「GNU Privacy Guard」の版間の差分
提供: セキュリティ
(ページの作成:「GNU Privacy Guard (GPG, GnuPG))とは、Pretty Good Privacy(PGP)の別の実装です。 '''読み方''' ;GNU Privacy Guard:ぐにゅー ぷらいばしー...」) |
(相違点なし)
|
2013年11月26日 (火) 21:41時点における版
GNU Privacy Guard (GPG, GnuPG))とは、Pretty Good Privacy(PGP)の別の実装です。
読み方
- GNU Privacy Guard
- ぐにゅー ぷらいばしー がーど
- GPG
- じーぴーじー
- GnuPG
- ぐにゅーぴーじー
目次
概要
インストール
Linuxにデフォルトでインストールされています。
使い方
gpg
$ gpg --help gpg (GnuPG) 2.0.14 libgcrypt 1.4.5 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Syntax: gpg [options] [files] sign, check, encrypt or decrypt default operation depends on the input data Commands: -s, --sign make a signature --clearsign make a clear text signature -b, --detach-sign make a detached signature -e, --encrypt encrypt data -c, --symmetric encryption only with symmetric cipher -d, --decrypt decrypt data (default) --verify verify a signature -k, --list-keys list keys --list-sigs list keys and signatures --check-sigs list and check key signatures --fingerprint list keys and fingerprints -K, --list-secret-keys list secret keys --gen-key generate a new key pair --delete-keys remove keys from the public keyring --delete-secret-keys remove keys from the secret keyring --sign-key sign a key --lsign-key sign a key locally --edit-key sign or edit a key --gen-revoke generate a revocation certificate --export export keys --send-keys export keys to a key server --recv-keys import keys from a key server --search-keys search for keys on a key server --refresh-keys update all keys from a keyserver --import import/merge keys --card-status print the card status --card-edit change data on a card --change-pin change a card's PIN --update-trustdb update the trust database --print-md print message digests --server run in server mode Options: -a, --armor create ascii armored output -r, --recipient USER-ID encrypt for USER-ID -u, --local-user USER-ID use USER-ID to sign or decrypt -z N set compress level to N (0 disables) --textmode use canonical text mode -o, --output FILE write output to FILE -v, --verbose verbose -n, --dry-run do not make any changes -i, --interactive prompt before overwriting --openpgp use strict OpenPGP behavior (See the man page for a complete listing of all commands and options) Examples: -se -r Bob [file] sign and encrypt for user Bob --clearsign [file] make a clear text signature --detach-sign [file] make a detached signature --list-keys [names] show keys --fingerprint [names] show fingerprints Please report bugs to <http://bugs.gnupg.org>.
鍵の作成
[user@u1 ~]$ gpg --gen-key gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory `/home/user/.gnupg' created gpg: new configuration file `/home/user/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/user/.gnupg/secring.gpg' created gpg: keyring `/home/user/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: Foo Bar Email address: foo@bar.com Comment: for user You selected this USER-ID: "Foo Bar (for user) <foo@bar.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory gpg-agent[3363]: directory `/home/user/.gnupg/private-keys-v1.d' created gpg-agent[3363]: command get_passphrase failed: Operation cancelled gpg: cancelled by user gpg: Key generation canceled.
FAQ
can't connect to .gnupg/S.gpg-agent: No such file or directory
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
手動で、gpg-agentを起動します。
gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/.gnupg/agent.info"
.bashrc で設定する場合は、以下の通りです。
if [ -f "${HOME}/.gnupg/agent.info" ]; then . "${HOME}/.gnupg/agent.info" export GPG_AGENT_INFO export SSH_AUTH_SOCK export SSH_AGENT_PID fi GPG_TTY=$(tty) export GPG_TTY