GNU Privacy Guard

提供: セキュリティ
2014年2月11日 (火) 11:45時点におけるDaemon (トーク | 投稿記録)による版 (関連項目)

移動: 案内検索
スポンサーリンク

GNU Privacy Guard (GPG, GnuPG))とは、Pretty Good Privacy(PGP)の別の実装です。

読み方

GNU Privacy Guard
ぐにゅー ぷらいばしー がーど
GPG
じーぴーじー
GnuPG
ぐにゅーぴーじー

概要

インストール

Linuxにデフォルトでインストールされています。

使い方

gpg

$ gpg --help
gpg (GnuPG) 2.0.14
libgcrypt 1.4.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
 
Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data
 
Commands:
 
 -s, --sign                 make a signature
     --clearsign            make a clear text signature
 -b, --detach-sign          make a detached signature
 -e, --encrypt              encrypt data
 -c, --symmetric            encryption only with symmetric cipher
 -d, --decrypt              decrypt data (default)
     --verify               verify a signature
 -k, --list-keys            list keys
     --list-sigs            list keys and signatures
     --check-sigs           list and check key signatures
     --fingerprint          list keys and fingerprints
 -K, --list-secret-keys     list secret keys
     --gen-key              generate a new key pair
     --delete-keys          remove keys from the public keyring
     --delete-secret-keys   remove keys from the secret keyring
     --sign-key             sign a key
     --lsign-key            sign a key locally
     --edit-key             sign or edit a key
     --gen-revoke           generate a revocation certificate
     --export               export keys
     --send-keys            export keys to a key server
     --recv-keys            import keys from a key server
     --search-keys          search for keys on a key server
     --refresh-keys         update all keys from a keyserver
     --import               import/merge keys
     --card-status          print the card status
     --card-edit            change data on a card
     --change-pin           change a card's PIN
     --update-trustdb       update the trust database
     --print-md             print message digests
     --server               run in server mode
 
Options:
 
 -a, --armor                create ascii armored output
 -r, --recipient USER-ID    encrypt for USER-ID
 -u, --local-user USER-ID   use USER-ID to sign or decrypt
 -z N                       set compress level to N (0 disables)
     --textmode             use canonical text mode
 -o, --output FILE          write output to FILE
 -v, --verbose              verbose
 -n, --dry-run              do not make any changes
 -i, --interactive          prompt before overwriting
     --openpgp              use strict OpenPGP behavior
 
(See the man page for a complete listing of all commands and options)
 
Examples:
 
 -se -r Bob [file]          sign and encrypt for user Bob
 --clearsign [file]         make a clear text signature
 --detach-sign [file]       make a detached signature
 --list-keys [names]        show keys
 --fingerprint [names]      show fingerprints
 
Please report bugs to <http://bugs.gnupg.org>.

鍵の作成

[user@u1 ~]$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/secring.gpg' created
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
 
GnuPG needs to construct a user ID to identify your key.
 
Real name: Foo Bar
Email address: foo@bar.com
Comment: for user
You selected this USER-ID:
    "Foo Bar (for user) <foo@bar.com>"
 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
 
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[3363]: directory `/home/user/.gnupg/private-keys-v1.d' created
gpg-agent[3363]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: Key generation canceled.

FAQ

can't connect to .gnupg/S.gpg-agent: No such file or directory

can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory

手動で、gpg-agentを起動します。

gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/.gnupg/agent.info"

.bashrc で設定する場合は、以下の通りです。

if [ -f "${HOME}/.gnupg/agent.info" ]; then
        . "${HOME}/.gnupg/agent.info"
        export GPG_AGENT_INFO
        export SSH_AUTH_SOCK
        export SSH_AGENT_PID
fi
 
GPG_TTY=$(tty)
export GPG_TTY

gpg problem with the agent No pinentry

関連項目




スポンサーリンク