Created: 2017-10-21 土 11:00
Free Software Project of FSIJ
At work | |
Home | |
On the Go |
NO!
But…
GnuPG is designed to be end-to-end
Import the keys:
$ gpg --import gpg-release-keys.asc
gpg: key 249B39D24F25E3B6: public key "Werner Koch (dist sig)" imported
gpg: key 04376F3EE0856959: public key "David Shaw (GnuPG Release Signing Key) " imported
gpg: key 2071B08A33BD3F06: public key "NIIBE Yutaka (GnuPG Release Key) " imported
gpg: key 8A861B1C7EFD60D9: public key "Werner Koch (Release Signing Key)" imported
gpg: key 53B620D01CE0C630: public key "Werner Koch (dist sig) " imported
gpg: key 68B7AB8957548DCD: public key "Werner Koch (gnupg sig) " imported
gpg: Total number processed: 6
gpg: imported: 6
Verify the release
$ gpg --verify gnupg-2.2.1.tar.bz2.sig gnupg-2.2.1.tar.bz2
gpg: Signature made Tue Sep 19 15:23:06 2017 JST
gpg: using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
gpg: Signature made Wed Sep 20 17:00:09 2017 JST
gpg: using RSA key 031EC2536E580D8EA286A9F22071B08A33BD3F06
gpg: Good signature from "NIIBE Yutaka (GnuPG Release Key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
Create your own key:
$ gpg --yes --quick-gen-key "NIIBE Yutaka "
[INPUT YOUR PASSPHRASE HERE, TWICE]
Certify keys by:
$ gpg --quick-lsign-key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
$ gpg --quick-lsign-key 031EC2536E580D8EA286A9F22071B08A33BD3F06
Verify again
$ gpg --verify gnupg-2.2.1.tar.bz2.sig gnupg-2.2.1.tar.bz2
gpg: Signature made Tue Sep 19 15:23:06 2017 JST
gpg: using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [full]
gpg: Signature made Wed Sep 20 17:00:09 2017 JST
gpg: using RSA key 031EC2536E580D8EA286A9F22071B08A33BD3F06
gpg: Good signature from "NIIBE Yutaka (GnuPG Release Key) " [full]
Encrypt and decrypt
$ date > some-file.txt
$ gpg -r gniibe@fsij.org -e some-file.txt
$ gpg -d some-file.txt.gpg
gpg: encrypted with 2048-bit RSA key, ID FD4F434ECA32C80C, created 2017-10-20
"NIIBE Yutaka "
Sat Oct 21 08:51:01 JST 2017
gniibe
also makes hardware design: FST-01
10sec for 100 signatures by gpg --detach-signature
./run-sig.sh
Signing 100 times.
Thu Sep 8 13:42:40 JST 2016
....................
Thu Sep 8 13:42:50 JST 2016
21sec for 100 decryptions by gpg --decrypt
$ ./run-dec.sh
Decrypt 100 times.
Thu Sep 8 13:43:48 JST 2016
....................
Thu Sep 8 13:44:09 JST 2016
Shows card information
$ gpg --card-status
Reader ...........: 234B:0000:FSIJ-1.2.1-87193059:0
Application ID ...: D276000124010200FFFE871930590000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87193059
Name of cardholder: Yutaka Niibe
Language prefs ...: ja
Sex ..............: male
URL of public key : [not set]
Login data .......: gniibe
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3128
Signature key ....: 249C B377 1750 745D 5CDD 323C E267 B052 364F 028D
created ....: 2015-08-12 07:10:48
Encryption key....: E228 AB42 0F73 3B1D 712D E50C 850A F040 D619 F240
created ....: 2015-08-12 07:10:48
Authentication key: E63F 31E6 F203 20B5 D796 D266 5F91 0521 FAA8 05B1
created ....: 2015-08-12 07:16:14
General key info..: pub ed25519/E267B052364F028D 2015-08-12 NIIBE Yutaka
sec> ed25519/E267B052364F028D created: 2015-08-12 expires: never
card-no: FFFE 87193059
ssb> cv25519/850AF040D619F240 created: 2015-08-12 expires: never
card-no: FFFE 87193059
ssb> ed25519/5F910521FAA805B1 created: 2015-08-12 expires: never
card-no: FFFE 87193059
Just as same when private keys are on host
$ gpg --sign gnuk-1_2.org
$ gpg --clearsign gnuk-1_2.org
$ gpg --detach-sign gnuk-1_2.org
Just as same when private keys are on host
$ gpg --decrypt gnuk-1_2.org.gpg
Authentication key can be used for SSH
$ ssh YOUR-SERVER
Created by gniibe.