个人中心
gpt4 book ai didi

security - 如何在不使用 key 服务器的情况下从 OpenPGP 智能卡获取公钥?

转载 作者:行者123 更新时间:2023-12-02 17:52:21 24 4
gpt4 key购买 nike

我正在研究一个用例,其中使用 OpenPGP 在智能卡 (Yubikey) 上生成公钥对。

然后将智能卡运送给用户。尝试在本地模拟此操作,正在进行以下操作:

  1. 在智能卡上生成 key
  2. 删除 GnuPG 主目录
  3. 访问智能卡以重新生成 GnuPG 主目录

问题是,在执行上述步骤后,我无法测试加密文件,因为公钥似乎丢失了。 fetch 似乎不起作用。

现阶段我不想在任何在线服务器上共享公钥。删除 key 环后有没有办法从智能卡中检索公钥?

以下是正在执行的步骤:

$ gpg --card-edit                                                                                                                                                       

Reader ...........: 1050:0404:X:0
Application ID ...: D2760001240102010006046314290000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 04631429
Name of cardholder: sm sm
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: sm
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: 54D4 E469 7056 B390 AE72  CAA1 A507 3320 7876 0302
      created ....: 2017-10-11 13:16:52
Encryption key....: ADA3 2D7F 8D66 4F34 C04A  457C DFEB E3E4 A8F1 8611
      created ....: 2017-10-11 11:14:18
Authentication key: 18B9 7AB4 0723 46F4 C23A  3DD7 E5C0 6A93 049E F6A8
      created ....: 2017-10-11 11:14:18
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n

gpg: Note: keys are already stored on the card!

Replace existing keys? (y/N) y
What keysize do you want for the Signature key? (4096) 
What keysize do you want for the Encryption key? (4096) 
What keysize do you want for the Authentication key? (4096) 
Key is valid for? (0) 0
Is this correct? (y/N) y
Real name: john doe
Email address: john.doe@foobar.com
Comment: 
You selected this USER-ID:
    "john doe <<john.doe@foobar.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

gpg: /home/xxx/.gnupg/trustdb.gpg: trustdb created
gpg: key 6825CB0EBDA94110 marked as ultimately trusted
gpg: directory '/home/xxx/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/xxx/.gnupg/openpgp-revocs.d/6858F119E93FB74BB561DE556825CB0EBDA94110.rev'
public and secret key created and signed.


gpg/card> list

Reader ...........: 1050:0404:X:0
Application ID ...: D2760001240102010006046314290000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 04631429
Name of cardholder: sm sm
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: sm
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: 6858 F119 E93F B74B B561  DE55 6825 CB0E BDA9 4110
      created ....: 2017-10-11 13:18:11
Encryption key....: BE05 7FDF 9ACD 05F0 B75A  570F 4711 4B69 A622 C1DC
      created ....: 2017-10-11 13:18:11
Authentication key: 7275 2C47 B1EF BFB5 1E6D  0E65 31C7 7DBE 2D22 7E32
      created ....: 2017-10-11 13:18:11
General key info..: pub  rsa4096/6825CB0EBDA94110 2017-10-11     john doe <<john.doe@foobar.com>
sec>  rsa4096/6825CB0EBDA94110  created: 2017-10-11  expires: never     
                                card-no: 0006 04631429
ssb>  rsa4096/31C77DBE2D227E32  created: 2017-10-11  expires: never     
                                card-no: 0006 04631429
ssb>  rsa4096/47114B69A622C1DC  created: 2017-10-11  expires: never     
                                card-no: 0006 04631429

gpg/card> quit

$ rm -rf .gnupg/

$ gpg --card-status                                                                                                                                                     
gpg: directory '/home/smalatho/.gnupg' created
gpg: new configuration file '/home/smalatho/.gnupg/dirmngr.conf' created
gpg: new configuration file '/home/smalatho/.gnupg/gpg.conf' created
gpg: keybox '/home/smalatho/.gnupg/pubring.kbx' created
Reader ...........: 1050:0404:X:0
Application ID ...: D2760001240102010006046314290000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 04631429
Name of cardholder: sm sm
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: sm
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: 6858 F119 E93F B74B B561  DE55 6825 CB0E BDA9 4110
      created ....: 2017-10-11 13:18:11
Encryption key....: BE05 7FDF 9ACD 05F0 B75A  570F 4711 4B69 A622 C1DC
      created ....: 2017-10-11 13:18:11
Authentication key: 7275 2C47 B1EF BFB5 1E6D  0E65 31C7 7DBE 2D22 7E32
      created ....: 2017-10-11 13:18:11
General key info..: [none]

最佳答案

OpenPGP 智能卡未存储足够的信息来重建完整的 OpenPGP 公钥。您必须单独导入公钥 - 在 key 服务器上共享它是一种解决方案,但您也可以 gpg --export key ,然后 gpg --import 它再次进行测试。

关于security - 如何在不使用 key 服务器的情况下从 OpenPGP 智能卡获取公钥?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46689885/

24 4 0
文章推荐: asp.net - 在 ASP.NET 5 应用程序中使用 SignalR 2
文章推荐: php/xpath : Getting the content in nested divs
文章推荐: asp.net - <% : %> brackets for HTML Encoding in ASP. 网络4.0
文章推荐: xamarin - 让图像只占据剩余空间
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com