gpg2 定位键不起作用(立即返回)

gpg2 定位键不起作用(立即返回)

我在跑:

gpg2 --locate-keys [email protected] [email protected]

https://www.kernel.org/category/signatures.html

命令立即返回,就好像没有尝试从服务器获取密钥一样。

当我跑步时gpg2 --verify linux-4.6.6.tar.sign我得到

gpg: Can't check signature: No public key

答案1

我也无法gpg2 --locate-keys工作。以下是对我有用的步骤。

下载内核:

$ curl -O https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.15.10.tar.xz
$ curl -O https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.15.10.tar.sign

解压内核:

$ unxz linux-4.15.10.tar.xz

尝试验证内核:

$ gpg2 --verify linux-4.15.10.tar.sign
gpg: assuming signed data in 'linux-4.15.10.tar'
gpg: Signature made Thu 15 Mar 2018 12:57:15 PM MSK
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Can't check signature: No public key

验证将失败,但您将获得 RSA 密钥指纹:647F28654894E3BD457199BE38DBBDC86092693E。现在使用以下命令接收相应的公钥gpg2 --recv-keys

$ gpg2 --recv-keys 647F28654894E3BD457199BE38DBBDC86092693E
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

现在您有了上述指纹的公钥。如果您再次验证内核,您将收到警告:

$ gpg2 --verify linux-4.15.10.tar.sign
gpg: assuming signed data in 'linux-4.15.10.tar'
gpg: Signature made Thu 15 Mar 2018 12:57:15 PM MSK
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <[email protected]>" [unknown]
gpg:                 aka "Greg Kroah-Hartman <[email protected]>" [unknown]
gpg:                 aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

正如官方kernel.org 页面表示您可以选择使用 TOFU 信任模型并使用它来验证内核:

$ gpg2 --tofu-policy good 647F28654894E3BD457199BE38DBBDC86092693E
...
$ gpg2 --trust-model tofu --verify linux-4.15.10.tar.sign
gpg: assuming signed data in 'linux-4.15.10.tar'
gpg: Signature made Thu 15 Mar 2018 12:57:15 PM MSK
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Greg Kroah-Hartman <[email protected]>" [full]
gpg:                 aka "Greg Kroah-Hartman <[email protected]>" [full]
gpg:                 aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <[email protected]>" [full]
gpg: [email protected]: Verified 1 signature in the past 0 seconds.  Encrypted 0 messages.
gpg: [email protected]: Verified 1 signature in the past 0 seconds. Encrypted 0 messages.
gpg: [email protected]: Verified 1 signature in the past 0 seconds. Encrypted 0 messages.

验证完成。TOFU 信任模型已保存为默认模型,稍后您可以使用它gpg2 --verify linux-4.15.10.tar.sign进行进一步验证。

答案2

看起来您必须提供方法来--auto-key-locate获取密钥:

$ gpg2 --auto-key-locate cert,pka,dane,wkd,keyserver --locate-keys [email protected] [email protected]
gpg: error retrieving '[email protected]' via DNS CERT: Not found
gpg: error retrieving '[email protected]' via PKA: Not found
gpg: error retrieving '[email protected]' via DANE: Not found
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: automatically retrieved '[email protected]' via WKD
gpg: error retrieving '[email protected]' via DNS CERT: Not found
gpg: error retrieving '[email protected]' via PKA: Not found
gpg: error retrieving '[email protected]' via DANE: Not found
gpg: key 79BE3E4300411886: public key "Linus Torvalds <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: automatically retrieved '[email protected]' via WKD
pub   rsa4096 2011-09-23 [SC]
      647F28654894E3BD457199BE38DBBDC86092693E
uid           [ unknown] Greg Kroah-Hartman <[email protected]>
uid           [ unknown] Greg Kroah-Hartman (Linux kernel stable release signing key) <[email protected]>
uid           [ unknown] Greg Kroah-Hartman <[email protected]>
sub   rsa4096 2011-09-23 [E]

pub   rsa2048 2011-09-20 [SC]
      ABAF11C65A2970B130ABE3C479BE3E4300411886
uid           [ unknown] Linus Torvalds <[email protected]>
uid           [ unknown] Linus Torvalds <[email protected]>
sub   rsa2048 2011-09-20 [E]

相关内容