首页 > 数据库 > mysql教程 > Signing PGP keys_MySQL

Signing PGP keys_MySQL

WBOY
发布: 2016-06-01 13:08:05
原创
1302 人浏览过

If you’ve recently completed a key signing party or have otherwise met up with other people and have exchanged key fingerprints and verified IDs, it’s now time to sign the keys you trust.  There are several different ways of completing this task and I’ll discuss two of them now.

caff

CA Fire and Forget (caff) is a program that allows you to sign a bunch of keys (like you might have after a key signing party) very quickly.  It also adds a level of security to the signing process by forcing the other person to verify that they have both control over the email address provided and the key you signed.  The way caff does this is by encrypting the signature in an email and sending it to the person.  The person who receives the message must also decrypt the message and apply the signature themselves.  Once they sync their key with the key server the new signatures will appear for everyone.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --refresh-key
登录后复制

There is somesetup of caffthat needs to be done prior but once you have it setup it’ll be good to go.

Installing caff

Installing caff is pretty easy although there might be a little trick.  In Fedora there isn’t a caff package.  Caff is actually in the pgp-tools package; other distros may have this named differently.

Using caff

Once you have caff installed and setup, you just need to tell caff what key IDs you would like to sign.  “man caff” will give you all the options but basically ‘caff -m no -u ‘ will sign all the keys listed after your key.  You will be asked to verify that you do want to sign the key and then caff will sign the key and mail it off.  The user will receive an email, per user id on the key, with instructions on importing the signature.

Signing a key with GnuPG

The other way of signing a PGP key is to use GnuPG.  Signing a key this way will simply add the signature to the key you have locally and then you’ll need to send those keys out to the key server.

Retrieving keys using GnuPG

The first thing that you have to do is pull the keys down from the keyserver.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys...
登录后复制

Once you have received all the keys you can then sign them.  If someone’s key is not there you should probably contact them and ask them to add their key to the servers.  If they already have uploaded their key, it might take a couple of hours before it is sync’d everywhere.

Using GnuPG

Signing a key is pretty straightforward:

$ gpg --sign-key 1bb943dbpub 1024D/1BB943DB created: 2010-02-02 expires: never usage: SCtrust: unknown validity: unknownsub 4096g/672557E6 created: 2010-02-02 expires: never usage: E [ unknown] (1). MariaDB Package Signing Key <package-signing-key>[ unknown] (2) Daniel Bartholomew (Monty Program signing key) <dbart>Really sign all user IDs? (y/N) ypub 1024D/1BB943DB created: 2010-02-02 expires: never usage: SCtrust: unknown validity: unknown Primary key fingerprint: 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DBMariaDB Package Signing Key <package-signing-key> Daniel Bartholomew (Monty Program signing key) <dbart>Are you sure that you want to sign this key with yourkey "Eric Harlan Christensen <eric>" (024BB3D1)Really sign? (y/N) y</eric></dbart></package-signing-key></dbart></package-signing-key>
登录后复制

In the example I signed the MariaDB key with my key.  Once that is complete a simple:

gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key 1BB943DB
登录后复制

…will send the new signature to the key servers.

来源:php.cn
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热门教程
更多>
最新下载
更多>
网站特效
网站源码
网站素材
前端模板