GNU PGP setup

  • 投稿日:
  • by hate

pgpで暗号化&復号
化したファイルをバッチプログラムでやりとりしたい。
そのためにsetup。バージョンは、gnupg-1.2.6-1。

■初期セットアップ

(1)GNU PGP用directoryの作成

% mkdir $HOME/.gnupg

(2)自分の鍵を作成

% gpg --gen-key


gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.

This program comes with ABSOLUTELY NO WARRANTY.

This is free software, and you are welcome to redistribute it

under certain conditions. See the file COPYING for details.



Please select what kind of key you want:

   (1) DSA and ElGamal (default)

   (2) DSA (sign only)

   (4) RSA (sign only)

Your selection?

DSA keypair will have 1024 bits.

About to generate a new ELG-E keypair.

              minimum keysize is  768 bits

              default keysize is 1024 bits

    highest suggested keysize is 2048 bits

What keysize do you want? (1024)

Requested keysize is 1024 bits

Please specify how long the key should be valid.

         0 = key does not expire

        = key expires in n days



      w = key expires in n weeks

      m = key expires in n months

      y = key expires in n years

Key is valid for? (0)

Key does not expire at all

Is this correct (y/n)? y



You need a User-ID to identify your key; the software constructs the user id

from Real Name, Comment and Email Address in this form:

    "Heinrich Heine (Der Dichter) "



Real name: 自分の名前

Email address:

Comment:

You selected this USER-ID:

    "自分の名前"



Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

You need a Passphrase to protect your secret key.



We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

+++++++++++++++++++++++++.++++++++++.+++++++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++>++++++++++......>.+++++..+++++





Not enough random bytes available.  Please do some other work to give

the OS a chance to collect more entropy! (Need 300 more bytes)

ここでエントロピーが足りないといわれる。
キーボードをバンバン叩けといわれるが、ネットワーク越しだと意味無。
/dev/nullにランダム文字列を叩き込んだりする。

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++..+++++++++++++++++++++++++.++++++++++.++++++++++.+++++++++++++++.++++++++++.+++++++++++++++.+++++..++++++++++++++++++++++++++++++>...+++++....>+++++......................<+++++............>+++++.....>+++++<+++++...+++++^^^
gpg: /home/アカウント/.gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.


pub  1024D/737FFC6D 2007-03-13 自分の名前

     Key fingerprint = EB39 089F 805F CA6E 7D15  F421 73AB 3B70 737F FC6D

sub  1024g/07A69A7F 2007-03-13

(3)相手の公開鍵を取り込む

% gpg --import 相手の公開鍵ファイル
gpg: key 942ED87C: public key "相手の名前" imported
gpg: Total number processed: 1
gpg:               imported: 1

 一応、鍵リストを確認。

% gpg --list-keys
/home/自分のアカウント/.gnupg/pubring.gpg
-------------------------------
pub  1024D/737FFC6D 2007-03-13 自分の名前


sub  1024g/07A69A7F 2007-03-13

pub  1024D/942ED87C 2007-03-10 相手の名前

sub  1024g/9720D318 2007-03-10

(5)相手をtrustする
このままだと暗号化するたびに「ほんとに信頼していいの?」という
プロンプトがでて、バッチ実行できない。
TRUST(信頼)処理を実行する。

% gpg --edit-keye 相手の名前
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.


pub  1024D/942ED87C  created: 2007-03-10 expires: never      trust: -/-

sub  1024g/9720D318  created: 2007-03-10 expires: never

(1). 相手の名前



Command> trust

pub  1024D/942ED87C  created: 2007-03-10 expires: never      trust: -/-

sub  1024g/9720D318  created: 2007-03-10 expires: never

(1). 相手の名前



Please decide how far you trust this user to correctly

verify other users'' keys (by looking at passports,

checking fingerprints from different sources...)?



 1 = Don''t know

 2 = I do NOT trust

 3 = I trust marginally

 4 = I trust fully

 5 = I trust ultimately

 m = back to the main menu



Your decision? 5

Do you really want to set this key to ultimate trust? yes



pub  1024D/942ED87C  created: 2007-03-10 expires: never      trust: u/-

sub  1024g/9720D318  created: 2007-03-10 expires: never

(1). 相手の名前

Please note that the shown key validity is not necessarily correct

unless you restart the program.

(6)自分の公開鍵を取り出す

                                                                         2720,1        72%
% gpg -a --export 自分の名前> my.pub

my.pubを相手に送る。


■暗号化&復号化

暗号化

% gpg --batch --yes -ea -r 相手の名前 ファイル名

復号化

% gpg ファイル名