GnuPG/zh-cn

这篇短小的指南将教给你GnuPG——一个用于安全通讯的工具——的基本用法.

你能从本指南中得到什么
This guide assumes that you are familiar with public-key cryptography, encryption, and digital signatures. If this is not the case take a look at the GnuPG handbook, chapter 2, and then come back.

本指南将教给你如何安装GnuPG，如何创建密钥对，如何将密钥添加到公钥环当中，如何将你的公钥提交到密钥服务器以及如何签名、加密、验证或者解密你发送或者接受到的消息. 你还可以了解到如何对本地计算机上的文件加密，以防止他人读到其中内容.

安装需要的软件
最基本的，你需要. 现在很多应用程序都在某种程度上支持gpg，所以在你的USE变量里加上“crypt”应该是个不错的主意. 如果你想使用支持gnupg的邮件客户端，你可以选择使用pine（ ）、mutt（ ）、Mozilla Thunderbird（ ）、evolution（一个类似于微软Outlook的GNOME软件），或者KDE自己的Kmail.

如果你使用KDE的话，你很可能对 感兴趣. 这个小程序可以帮助你生成密钥对、从ASCII文件导入密钥、对导入的密钥签名，以及帮助你导出密钥还有一些其他功能.

创建密钥
只需运行 就可以创建自己的密钥了. 它在第一次运行时会创建一些文件夹；再次运行可以创建密钥：

此时，你可以选择你想使用的密钥的类型. 大多数用户会选择默认的DSA和ElGamal类型. 接下来就是密钥的大小；需要注意，虽然密钥越大越好，但是可不要对DSA/ElGamal使用大于2048的值. 对于普通的电子邮件来说，2048已经足够了.

在指定密钥大小之后，需要指定的是密钥的有效期. 在这里，有效期却是越小越好，但是大多数用户会选择一个永远不会过期的密钥，或者指定有效期为2、3年.

Choosing key size

现在，你需要键入一些你自己的个人信息. 如果你想将自己的公钥送给其他人，那么在这里必须使用真实的电子邮件地址.

Entering user information

在这儿，请键入你的密码两次. 我推荐你使用一个比较复杂的密码. 因为，如果有人得到你的私钥并破解了你的密码，他们就可以发送冒充你的名义签名的消息，从而欺骗所有人相信这个邮件是你发送的.

接下来，GnuPG才会产生你的密钥. 动一下鼠标或者在后台播放一个mp3将有助于加速这个过程，因为这些动作都会帮助产生随机数据.

生成吊销证书
每当你创建了密钥，你必须同时创建这个密钥的吊销证书. 因为，一旦你的密钥发生不测（例如有人得到了你的密钥和密码），只有你提前这样做了，你才有能力吊销你的密钥使它无效.

使用 命令可以列出公钥环中的所有公钥. 你可以用它来查看你密钥的ID，然后生成该密钥的吊销证书. 现在，推荐你将.gnupg目录和吊销证书（ASCII形式的——）拷贝到比较安全的媒体（两张软盘或者一张CD-R，并且，请将其保存在比较安全的地方）当中. 请务必记住，将来你可以使用来吊销密钥使密钥失效.

导出密钥
输入 来导出你的密钥. 任何时候你都可以使用密钥ID或者其他可以唯一确定该密钥的东西（这里我们使用了电子邮件地址）作为参数. John现在得到了. 他可以将这个文件发送给朋友，或者贴到他自己的网页上去，以便人们可以安全的同他通讯.

导入密钥
为了将文件添加到你的公钥环中去，你必须先导入它，并且验证这个密钥的指纹才行. 在验证指纹之后，你还需要将它设为有效.

现在我们要将Luis Pinto（我的一位朋友）的公钥加入到我的公钥环之中去. 在给他打了个电话并且问到了他这个密钥的指纹之后，我仔细对照了一下该密钥的指纹和 命令的输出结果. 在确认这个密钥是真实的之后，我将其添加到我的公钥环之中. 这个密钥比较特殊，它将在2003年12月1日过期，所以我被问到是否要将我的签名设置为在同一天失效.

向密钥服务器发送密钥
现在你已经拥有了自己的密钥，要是能把它发送到遍布全球的密钥服务器上去就好了. 全世界有很多密钥服务器，大多数服务器之间会相互交换密钥. 这里我们试着将John Doe的密钥发送到subkeys.pgp.net服务器. 这样会用到HTTP协议，所以如果你在进行HTTP通讯的时候需要使用代理的话，别忘了设置它（ ）. 用来发送密钥的命令是 ，其中， 是密钥ID. 如果你并不需要HTTP代理，请去掉“--keyserver-options honor-http-proxy”选项.

你也可以将你签过名的其他人的密钥发送到密钥服务器上去. 比如，我们可以将Luis Pinto的密钥送上去. 这样的话，那些信任你的密钥的人可以使用你发送上去的签名来同样得信任Luis的密钥.

从密钥服务器取得密钥
Now we are going to search for Gustavo Felisberto's key and add it to the keyring of John Doe (just in case you did not notice Gustavo Felisberto is the author this guide :)).

As you can see from the server response I have a few keys submitted to the key server, but I currently only use B9F2D52A. Now John Doe can get it and sign it if he trusts it.

What is a GPG Agent?
Sometimes working with certain applications requires you to use your GPG key very frequently, which means that you have to type your passphrase a lot of times. Several applications used to support a passphrase caching mechanism to make life easier for users. However, this disallowed sharing this cache across programs (how secure would that be?) and forced applications to reinvent the wheel over and over again.

A GPG agent is a separate application that GPG uses to cache the passphrase in a standard and secure way. It allows applications to use GPG concurrently: if you enter your passphrase while working in one application, the other application can work with GPG without reiterating the request for the passphrase to unlock the key - if the GPG agent is configured to allow so, of course.

Gentoo provides a few GPG agent applications. The package contains what could be considered the reference one, and will be the one we'll use in this document.

Configuring gpg-agent and pinentry
GnuPG includes  and. is the helper application that gpg-agent uses to request the passphrase in a graphical window. It comes in three flavors: it can popup a window using the gtk+, Qt, or curses library (depending on your USE flags in ).

If you installed  with more than one popup window type, you can choose between them with  :

Now create a file called and enter the following lines which define the default timeout of the passphrase (e.g. 30 minutes) and the application to be called for when the passphrase should be retrieved the first time (e.g. the gtk+ version of pinentry).

Now configure GnuPG to use an agent when appropriate. Edit and add the following line:

Now your system is (almost) set to use the GPG agent.

Automatically Starting the GPG Agent
If you use KDE as your graphical environment, edit and uncomment the following (system-wide) or  (local user) and add the following command to it to have KDE automatically starting the GPG agent:

Additionally, uncomment the following in (system-wide) or add it to  (local user):

If you use a different graphical environment, put that line (the same one as mentioned above) in (if you use  ) or  (if you use XDM/GDM/KDM/...).

Encrypting and signing
Let's say that you have a file that you wish to send Luis. You can encrypt it, sign it, or encrypt it and sign it. Encrypting means that only Luis will be able to open it. The signature tells Luis that it was really you who created the file.

The next three commands will do just that, encrypt, sign and encrypt/sign.

This will create binary files. If you wish to create ASCII files, just add a  to the beginning of the command.

Decrypting and verifying signatures
Suppose that you have received a file which is encrypted to you. The command to decrypt it is. This will decrypt the document and verify the signature (if there is one).

Encrypting and decrypting without keys
It is also possible to encrypt files using passwords instead of keys. Well, the password itself will function as the key - it will be used as a symmetric cypher. You can encrypt the file using  's   argument; decrypting uses the same command as we talked about before.

GnuPG will ask for a passphrase and a passphrase verification.

Advanced Features
There are some nice advanced features in GnuPG. To find them, open the file.

Search for the above two lines and uncomment them. With this any time GnuPG needs to check a signature and it does not find the public key on the local keyring it will contact the key server at subkeys.pgp.net and will try to fetch it from there.

Another nice command is. This will contact the keyserver defined in the options file and refresh public keys in your local key ring from there, searching for revoked keys, new IDs, and new signatures on keys. You should probably run this once or twice a month so that if someone revokes his key you will be notified.

About email signatures
95% of the time you will use GnuPG with email, signing/encrypting your outgoing messages and reading signed/encrypted messages. So it is only fair that I talk about that first.

There are two ways two sign/encrypt a email with GnuPG, the old way and the new way :). In the old way messages would appear in plain text, with no possible formatting and attached files would be unsigned/unencrypted. Here is an example of a message signed the old way:

A plain text signature

Messages this way are no good in today's world, where we have nice GUIs and email readers that understand html.

To solve this an addition to the MIME (Multipurpose Internet Mail Extensions) was created. This adds a field to the email that tells the mail reader that the full content of the message is signed and/or encrypted. The problem with this is that not all mail readers support this. And some even mess up the content; Microsoft's Outlook is famous for not working with this.

Kgpg
Kgpg is a nice GUI for GnuPG. In the main screen you can paste the text that you wish to sign or encrypt, and you can also paste the ASCII armored text that you which to decrypt.

From within the main screen you can decrypt text (you will have to provide your password), encrypt other files, paste new text to sign....

Seahorse
Seahorse aims to be a GnuPG GUI interface for the Gnome desktop. The software has been evolving fast, but it still lacks many important features that can be found in Kgpg or the command line version.

KMail
If you have the  USE flag set, KMail will be compiled with gpg support, and will be able to encrypt and decrypt inline PGP mails automatically as well as encrypting OpenPGP/MIME mails. If you want to decrypt OpenPGP/MIME mails as well (which you probably want) you need to have a running GPG agent.

You can verify if KMail is properly configured by going to,  ,  ,. You should see a GpgME-based backend listed and you should be able to fill the OpenPGP checkbox. If it is listed but grayed out, click on. If the GpgME-based backend remains grayed out, KMail is not working properly.

If you still are unable to get KMail to behave, please see the KMail PGP HowTo page for more information.

Claws-Mail
This mail reader is very fast with big mailboxes, has all the nice features one wants in mail readers and works pretty well with gpg. The only problem is that it does not work with the old PGP signatures, so when you receive those kind of mails you have to hand check the signatures.

To use your gpg key with Claws-Mail just go to the account configuration and select the privacy tab. Once there just choose which key to use, probably most users will go with the default key.

Basic Public Key Cryptography
The concept of public key cryptography was originally devised by Whitfield Diffie and Martin Hellman in 1976. When I first heard the words "public key" and "cryptography" in the same sentence back in '93 I thought to myself that it would be impossible to do such a thing. In those days there was no Internet (well there was, but not for me) so I went to the public library and asked for books on Cryptography. I must say that I was 16 at the time so the clerk there looked to me in astonishment and brought me a book for children on substitution cyphers (those where you change a letter for another like the famous Caesar Cypher or ROT-13 (Tragbb Ebpxf, naq lbh xabj vg vf tbbq orpnhfr lbh ner ernqvat guvf qbp.), ( if you cannot read the preceding text)). I was very upset with this and started to search for more info. It is good to have mathematicians in the family, because as soon as I talked to one of them I was introduced to a new world.

And now a bit of mathematics:

Mathematical Concepts

If I give you the number 35 and I tell you that this number is the product of two prime numbers it is easy to find that it was 5 and 7. But if I tell you the same for 1588522601 you will spend alot of time (or CPU cycles) to find it was 49811*31891. And if this number is really really big this task becomes "impossible". So now if I give the world my large number that is the product of two primes I know something about that number that no one else knows.

This is the basis for Public Key Cryptography (PKC) implementations today. As an (unrealistic) example, I give anyone my number and that someone will use if for cyphering a message to me. Anyone can see the cyphered message, because I am the only one who knows a shortcut to read it, anyone else will first have to "split" that big number to be able to read the message, and it is a "fact" that it is impossible to do that in a short amount of time (todays methods and the fastest computers in the world would take thousands of years to do that). In this setup the two large prime numbers would be called the PRIVATE KEY, and the large non prime number is the PUBLIC KEY.

In practice this is not 100% accurate with reality, but will give a good idea to the newcomer. For more information, check Wikipedia on the Diffie-Hellman protocol. For even more info go to the public library and grab a copy of the "Handbook of Applied Cryptography" by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. This book is also available online for free at the above site.

One consequence of the above is that if you cypher a message to me, and you loose the original uncyphered message you will no longer be able to retrieve it from the cyphered version.

Signatures
We already saw how someone can send us a cyphered message if they have our public key. But how do we know that the author of the message is really who he claims to be? Or in other words: If I receive an email from you how do I really know it was you and not someone else claiming to be you?

Remember me saying that PKC was not as simple as I had said? The idea is that when you cypher a message to me you sign it with your private key so that, when I receive it, I can first use your public key to check your signature and then use my private key to decypher the message. As you can see we could not do that in the setup I described before.

It's also very important to sign messages so that you don't have to cypher them beforehand. Now you can create messages that can be read by anyone, but that come with your "branding". And if any single character is changed in the message it can (and will) be detected.

Key Servers and Signed Keys
But let's say that I have no previous contact with you until you send me a message: how do I get your public key, and how do I really know it is yours?

To solve this problem public Key Servers were created. When you create your key pair (Public and Private key), you send your public key to the key server. After this everyone can retrieve your key from there. This solves the problem of finding the key. But how do I really know that that key is the author's key? For this another concept must be introduced, and that is key signing:

Key signing means that if I have the public key of another person, and I know for sure that it is really that persons key (it is my personal friend, someone I know in real life, etc.) I can sign that public key and send it to keyservers, that way I am telling the world: "This key really belongs to the person it claims to belong.". That way persons that have my public key and trust me can use that trust to trust other keys.

This can sometimes be confusing so let's see a real world situation.

Let's imagine a 3 person situation: John, Mary, and Lisa. John is a good friend of Mary but does not know Lisa; Lisa is a good friend of Mary but does not know John. One day Lisa sends John a signed email. John will fetch Lisa's Public Key from the keyserver and test the message, if all went ok he will see that whoever wrote that message also created that key. But how do I know it was really the person it claims to be?

He then sees that it is signed by Mary, which he can check because he already has Mary's key and he trusts that key. With this ring of trust he continues to conclude that the email he received was really written by Lisa.

You are now ready to use this guide, you can go back to chapter 1 and learn how to use gpg.

Some problems
I had some problems with photos in keys. Check the version you are using. If you have GnuPG 1.2.1-r1 and up you are probably OK, older versions may have problems. Also most keyservers don't like keys with photos, so you are better if you don't add photos.

The latest versions of gnupg don't seem to work with the  that was used so send all keys in your keyring to the public server.

What is not here
is a very complex tool, it lets you do much more than what I have covered here. This document is for the user who is new to GnuPG. For more information, you should check the GnuPG Website.

I did not write about other tools like,  ,   and maybe Windows tools, but I will probably extend this document in the future.

Credits
John Michael Ashley's GnuPG Handbook it is a very good book for beginners.

Swift (Sven Vermeulen) for pushing me to re-write this.

Everyone in the #gentoo-doc team you guys rock.

Tiago Serra for getting me back to the privacy track.

Acknowledgements
We would like to thank the following authors and editors for their contributions to this guide:


 * Gustavo Felisberto
 * John P. Davis
 * Sven Vermeulen
 * nightmorph