我在跑:
gpg2 --locate-keys [email protected] [email protected]
如https://www.kernel.org/category/signatures.html
命令立即返回,就好像没有尝试从服务器获取密钥一样。
当我跑步时gpg2 --verify linux-4.6.6.tar.sign我得到
gpg: Can't check signature: No public key
答案1
我也无法gpg2 --locate-keys工作。以下是对我有用的步骤。
下载内核:
$ curl -O https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.15.10.tar.xz
$ curl -O https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.15.10.tar.sign
解压内核:
$ unxz linux-4.15.10.tar.xz
尝试验证内核:
$ gpg2 --verify linux-4.15.10.tar.sign
gpg: assuming signed data in 'linux-4.15.10.tar'
gpg: Signature made Thu 15 Mar 2018 12:57:15 PM MSK
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Can't check signature: No public key
验证将失败,但您将获得 RSA 密钥指纹:647F28654894E3BD457199BE38DBBDC86092693E。现在使用以下命令接收相应的公钥gpg2 --recv-keys:
$ gpg2 --recv-keys 647F28654894E3BD457199BE38DBBDC86092693E
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
现在您有了上述指纹的公钥。如果您再次验证内核,您将收到警告:
$ gpg2 --verify linux-4.15.10.tar.sign
gpg: assuming signed data in 'linux-4.15.10.tar'
gpg: Signature made Thu 15 Mar 2018 12:57:15 PM MSK
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <[email protected]>" [unknown]
gpg: aka "Greg Kroah-Hartman <[email protected]>" [unknown]
gpg: aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
正如官方kernel.org 页面表示您可以选择使用 TOFU 信任模型并使用它来验证内核:
$ gpg2 --tofu-policy good 647F28654894E3BD457199BE38DBBDC86092693E
...
$ gpg2 --trust-model tofu --verify linux-4.15.10.tar.sign
gpg: assuming signed data in 'linux-4.15.10.tar'
gpg: Signature made Thu 15 Mar 2018 12:57:15 PM MSK
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Greg Kroah-Hartman <[email protected]>" [full]
gpg: aka "Greg Kroah-Hartman <[email protected]>" [full]
gpg: aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <[email protected]>" [full]
gpg: [email protected]: Verified 1 signature in the past 0 seconds. Encrypted 0 messages.
gpg: [email protected]: Verified 1 signature in the past 0 seconds. Encrypted 0 messages.
gpg: [email protected]: Verified 1 signature in the past 0 seconds. Encrypted 0 messages.
验证完成。TOFU 信任模型已保存为默认模型,稍后您可以使用它gpg2 --verify linux-4.15.10.tar.sign进行进一步验证。
答案2
看起来您必须提供方法来--auto-key-locate获取密钥:
$ gpg2 --auto-key-locate cert,pka,dane,wkd,keyserver --locate-keys [email protected] [email protected]
gpg: error retrieving '[email protected]' via DNS CERT: Not found
gpg: error retrieving '[email protected]' via PKA: Not found
gpg: error retrieving '[email protected]' via DANE: Not found
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: automatically retrieved '[email protected]' via WKD
gpg: error retrieving '[email protected]' via DNS CERT: Not found
gpg: error retrieving '[email protected]' via PKA: Not found
gpg: error retrieving '[email protected]' via DANE: Not found
gpg: key 79BE3E4300411886: public key "Linus Torvalds <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: automatically retrieved '[email protected]' via WKD
pub rsa4096 2011-09-23 [SC]
647F28654894E3BD457199BE38DBBDC86092693E
uid [ unknown] Greg Kroah-Hartman <[email protected]>
uid [ unknown] Greg Kroah-Hartman (Linux kernel stable release signing key) <[email protected]>
uid [ unknown] Greg Kroah-Hartman <[email protected]>
sub rsa4096 2011-09-23 [E]
pub rsa2048 2011-09-20 [SC]
ABAF11C65A2970B130ABE3C479BE3E4300411886
uid [ unknown] Linus Torvalds <[email protected]>
uid [ unknown] Linus Torvalds <[email protected]>
sub rsa2048 2011-09-20 [E]