262.3.2. 管理密钥环

要管理密钥环，我使用命令行工具，我发现这是管理密钥的最简单方法。如果您愿意做到这一点，还有来自 http://www.bouncycastle.org/java.html 的 Java 库。

在 linux 上安装命令行工具

apt-get install gnupg

apt-get install gnupg

Copy to Clipboard

Toggle word wrap

创建密钥环，输入安全密码

gpg --gen-key

gpg --gen-key

Copy to Clipboard

Toggle word wrap

如果您需要导入其他人的公钥，以便您可以为它们加密文件。

gpg --import <filename.key

gpg --import <filename.key

Copy to Clipboard

Toggle word wrap

以下文件现在应存在，并可用于运行示例

ls -l ~/.gnupg/pubring.gpg ~/.gnupg/secring.gpg

ls -l ~/.gnupg/pubring.gpg ~/.gnupg/secring.gpg

Copy to Clipboard

Toggle word wrap

[[crypto-PGPDecrypting/VerifyingofMessagesEncrypted/SignedbyDifferentPrivate/PublicKeys]] PGP Decrypting/Verifying of Messages Encrypted/Signed by different # Private/Public Keys

自 Camel 2.12.2 起，

PGP Data Formater 可以解密/验证通过不同公钥加密或由不同私钥签名的消息。只是在密钥密钥环中提供对应的私钥、公钥公钥、公钥以及密语访问者中的密码短语。

Map<String, String> userId2Passphrase = new HashMap<String, String>(2);
// add passphrases of several private keys whose corresponding public keys have been used to encrypt the messages
userId2Passphrase.put("UserIdOfKey1","passphrase1"); // you must specify the exact User ID!
userId2Passphrase.put("UserIdOfKey2","passphrase2");
PGPPassphraseAccessor passphraseAccessor = new PGPPassphraseAccessorDefault(userId2Passphrase);

PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
// the method getSecKeyRing() provides the secret keyring as byte array containing the private keys
pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing()); // alternatively you can use setKeyFileName(keyfileName)
// the method getPublicKeyRing() provides the public keyring as byte array containing the public keys
pgpVerifyAndDecrypt.setSignatureKeyRing((getPublicKeyRing());  // alternatively you can use setSignatureKeyFileName(signatgureKeyfileName)
// it is not necessary to specify the encryption or signer  User Id

from("direct:start")
         ...
        .unmarshal(pgpVerifyAndDecrypt) // can decrypt/verify messages encrypted/signed by different private/public keys
        ...

Map<String, String> userId2Passphrase = new HashMap<String, String>(2);
// add passphrases of several private keys whose corresponding public keys have been used to encrypt the messages
userId2Passphrase.put("UserIdOfKey1","passphrase1"); // you must specify the exact User ID!
userId2Passphrase.put("UserIdOfKey2","passphrase2");
PGPPassphraseAccessor passphraseAccessor = new PGPPassphraseAccessorDefault(userId2Passphrase);

PGPDataFormat pgpVerifyAndDecrypt = new PGPDataFormat();
pgpVerifyAndDecrypt.setPassphraseAccessor(passphraseAccessor);
// the method getSecKeyRing() provides the secret keyring as byte array containing the private keys
pgpVerifyAndDecrypt.setEncryptionKeyRing(getSecKeyRing()); // alternatively you can use setKeyFileName(keyfileName)
// the method getPublicKeyRing() provides the public keyring as byte array containing the public keys
pgpVerifyAndDecrypt.setSignatureKeyRing((getPublicKeyRing());  // alternatively you can use setSignatureKeyFileName(signatgureKeyfileName)
// it is not necessary to specify the encryption or signer  User Id

from("direct:start")
         ...
        .unmarshal(pgpVerifyAndDecrypt) // can decrypt/verify messages encrypted/signed by different private/public keys
        ...

Copy to Clipboard

Toggle word wrap

这个功能对支持密钥交换特别有用。如果您想交换用于解密的私钥，可以在一段时间内接受使用旧公钥加密或新的对应公钥的消息。或者，如果发送者要交换其签名密钥，您可以接受一段时间、旧人或新签名密钥。
技术背景：PGP 加密的数据包含用于加密数据的公钥的密钥 ID。此密钥 ID 可用于在机密密钥环中查找私钥以解密数据。相同的机制也用于查找验证签名的公钥。因此，您不再需要为 unmarshaling 指定用户 ID。

返回顶部

262.3.2. 管理密钥环

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links