及其余。安全
1 怎么作
使用(临时)公钥把私钥加密,而后传到个人其余某个电脑,再解密。ui
2 个人debian8,生成(临时)密钥
root@debian8:~# gpg -K加密
root@debian8:~# gpg -kcentos7
/root/.gnupg/pubring.gpgspa
------------------------import
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]sed
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>rust
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]rsa
root@debian8:~#
root@debian8:~#
(编辑这个key,而且修改trust)
root@debian8:~# gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid debian8
ssb 2048g/C1845DA4 2016-11-25
root@debian8:~# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid debian8
sub 2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]
root@debian8:~#
3 个人Centos7,生成(临时)密钥
[root@centos7 ~]# gpg -K
[root@centos7 ~]#
[root@centos7 ~]#
[root@centos7 ~]# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
[root@centos7 ~]#
[root@centos7 ~]#
(编辑这个key,而且修改trust)
[root@centos7 ~]# gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid centos7
ssb 2048g/CDA873F4 2016-11-25
[root@centos7 ~]# gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid centos7
sub 2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]
[root@centos7 ~]#
4 导出2个(临时)公钥给个人(opensuse13)电脑
root@debian8:~# gpg -a -o debian8.pub.key --export D04D1A0B
root@debian8:~#
root@debian8:~#
root@debian8:~# l debian8.pub.key
-rw-r--r-- 1 root root 1645 Nov 25 23:16 debian8.pub.key
root@debian8:~#
root@debian8:~# scp debian8.pub.key root@192.168.19.147:/root/
Password:
debian8.pub.key 100% 1645 1.6KB/s 00:00
root@debian8:~#
root@debian8:~#
[root@centos7 ~]# gpg -a -o centos7.pub.key --export 28D414A1
[root@centos7 ~]# ls -l centos7.pub.key
-rw-r--r--. 1 root root 1662 Nov 25 23:15 centos7.pub.key
[root@centos7 ~]#
[root@centos7 ~]# scp centos7.pub.key root@192.168.19.147:/root/
Password:
centos7.pub.key 100% 1662 1.6KB/s 00:00
[root@centos7 ~]#
5 个人(opensuse13)电脑导入2个(临时)公钥
opensuse13:~ # gpg --import debian8.pub.key
gpg: key D04D1A0B: public key "debian8" imported
gpg: Total number processed: 1
gpg: imported: 1
opensuse13:~ # gpg --import centos7.pub.key
gpg: key 28D414A1: public key "centos7" imported
gpg: Total number processed: 1
gpg: imported: 1
opensuse13:~ #
(编辑这二个key,而且修改trust)
opensuse13:~ # gpg -k
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid [ultimate] FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
sub 4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]
pub 1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]
uid [unknown] debian8
sub 2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]
pub 1024D/28D414A1 2016-11-25 [expires: 2016-12-09]
uid [unknown] centos7
sub 2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]
opensuse13:~ #
整个过程的惟一不安全的地方就在这里,经过scp分发2个“临时”公钥;没有涉及认证,也没有签名!其实能够签名一下,或者对比指纹fingerprint,达到认证这2个公钥的效果。
6 个人(opensuse13)导出个人私钥
opensuse13:~ # gpg -K
/root/.gnupg/secring.gpg
------------------------
sec 4096R/276856F7 2016-11-25 [expires: 2017-04-24]
uid FranklinYang (Encrypt RSA 4096) <andypeker@163.com>
ssb 4096R/0A09DAC9 2016-11-25
opensuse13:~ # gpg -a -o FranklinYang.rsa.sec.key --export-secret-keys 276856F7
opensuse13:~ # l FranklinYang.rsa.sec.key
-rw-r--r-- 1 root root 3132 Nov 25 21:19 FranklinYang.rsa.sec.key
opensuse13:~ #
或者:
opensuse13:~ #
opensuse13:~ # gpg -o FranklinYang.sec.key --export-secret-keys FranklinYang
opensuse13:~ #
opensuse13:~ #
- 1. GnuPG如何安全地分发私钥(2)上传/导出分发公钥
- 2. GnuPG如何安全地分发私钥(5)分发个人私钥(+签名)
- 3. GnuPG如何安全地分发私钥(4)加密分发个人私钥
- 4. GnuPG如何安全地分发私钥(1)GnuPG的用法
- 5. GnuPG如何安全地分发私钥(6)在其余电脑上启用“个人密钥”
- 6. openssl从PFX导出私钥、公钥
- 7. 公钥私钥
- 8. 公钥和私钥
- 9. 密钥,私钥,公钥的区分
- 10. 私钥
- 更多相关文章...
- • XSD 如何使用? - XML Schema 教程
- • ASP.NET MVC - 安全 - ASP.NET 教程
- • Composer 安装与使用
- • PHP开发工具
-
每一个你不满意的现在,都有一个你没有努力的曾经。