如何使用 GPG 生成 OpenPGP 签名消息?

如何使用 GPG 生成 OpenPGP 签名消息?

RFC 4880, 有第11.3节它指定了 OpenPGP 消息块可以具有的不同格式:

11.3.  OpenPGP Messages

   An OpenPGP message is a packet or sequence of packets that
   corresponds to the following grammatical rules (comma represents
   sequential composition, and vertical bar separates alternatives):

   OpenPGP Message :- Encrypted Message | Signed Message |
                      Compressed Message | Literal Message.

   Compressed Message :- Compressed Data Packet.

   Literal Message :- Literal Data Packet.

   ESK :- Public-Key Encrypted Session Key Packet |
          Symmetric-Key Encrypted Session Key Packet.

   ESK Sequence :- ESK | ESK Sequence, ESK.

   Encrypted Data :- Symmetrically Encrypted Data Packet |
         Symmetrically Encrypted Integrity Protected Data Packet

   Encrypted Message :- Encrypted Data | ESK Sequence, Encrypted Data.

   One-Pass Signed Message :- One-Pass Signature Packet,
               OpenPGP Message, Corresponding Signature Packet.

   Signed Message :- Signature Packet, OpenPGP Message |
               One-Pass Signed Message.

   In addition, decrypting a Symmetrically Encrypted Data packet or a
   Symmetrically Encrypted Integrity Protected Data packet as well as
   decompressing a Compressed Data packet must yield a valid OpenPGP
   Message.

有没有办法通过命令行参数来生成Signed Message使用 GPG?请注意Signed Message不是显示的类型西科光盘. 这是一个Cleartext Signature,描述于第七节RFC 的。装甲车Signed Message将有车头-----BEGIN PGP MESSAGE-----

我能得到的最接近的方法是使用gpg -s,它生成一个压缩数据包,该数据包封装了一次通过签名包、文字数据包、签名包。但是,我不认为它应该被压缩,因此看起来 GPG 要么在不应该压缩时压缩,要么 GPG 正在输出压缩消息。

答案1

GnuPG 默认会压缩(至少是纯文本)消息。如果您不希望它压缩消息,请使用选项将压缩级别设置为 0。--compress-level 0来自man gpg

--compress-level n

[...] A value of 0 for n disables compression.

与压缩级别 0 一起使用-s将输出未压缩的签名消息,实际上是一次性签名消息。

消息压缩是预期的行为。RFC 4880,第 2.3 章状态:

压缩

OpenPGP 实现应该在应用签名之后但在加密之前压缩消息。[...]

相关内容