2006 г.
Справочник по Debian
[
назад ]
[
Содержание ]
[
1 ]
[
2 ]
[
3 ]
[
4 ]
[
5 ]
[
6 ]
[
7 ]
[
8 ]
[
9 ]
[
10 ]
[
11 ]
[
12 ]
[
13 ]
[ 14 ]
[
15 ]
[
A ]
[
вперед ]
Osamu Aoki, перевод Ильи В. Головко, qref.sourceforge.net
Глава 14 - GnuPG
References:
-
gpg(1)
.
-
/usr/share/doc/gnupg/README.gz
-
GNU privacy handbook in
/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/
(install
gnupg-doc
package)
14.1 Installing GnuPG
# gpg --gen-key # generate a new key
# gpg --gen-revoke my_user_ID # generate revoke key for my_user_ID
# host -l pgp.net | grep www|less # figure out pgp keyservers
As of now, good keyservers are:
keyserver wwwkeys.eu.pgp.net
keyserver wwwkeys.pgp.net
Here one must be careful not to create more than 2 sub-keys.
If you do, keyservers on pgp.net will corrupt your key. Use
the newer gnupg
(>1.2.1-2) to handle these corrupted subkeys.
See http://fortytwo.ch/gpg/subkeys
.
Also, only one keyserver can be specified in $HOME/.gnupg/options
.
Unfortunately, the following does not work any more:
keyserver search.keyserver.net
keyserver pgp.ai.mit.edu
14.2 Using GnuPG
File handling:
$ gpg [options] command [args]
$ gpg {--armor|-a} {--sign|-s} file # sign file into a text file.asc
$ gpg --clearsign file # clear-sign message
$ gpg --clearsign --not-dash-escaped patchfile # clear-sign patchfile
$ gpg --verify file # verify clear-signed file
$ gpg -o file.sig {-b|--detach-sig} file # create detached signature
$ gpg --verify file.sig file # verify file with file.sig
$ gpg -o crypt_file {--recipient|-r} name {--encrypt|-e} file
# public-key encryption intended for name
$ gpg -o crypt_file {--symmetric|-c} file # symmetric encryption
$ gpg -o file --decrypt crypt_file # decryption
14.3 Managing GnuPG
Key management:
$ gpg --edit-key user_ID # "help" for help, interactive
$ gpg -o file --exports # export all keys to file
$ gpg --imports file # import all keys from file
$ gpg --send-keys user_ID # send key of user_ID to keyserver
$ gpg --recv-keys user_ID # recv. key of user_ID from keyserver
$ gpg --list-keys user_ID # list keys of user_ID
$ gpg --list-sigs user_ID # list sig. of user_ID
$ gpg --check-sigs user_ID # check sig. of user_ID
$ gpg --fingerprint user_ID # check fingerprint of user_ID
$ gpg --list-sigs | grep '^sig' | grep '[User id not found]' \
| awk '{print $2}' | sort -u | xargs gpg --recv-keys # get unknown keys
# update keys for all unknown sigs.
Trust code:
- No ownertrust assigned / not yet calculated.
e Trust calculation has failed.
q Not enough information for calculation.
n Never trust this key.
m Marginally trusted.
f Fully trusted.
u Ultimately trusted.
The following will upload my key "A8061F32" to multiple
keyservers:
$ for xx in us es cz de dk uk ch net.uk earth.net.uk; \
$ do gpg --keyserver wwwkeys.$xx.pgp.net --send-keys A8061F32; done
14.4 Using GnuPG with applications
14.4.1 Using GnuPG with Mutt
Add the following to ~/.muttrc
to keep a slow GnuPG from
automatically starting, while allowing it to be used by typing `S'
at the index menu.
macro index S ":toggle pgp_verify_sig\n"
set pgp_verify_sig=no
14.4.2 Using GnuPG with Vim
Add the contents of _vimrc
obtained from the examples
subdirectory
into ~/.vimrc
to run GnuPG transparently.
[ назад ]
[ Содержание ]
[ 1 ]
[ 2 ]
[ 3 ]
[ 4 ]
[ 5 ]
[ 6 ]
[ 7 ]
[ 8 ]
[ 9 ]
[ 10 ]
[ 11 ]
[ 12 ]
[ 13 ]
[ 14 ]
[ 15 ]
[ A ]
[ вперед ]