> 데이터 베이스 > MySQL 튜토리얼 > Signing PGP keys_MySQL

Signing PGP keys_MySQL

WBOY
풀어 주다: 2016-06-01 13:08:05
원래의
1304명이 탐색했습니다.

If you’ve recently completed a key signing party or have otherwise met up with other people and have exchanged key fingerprints and verified IDs, it’s now time to sign the keys you trust.  There are several different ways of completing this task and I’ll discuss two of them now.

caff

CA Fire and Forget (caff) is a program that allows you to sign a bunch of keys (like you might have after a key signing party) very quickly.  It also adds a level of security to the signing process by forcing the other person to verify that they have both control over the email address provided and the key you signed.  The way caff does this is by encrypting the signature in an email and sending it to the person.  The person who receives the message must also decrypt the message and apply the signature themselves.  Once they sync their key with the key server the new signatures will appear for everyone.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --refresh-key
로그인 후 복사

There is somesetup of caffthat needs to be done prior but once you have it setup it’ll be good to go.

Installing caff

Installing caff is pretty easy although there might be a little trick.  In Fedora there isn’t a caff package.  Caff is actually in the pgp-tools package; other distros may have this named differently.

Using caff

Once you have caff installed and setup, you just need to tell caff what key IDs you would like to sign.  “man caff” will give you all the options but basically ‘caff -m no -u ‘ will sign all the keys listed after your key.  You will be asked to verify that you do want to sign the key and then caff will sign the key and mail it off.  The user will receive an email, per user id on the key, with instructions on importing the signature.

Signing a key with GnuPG

The other way of signing a PGP key is to use GnuPG.  Signing a key this way will simply add the signature to the key you have locally and then you’ll need to send those keys out to the key server.

Retrieving keys using GnuPG

The first thing that you have to do is pull the keys down from the keyserver.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys...
로그인 후 복사

Once you have received all the keys you can then sign them.  If someone’s key is not there you should probably contact them and ask them to add their key to the servers.  If they already have uploaded their key, it might take a couple of hours before it is sync’d everywhere.

Using GnuPG

Signing a key is pretty straightforward:

$ gpg --sign-key 1bb943dbpub 1024D/1BB943DB created: 2010-02-02 expires: never usage: SCtrust: unknown validity: unknownsub 4096g/672557E6 created: 2010-02-02 expires: never usage: E [ unknown] (1). MariaDB Package Signing Key <package-signing-key>[ unknown] (2) Daniel Bartholomew (Monty Program signing key) <dbart>Really sign all user IDs? (y/N) ypub 1024D/1BB943DB created: 2010-02-02 expires: never usage: SCtrust: unknown validity: unknown Primary key fingerprint: 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DBMariaDB Package Signing Key <package-signing-key> Daniel Bartholomew (Monty Program signing key) <dbart>Are you sure that you want to sign this key with yourkey "Eric Harlan Christensen <eric>" (024BB3D1)Really sign? (y/N) y</eric></dbart></package-signing-key></dbart></package-signing-key>
로그인 후 복사

In the example I signed the MariaDB key with my key.  Once that is complete a simple:

gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key 1BB943DB
로그인 후 복사

…will send the new signature to the key servers.

원천:php.cn
본 웹사이트의 성명
본 글의 내용은 네티즌들의 자발적인 기여로 작성되었으며, 저작권은 원저작자에게 있습니다. 본 사이트는 이에 상응하는 법적 책임을 지지 않습니다. 표절이나 침해가 의심되는 콘텐츠를 발견한 경우 admin@php.cn으로 문의하세요.
인기 튜토리얼
더>
최신 다운로드
더>
웹 효과
웹사이트 소스 코드
웹사이트 자료
프론트엔드 템플릿