memo.xight.org

日々のメモ

GnuPG - GPGの使い方

Install

# aptitude install gnupg


鍵の生成

% gpg --gen-key


gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n> = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Yoshiki Sato
Email address: yoshiki@example.com
Comment:
You selected this USER-ID:
    "Yoshiki Sato <yoshiki@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++++++++++++++++++++++.+++++++++++++++++++++++++.+++++.+++++.+++++.+++++.+++++.
+++++.++++++++++++++++++++...+++++++++++++++.+++++.++++++++++.+++++...>+++++.......
.............................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..++++++++++++++++++++..+++++.+++++.++++++++++.+++++.++++++++++++++++++++++++++++++
.++++++++++++++++++++.++++++++++.+++++++++++++++++++++++++++++++++++++++++++++>++++
+......................>+++++..<+++++..............................................
...........+++++^^^
gpg: key 9C156761 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
pub 1024D/9C156761 2006-01-05
Key fingerprint = 3683 1E3B F97E CFB4 CFE7 71BD 4E85 148A 9C15 6761
uid Yoshiki SATO <yoshiki@example.com>
sub 2048g/C07F39C3 2006-01-05


鍵の一覧を表示

% gpg --list-keys
/home/yoshiki/.gnupg/pubring.gpg

----------------------------
pub 1024D/3CE5C693 2006-01-05
uid Yoshiki SATO <yoshiki@exmaple.com>
sub 2048g/2A6E3C6C 2006-01-05


自分の公開鍵を公開

% gpg -a --export

-BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)

mQGiBEO8ikYRBADUOTickRiPcYQlJhtidXYaWO4K5xWIv8ltafzWYD6Y+FPBSRl3
vYRJvfz7Rf1B2+PaMX8jb/XhxLB68UU6whwtwuwkmIKpMo7xaBXU8AtnwLJAYDbm
BCRUN0My+OebJ1ZmV/V+g0TuPR+aWMfYgCl+Kwnne6nlR9SpPguv8a+cvwCgl7g1
g/brar8MK9vWJehRVjLRlrEEAI0hLF0H2o32edf5G6MAdazh4pmIKTiGcl65ayZX
WSpFrVOps4gYkLGa9xgKJOuu3XZrSFQIIoyrSWe4q6sVz5kNz0+5rVUifgqWVeKe
gv3TEt1pNlyzAbkNtEsYPoZ6cyfjy124p+CTQOQgB3Jne6zS004OZVqCCFuqtHx/
NzqbBAC/ekqwN/47J0OoMjMFdXpkC9Lh7V9Z2n62/hFoWokS7yyKzjwUVZflZnYw
wAofAyV1AFX8xJZR4RzKBHuiD620ZArP7+IfuVtMsbsHsSyFruuPUfIrvN9vDyVX
eKNPGTTJCS5Gr9I3eZ61QUhluJEVJIVTVTqALxD7Vr/NTli++bQgWW9zaGlraSBT
YXRvIDx5b3NoaWtpQHhpZ2h0Lm9yZz6IXgQTEQIAHgUCQ7yKRgIbAwYLCQgHAwID
FQIDAxYCAQIeAQIXgAAKCRBlyvLVPOXGkyZwAKCUlmkGBJ55EX0+ctFPKbRcf8Q0
aQCdF7YLdsX5I80zyDEeli3cnrV+eNq5Ag0EQ7yKVBAIAKUxEg+147hMmChAX1A7
kGEaSWsZ9yOf8jCcURZ/gsmxicsX2mx8CtxwlVCiQFag0xxQ3oXIN/X60AQOVty9
g2CiSfosuMHzmWZhWK9i97iJ+QBo05DTb+Py1vHwAvRkLpWidQzO71xxufm19w+Q
4hVzsFXCK40nFdtxBnMw3m+/tPIrsvIYUMR6m+YFaTm92lPNMHx4H9HrUp27fynA
2mxojHm1HYDkb6WRimzuBbyBN4s5IMRjrlg7tDH6BW/+b1u34UEmRAARM1SP0PsD
hfBHXeo7fWL2g6hZUGH7XgMC4FHoW6A2l7Iyk511pmDmLypEXwXKngrXtw7L5C8X
7E8AAwUH/j8fvigOJ5GcM/fFm+acAKmklEJD93AnKkRehcxsYZGJnlI+j9617/3Y
EZr8axDI3t9cRKEapa3CySOyE3pc/PEorMDMXYcTfiDgJZ2te13/usbOaprzkGWj
aFKA6LHuXmm1WccvmK9ILLEWiK/lXFiJ6179byltkM0dgzGAIDr5RdSnpEojzVUM
K3gn1lBLLY5zj3c2tyjuES4c1BmT+tlmECdmcinM5sS3eOLGRHGEh6iHnbwCMc1G
AYHeuuLg0TwVuBHs5c+CeHFMV1zg2BlcrTSYHPeNDjK4l4SAk+KYXG8mE+mIpwpO
H5fyEJApVH2s1+K6E9d59yT4j/7FZq2ISQQYEQIACQUCQ7yKVAIbDAAKCRBlyvLV
POXGk7S8AKCLyaK3SiOmIzbSItYEhTZ+sr2emACgl59eyf/0HqkGUJHFF/DIDZjo
Zk8=
=BexV

-END PGP PUBLIC KEY BLOCK-----


他の人の公開鍵を登録

例: The Linux Kernel Archives OpenPGP Signature

1. 公開鍵の保存
http://www.kernel.org/signature.html

-BEGIN PGP PUBLIC KEY BLOCK----- から

-END PGP PUBLIC KEY BLOCK----- までをコピーして
linux-kernel.pub というファイル名で保存する.

$ gpg --import linux-kernel.pub
gpg: key 517D0F0E: public key "Linux Kernel Archives Verification Key <ftpadmin@kernel.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u


2. フィンガープリントの確認

$ gpg --fingerprint 517D0F0E
pub 1024D/517D0F0E 2000-10-10
      Key fingerprint = C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
      uid Linux Kernel Archives Verification Key <ftpadmin@kernel.org>
      sub 4096g/E50A8F2A 2000-10-10


Reference

GnuPG:使い方
http://szk-st.net/~takashi/linux/tips/gnupg--usage.html
GnuPG - Linux Wiki
http://oku.edu.mie-u.ac.jp/~okumura/linux/?GnuPG