PGPdisk和PGPkeys的区别

发布网友 发布时间：2022-05-07 07:35

我来回答

共3个回答

懂视网 时间：2022-04-16 00:55

caff

CA Fire and Forget (caff) is a program that allows you to sign a bunch of keys (like you might have after a key signing party) very quickly. It also adds a level of security to the signing process by forcing the other person to verify that they have both control over the email address provided and the key you signed. The way caff does this is by encrypting the signature in an email and sending it to the person. The person who receives the message must also decrypt the message and apply the signature themselves. Once they sync their key with the key server the new signatures will appear for everyone.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --refresh-key

There is somesetup of caffthat needs to be done prior but once you have it setup it’ll be good to go.

Installing caff

Installing caff is pretty easy although there might be a little trick. In Fedora there isn’t a caff package. Caff is actually in the pgp-tools package; other distros may have this named differently.

Using caff

Once you have caff installed and setup, you just need to tell caff what key IDs you would like to sign. “man caff” will give you all the options but basically ‘caff -m no -u ‘ will sign all the keys listed after your key. You will be asked to verify that you do want to sign the key and then caff will sign the key and mail it off. The user will receive an email, per user id on the key, with instructions on importing the signature.

Signing a key with GnuPG

The other way of signing a PGP key is to use GnuPG. Signing a key this way will simply add the signature to the key you have locally and then you’ll need to send those keys out to the key server.

Retrieving keys using GnuPG

The first thing that you have to do is pull the keys down from the keyserver.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys...

Once you have received all the keys you can then sign them. If someone’s key is not there you should probably contact them and ask them to add their key to the servers. If they already have uploaded their key, it might take a couple of hours before it is sync’d everywhere.

Using GnuPG

Signing a key is pretty straightforward:

$ gpg --sign-key 1bb943dbpub 1024D/1BB943DB created: 2010-02-02 expires: never usage: SCtrust: unknown validity: unknownsub 4096g/672557E6 created: 2010-02-02 expires: never usage: E [ unknown] (1). MariaDB Package Signing Key [ unknown] (2) Daniel Bartholomew (Monty Program signing key) Really sign all user IDs? (y/N) ypub 1024D/1BB943DB created: 2010-02-02 expires: never usage: SCtrust: unknown validity: unknown Primary key fingerprint: 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DBMariaDB Package Signing Key  Daniel Bartholomew (Monty Program signing key) Are you sure that you want to sign this key with yourkey "Eric Harlan Christensen " (024BB3D1)Really sign? (y/N) y

In the example I signed the MariaDB key with my key. Once that is complete a simple:

gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key 1BB943DB

…will send the new signature to the key servers.

热心网友 时间：2022-04-15 22:03

热心网友 时间：2022-04-15 23:21