next up previous contents
Next: 移除公鑰 Up: GnuPG Previous: 數位簽章-pdf檔   Contents

簽章驗證

  1. 產生一個測試檔。
    [dywang@dywH rhcx]$ echo dyw123 > dywdemo.txt
    [dywang@dywH rhcx]$ cat dywdemo.txt
    dyw123
    
  2. 讀取 passphrase 對 dywdemo.txt 做明文簽章,並存成 dywdemo.sign.txt 檔。
    [dywang@dywH rhcx]$ unset DISPLAY
    [dywang@dywH rhcx]$ gpg --passphrase-file passphrase --output dywdemo.sign.txt --clearsign dywdemo.txt
    
    You need a passphrase to unlock the secret key for
    user: "De-Yu Wang (rhcx) <dywang7@gamil.com>"
    2048-bit RSA key, ID 907CE30E, created 2013-06-20
    
  3. 列出 demo.sign.txt 檔。
    [dywang@dywH rhcx]$ cat dywdemo.sign.txt 
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    dyw123
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.14 (GNU/Linux)
    
    iQEcBAEBAgAGBQJTkOXnAAoJEAGgsPGQfOMOKEYIAJ++blVB12bw5AIYgg1k/TNy
    ZSSpbilAfYIFjMwmcBONwTyhkcTnSCKZsuCG6bK1Cv+PId3d+ot+JBP5g7GnskbJ
    dwEEWywPZSRw0tGajTZyVz792UlCYIy3TSXpMaXZTixI0DgRMbsEL/qiAflyzbtz
    9RirOXLlDTFxQhxs7y7N3sJkjcuEHvsBtZgGR1vtX30BB8Lm9zLxGBpJKGroKnH1
    m9jeDEWTYB/W5ieRa5nDbDEEA0IzN/DwEe/hhbOjOHIZ+LltH708EO3coQgDG9tz
    deLW02xwnUrOQ4SseOXLtdUTZXlwUN5dwJXwYtSC2HhZeOzbHsCmoqmr90i5fU4=
    =SPat
    -----END PGP SIGNATURE-----
    
  4. 將 dywdemo.sign.txt 檔傳送到目的地。
    [dywang@dywH rhcx]$ scp dywdemo.sign.txt deyu1@kvm8.deyu.wang:
    The authenticity of host 'kvm8.deyu.wang (192.168.122.8)' can't be established.
    RSA key fingerprint is 27:37:84:f6:7e:de:90:75:b0:4c:6d:aa:62:a7:6e:2d.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'kvm8.deyu.wang' (RSA) to the list of known hosts.
    Warning: the RSA host key for 'kvm8.deyu.wang' differs from the key for the IP address '192.168.122.8'
    Offending key for IP in /home/dywang/.ssh/known_hosts:3
    Are you sure you want to continue connecting (yes/no)? yes
    deyu1@kvm8.deyu.wang's password: 
    Permission denied, please try again.
    deyu1@kvm8.deyu.wang's password: 
    dywdemo.sign.txt                                                                                         100%  544     0.5KB/s   00:00 
    
  5. 在主機 kvm8 的用戶 deyu1 先列出目前的 gpg keys,確認有 De-Yu Wang 的 公鑰。
    [deyu1@kvm8 ~]$ gpg --list-keys
    /home/deyu1/.gnupg/pubring.gpg
    ------------------------------
    pub   2048R/A98B198E 2014-05-26
    uid                  abc123 (ABC) <abc123@csie.cyut.edu.tw>
    sub   2048R/C039E2B6 2014-05-26
    
    pub   2048R/907CE30E 2013-06-20
    uid                  De-Yu Wang (rhcx) <dywang7@gamil.com>
    sub   2048R/26F7F452 2013-06-20
    
  6. 驗證 dywdemo.sign.txt 檔的簽章,確實為 De-Yu Wang。確認訊息中會有一段警告訊息,提醒您即使 gpg 程式已確認此檔案的簽章,但還是不能保證此檔案的簽章確實由該本人所簽。
    [deyu1@kvm8 ~]$ gpg --verify dywdemo.sign.txt 
    gpg: Signature made Fri 06 Jun 2014 05:49:27 AM CST using RSA key ID 907CE30E
    gpg: Good signature from "De-Yu Wang (rhcx) <dywang7@gamil.com>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: C6DA 8C49 D1C5 ED1C 9029  C170 01A0 B0F1 907C E30E
    
  7. 修改簽章檔 dywdemo.sign.txt,存成 dywdemo.signb.txt。
    [deyu1@kvm8 ~]$ cp dywdemo.sign.txt dywdemo.signb.txt 
    [deyu1@kvm8 ~]$ sed -i 's/dyw123/DYW123/' dywdemo.signb.txt 
    [deyu1@kvm8 ~]$ grep DYW123 dywdemo.signb.txt 
    DYW123
    
  8. 驗證 dywdemo.signb.txt 的簽章,發現檔案內說明簽章者為 De-Yu Wang,但卻是錯的。
    [deyu1@kvm8 ~]$ gpg --verify dywdemo.signb.txt 
    gpg: Signature made Fri 06 Jun 2014 05:49:27 AM CST using RSA key ID 907CE30E
    gpg: BAD signature from "De-Yu Wang (rhcx) <dywang7@gamil.com>"
    



De-Yu Wang 2018-08-08