首页 > 代码库 > GnuPG高级指导(3)导出私钥

GnuPG高级指导(3)导出私钥

 

1 为什么要导出分发私钥

 

友情提示:分发私钥,是危险的!

 

我有好几个电脑,只想用一对密钥;也就是说我需要把我的私钥,放到那几个电脑上。这样,我就就可以在任意电脑上,解密和签名以及其他。

 

 

1       怎么做

使用(临时)公钥把私钥加密,然后传到我的其他某个电脑,再解密。

 

 

3 我的debian8,生成(临时)密钥

 

root@debian8:~# gpg -K

root@debian8:~# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

root@debian8:~#

root@debian8:~#

 

(编辑这个key,并且修改trust)

 

 

root@debian8:~# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec  1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid                  debian8

ssb   2048g/C1845DA4 2016-11-25

 

root@debian8:~# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

pub   1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid                  debian8

sub   2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]

 

root@debian8:~#

 

 

 

4 我的Centos7,生成(临时)密钥

 

[root@centos7 ~]# gpg -K

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

[root@centos7 ~]#

[root@centos7 ~]#

 

(编辑这个key,并且修改trust)

 

 

[root@centos7 ~]# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec  1024D/28D414A1 2016-11-25 [expires: 2016-12-09]

uid                  centos7

ssb   2048g/CDA873F4 2016-11-25

 

[root@centos7 ~]# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

pub   1024D/28D414A1 2016-11-25 [expires: 2016-12-09]

uid                  centos7

sub   2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]

 

[root@centos7 ~]#

 

 

5 导出2个(临时)公钥给我的(opensuse13)电脑

 

root@debian8:~# gpg -a -o debian8.pub.key --export D04D1A0B

root@debian8:~#

root@debian8:~#

root@debian8:~# l debian8.pub.key

-rw-r--r-- 1 root root 1645 Nov 25 23:16 debian8.pub.key

root@debian8:~#

root@debian8:~# scp debian8.pub.key root@192.168.19.147:/root/

Password:

debian8.pub.key                            100% 1645     1.6KB/s   00:00

root@debian8:~#

root@debian8:~#

 

[root@centos7 ~]# gpg -a -o centos7.pub.key --export 28D414A1

[root@centos7 ~]# ls -l centos7.pub.key

-rw-r--r--. 1 root root 1662 Nov 25 23:15 centos7.pub.key

[root@centos7 ~]#

[root@centos7 ~]# scp centos7.pub.key root@192.168.19.147:/root/

Password:

centos7.pub.key                            100% 1662     1.6KB/s   00:00

[root@centos7 ~]#

 

 

 

5 我的(opensuse13)电脑导入2个(临时)公钥

 

opensuse13:~ # gpg --import debian8.pub.key

gpg: key D04D1A0B: public key "debian8" imported

gpg: Total number processed: 1

gpg:               imported: 1

opensuse13:~ # gpg --import centos7.pub.key

gpg: key 28D414A1: public key "centos7" imported

gpg: Total number processed: 1

gpg:               imported: 1

opensuse13:~ #

 

(编辑这二个key,并且修改trust)

 

 

opensuse13:~ # gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid       [ultimate] FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

 

pub   1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid       [unknown] debian8

sub   2048g/C1845DA4 2016-11-25 [expires: 2016-12-09]

 

pub   1024D/28D414A1 2016-11-25 [expires: 2016-12-09]

uid       [unknown] centos7

sub   2048g/CDA873F4 2016-11-25 [expires: 2016-12-09]

 

opensuse13:~ #

 

整个过程的唯一不安全的地方就在这里,通过scp分发2个“临时”公钥;没有涉及认证,也没有签名!其实可以签名一下,或者对比指纹fingerprint,达到认证这2个公钥的效果。

 

 

6 我的(opensuse13)导出我的私钥

 

opensuse13:~ # gpg -K

/root/.gnupg/secring.gpg

------------------------

sec   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

ssb   4096R/0A09DAC9 2016-11-25

 

opensuse13:~ # gpg -a -o FranklinYang.rsa.sec.key --export-secret-keys 276856F7

opensuse13:~ # l FranklinYang.rsa.sec.key

-rw-r--r-- 1 root root 3132 Nov 25 21:19 FranklinYang.rsa.sec.key

opensuse13:~ #

 

或者:

 

opensuse13:~ #

opensuse13:~ # gpg -o FranklinYang.sec.key --export-secret-keys FranklinYang

opensuse13:~ #

opensuse13:~ #

GnuPG高级指导(3)导出私钥