When using the yum installation package of the Red Hat system, one option is the gpgcheck option. When I first started learning, I disabled this option by default, recently, I finally understood how gpg uses gpg as a user's personal encryption and signature protocol. In the gpg protocol, there are both symmetric and asymmetric passwords, and symmetric passwords are mainly used to encrypt data, asymmetric passwords are mainly used to encrypt symmetric passwords and digital signatures. In the data encryption process, symmetric passwords are randomly generated, and data is encrypted using Symmetric passwords. Then, symmetric passwords are encrypted using the public key to send encrypted data and symmetric passwords to recipients, the recipient decrypts the symmetric password using the private key, and then decrypts the information using the symmetric password. In the digital signature process, the digital digest of the data file is calculated, and then the digital digest is signed using the private key, the receiver uses the same algorithm to digest the data and uses the public key to decrypt the signature. Then, the signature is valid if the calculated digest is consistent with the digest decrypted by the public key, otherwise, the first step is to generate the gpg public key and private key.
[root@Gate ~]# gpg --gen-key gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: duan xiongchun Email address: duanxiongchun@gmail.com
Step 2: view the gpg fingerprint and Public Key
[root@svn ~]gpg --list-key --fingerprint /root/.gnupg/pubring.gpg ------------------------------------------------------------------- pub 2048R/41E38D0D 2014-03-26 key fingerprint = BA55 3B18 64E9 468C BF7E 8AD1 1415 C9AA 41E3 8D0D uid duan xiongchun <duanxiongchun@gmail.com> sub 2048R/259E9D51 2014-03-26
Export gpg Public Key Data gpg -- armor -- export duanxiongchun> DUANXIONGCHUN-GPG-KEY to another computer import Public Key gpg -- import DUANXIONGCHUN-GPG-KEY Data Encryption gpg -- encrypt -- recipient duanxiongchun install. log data decryption gpg -- decrypt -- recipient duanxiongchun install. log. gpg> install. gpg Data signature gpg -- local-user duanxiongchun -- clearsign -- armor install. log gpg -- local-user duanxiongchun -- detach-sign install. log signature verification gpg -- verify -- recipient duanxi Nogchun inistall. log. gpg -- decrypt -- recipient duanxiongchun install. log. gpg add to rpm trust rpm -- import DUANXIONGCHUN-GPG-KEY signature self-generated rpm package echo '% _ gpg_name 41E38D0D'> ~ /. Rpmmacros rpm-resign openssh-keycat-6.4p1-1.el7.x86_64.rpm