GNU / Linux gpg如何使用私钥加密

Question

编辑：抱歉让您感到困惑。实际上我想知道是否可以使用私钥加密。 （这自动意味着签名。） 我希望通过运行脚本在C程序中执行此操作。

btw，用私钥加密是一个好主意，向观众发送一条签名的邮件，用我的公钥解密它？

老问题： 如何在GNU / Linux中使用我自己的私钥用gpg“签名”文件？我看到了手册页，但它没有提供任何关于此的信息。 另外，对方如何验证以这种方式创建的签名？

如果可能，请提供命令行选项以完成此操作。

我在SO上看到了其他问题，但他们谈论的是Android，JAVA等。我只想要命令行选项。 THX。

Answer 1

实际上的手册页提供了有关签名的信息。

有三个主要选择：

1. 直接使用-s / --sign 签署文件
   • 完全修改文件，在其中嵌入签名 - 可以使用或不使用-a ASCII装甲选项
2. 直接使用-s / --sign与--clearsign 签署文件
   • 使用纯文本ASCII签名
   包装文件
3. 使用-b / --detach-sign 创建分离签名
   • 将签名保存到单独的文件中 - 可以使用或不使用-a

以下是我依次进行逐步验证然后进行验证的示例。

1. 嵌入式签名，修改原始文件（需要使用gpg -d来获取文件的原始内容）。

   $ cp /etc/issue .
   $ gpg -sa <issue>issue.asc
   
   You need a passphrase to unlock the secret key for
   user: "Rsaw Rsaw <rsaw@devnull>"
   2048-bit RSA key, ID 211A2D3E, created 2012-08-24
   
   $ cat issue.asc   
   -----BEGIN PGP MESSAGE-----
   Version: GnuPG v1.4.12 (GNU/Linux)
   
   owEBcQGO/pANAwACASZpDtshGi0+ActBYgBQoI3pRmVkb3JhIHJlbGVhc2UgMTcg
   KEJlZWZ5IE1pcmFjbGUpCktlcm5lbCBcciBvbiBhbiBcbSAoXGwpCgqJARwEAAEC
   AAYFAlCgjekACgkQJmkO2yEaLT5C3Af/fGDDoCA+6ddDUqbOZa96RNZrQPvvuT2m
   ZnPEnXonqkTEf0OLOJFHWPTsMK5SKdSWx14gvaiSbQTGTKdqUiaSBfBs+tenJ39S
   zQrZPctqKYvBbk848qiBO6tHgf8npNmg2yeY2YKjR6+02bHadg9wiujjazutuSKY
   xEDvaIoDpCl1bsbOF7ZI8zxcpFx366PZybC/fEvA+R4sDFP4QiYDPg0MKmrUlsJa
   1l9gE8e1LEZC2wXDuSCffL6dODFbCvHgU4IyUze1lX5CZHFPs5Y9kI+yBb9f9sYH
   UzOHJDISHMephS1WPqP5JXlkwiiUNTEk4qnTQRalud+yAHBeEZtrtA==
   =fYHs
   -----END PGP MESSAGE-----
   $ gpg --verify issue.asc 
   gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ gpg -d issue.asc 
   Fedora release 17 (Beefy Miracle)
   Kernel \r on an \m (\l)
   
   gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   

2. 包装清晰签名。

   $ gpg -s --clearsign <issue>issue.asc
   
   You need a passphrase to unlock the secret key for
   user: "Rsaw Rsaw <rsaw@devnull>"
   2048-bit RSA key, ID 211A2D3E, created 2012-08-24
   
   $ cat issue.asc   
   -----BEGIN PGP SIGNED MESSAGE-----
   Hash: SHA1
   
   Fedora release 17 (Beefy Miracle)
   Kernel \r on an \m (\l)
   
   -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.12 (GNU/Linux)
   
   iQEcBAEBAgAGBQJQoI65AAoJECZpDtshGi0+XLwH/0q7M+6aVvM2XMwy36R+zbYv
   IjF/GBUgEFRO53a0xCi6lhw10Wp4tpmZLeJJwFb2xNGu7/1SaB4pk/PhSk4xU5Bx
   3FepXaHvbwoB+Km2jqCnB1BNowJa4UecPk7pBoBPbBFv6GomecMYv1a3tORStmwe
   3UIF99HgCilivjbJoGI6h7en7yq2LwwQLpHNs8dY8rlurQfHM5CMv5RpF9jCDEJS
   MHKN52Urcx1/ROam/YjyP+Pa+PZF4x19q+obdHOsNCyqAIlYcfsUjCoiCGF8FjPM
   00ha0aaw9dHezmqyAE9nWE5SYB571iVcO1xIoGk+jl78HSwpxpf5hssavDwT2go=
   =o6WZ
   -----END PGP SIGNATURE-----
   $ gpg -v issue.asc
   gpg: armor header: Hash: SHA1
   gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
   gpg: original file name=''
   File `issue' exists. Overwrite? (y/N) 
   gpg: Interrupt caught ... exiting
   
   $ gpg --verify issue.asc
   gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ gpg -d issue.asc
   Fedora release 17 (Beefy Miracle)
   Kernel \r on an \m (\l)
   
   gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   

3. 分离签名（需要与签名文件同名，加上.sig或.asc的扩展名或要求用户明确指定detached-sig-file和signed文件）。

   $ gpg -ba <issue>issue.sig
   
   You need a passphrase to unlock the secret key for
   user: "Rsaw Rsaw <rsaw@devnull>"
   2048-bit RSA key, ID 211A2D3E, created 2012-08-24
   
   $ cat issue.sig   
   -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.12 (GNU/Linux)
   
   iQEcBAABAgAGBQJQoI8zAAoJECZpDtshGi0+x2cH/RsM2LAeXTZkL792jJTVyoyg
   Iz/RT3aBZqnqXu2H4O2YB897Qr4vbnoCc5uaTxm4z4jujkRs5l5vfL184Yui+o9g
   eJW/Q+RegiMdgZMGY48xqz0sJMM1q2nJGy1c5qqX59IuUzslVkw+HxzPnChQHDBV
   B7EraKoIvJS8KzHdXF/sQtUnJAlg4ItKW/uc/gNRz7G2O9tCdyTuddlTA6b3dV0I
   gYCeF3TMgBMpkrDyYmVc9BkheIZDwy9ce1sRDYFmGpbD/Smae4mXeTgurEbe2bFJ
   TqRkB4tMMl4xRd1s+Wtbj3f3hxsLTZn3Wq1n9UlL5Ga/+Tx3gZQAIUYLPwwyD7k=
   =G2Qp
   -----END PGP SIGNATURE-----
   $ gpg --verify issue.sig
   gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ mv issue.sig my-issue.sig
   $ gpg --verify -v my-issue.sig
   gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
   gpg: no signed data
   gpg: can't hash datafile: file open error
   $ gpg --verify my-issue.sig issue
   gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   $ mv my-issue.sig issue.asc
   $ gpg -v --verify issue.asc
   gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
   gpg: assuming signed data in `issue'
   gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
   gpg: using PGP trust model
   gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
   gpg: binary signature, digest algorithm SHA1
   

所以这应该涵盖那个。

为了将来参考，此问题不应发布在Stackoverflow上，并且可能会被移动或关闭。它属于Unix and Linux或Superuser。