Yum Public Key Authentication and import

I. Basic Knowledge

Verify the validity of the RPM package:
After the package producer is created, a digital signature is attached to the package;
Source Validity
Package integrity

The package producer uses one-way encryption to extract the signature of the original data, and then uses its own private key to encrypt this feature code, appended with the original data.
Verification process:
Premise: a reliable mechanism is required to obtain the public key of the package producer;
1. Use the producer's public key to decrypt the encrypted signature. decryption means that the source is legal;
2. Use the same intention encryption algorithm as the producer to extract the signature of the original data and compare it with the decrypted features. If the same, the integrity is normal;

Ii. Basic commands

Check the legitimacy and integrity of the RPM package Source:

Premise: import the public key of the package producer on the current system
Import:
Rpm -- import/path/to/key_file

# Rpm-Qa GPG-pubkey *
Display All imported public keys in GPG format

# Rpm-Qi GPG-pubkey-name
Displays the details of a key.

Check package: automatically executed during installation

Manual check:
Rpm-k/path/to/package_file
Rpm -- checksig/path/to/package_file

Do not check the package integrity:
Rpm-k -- nodigest
Do not check the source validity:
Rpm-k -- nosignature

Iii. Experiment

Import Public Key Authentication GPG-Key

One problem encountered today is that the configured Yum source installation package suddenly prompts you to import the public key for installation, otherwise it will not be given. However, when I set the yum source, the public key is not checked. It is strange that the error is reported only when I cloned the virtual machine again. Import the public key and try it.

1. The yum source configuration does not detect gpgcheck.

650) This. width = 650; "style =" float: none; "Title =" 36020140724124743618.jpg" src = "http://s3.51cto.com/wyfs02/M02/41/15/wKiom1PQo82gu7TwAAE8_dT3K0k111.jpg" alt = "wkiom1pqo82gu7twaae8_dt3k0k111.jpg"/>

2. The system prompts you to import the public key. Otherwise, the software will not be installed.

650) This. width = 650; "style =" width: 700px; Height: 188px; "Title =" 36020140724124908762.jpg" border = "0" hspace = "0" src = "http://s3.51cto.com/wyfs02/M01/41/15/wKiom1PQo8-g5oioAAFp8eacbik408.jpg" width = "700" Height = "188" alt = "wKiom1PQo8-g5oioAAFp8eacbik408.jpg"/>

3. Import and query public keys

650) This. width = 650; "style =" width: 700px; Height: 483px; "Title =" 36020140724125236339.jpg" border = "0" hspace = "0" src = "http://s3.51cto.com/wyfs02/M02/41/15/wKiom1PQo9eAo6XEAAZ-OjbtppA755.jpg" width = "700" Height = "483" alt = "wKiom1PQo9eAo6XEAAZ-OjbtppA755.jpg"/>

4,No prompt for software reinstallation

650) This. width = 650; "style =" float: none; "Title =" 36020140724125342519.jpg" src = "http://s3.51cto.com/wyfs02/M00/41/15/wKiom1PQo9rRyHMcAAFtvJBi_04219.jpg" alt = "wkiom1pqo9rryhmcaftvjbi_04219.jpg"/>

5. manually check the Public Key

650) This. width = 650; "style =" width: 700px; Height: 38px; "Title =" 36020140724125606690.jpg" border = "0" hspace = "0" src = "http://s3.51cto.com/wyfs02/M01/41/15/wKioL1PQpPbylv_JAAB29xJzQZs912.jpg" width = "700" Height = "38" alt = "weight"/>

Iv. Summary

In the production environment, the yum source configuration is a basic service. You do not have to install the yum source server. However, you must configure the local Yum source, which must be imported for Public Key Authentication, security is very important. As shown above, if you do not import the software, you are not game over.

This article from the "Ends of the Earth" blog, please be sure to keep this source http://1983939925.blog.51cto.com/8400375/1529663