我将使用存储在 pub.pem 中的以下 PGP 密钥:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQGiBDp1yy0RBADVlyDewVwltBs7HnHCG3bXlVUODFkn/00TdbM2SPnOAIkj4giB
ylOP7Mg+Hr5y7FIBvmPWx06In6JjNQiSbpshP5YHv57UfE79nEJdWuSTQt/7j7IJ
GkHYtBRHQMIAHMgT8IB5d3gFq52jSa8hw/ixMP09a0Rw8RP9+kOE4s9UrQCg/zVH
IHswdc/mb50PjdeXwnjxQbkD/3lJYEzz8eUlFHB4rVaC1yRi21Lypf0DIMfQg5j9
xBxY4odFJKyf22PeuAjp9roURRIbGIkIGH8eXF+Mav9OqEdD80JbEn1hZuaLk1RF
k1XJjmFRdKXz+Q7JmRdbs3zXXav2cYwalgzEXT5kuXuNlThLTnLoEFop8Hl3xM4/
PdqMBACkkHb07vPY5l429tdXqL00lE6LedlBW4FLjI534QgselsrUxq5U5y0Wg1Z
//a66l5QkyaMrpsHKfkLHdaPOVCs/WeG6eLwD/cUBEM1Y9Yb5DaB0njdZB3Yxcm8
W23hpKjDanb7SbaSA16gBIWRlvrB/qU+MZAj+EXRDJmwMJq2y7QjbmV0aXZhIGNh
ZnRvcmkgPG5ldGl2YWNAb25lYm94LmNvbT6JAE4EEBECAA4FAjp1yy0ECwMCAQIZ
AQAKCRDFpFclYzXzSwiRAJ0S3djCkJJPUalRyE+vWnfnhvJmDgCfTEBN2N6GlGWO
mrOg1tQlZoWbd5q5Ag0EOnXLLRAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65
Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09
jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brw
v0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiN
jrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrK
lQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH+wVFKD3A
FEdEBHqDZuKjLdLJIKHk4gloKeQ60R9NLLFynfIgSvgsii5uWLY9+gZ2FIGnP3Yc
GxZH1HASv+pG1sw0MnhutxZui3E3Mt69Uv1KTlTGYkfS+mXBw4Qr7hXavCkF45we
f/9Qlj6hSKVjy4YcewdvpopM9S4gVcBq+EdTp1negsCyj3YhFiEo0JEL40mnoHX7
HudJBbiBmknmBZOjxzBBeDPcu7fWV/LDCWiFoGg9uWy2KOcIt7sNXVJbukbSGYg2
hzOB2JPaqCqI5+4YfUCumNLd0lktT7S1V3/6xszEnybQL7tMtmrZZFAFHFAwLNPA
bLxdF/b26GbrTT+JAEYEGBECAAYFAjp1yy0ACgkQxaRXJWM180ttbQCg98c40J41
iXkP9CuqGR0LBJ46VNAAnj+5dH9N226fBp5TN0rAyxwBveTK
=0VvA
-----END PGP PUBLIC KEY BLOCK-----
导入密钥:
>>> gpg < pub.pem
pub 1024D/6335F34B 2001-01-29 netiva caftori <[email protected]>
sub 2048g/97F431A1 2001-01-29
>>> gpg --import < pub.pem
gpg: key 6335F34B: "netiva caftori <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
加密并打印结果:
>>> echo "encrypt this." | gpg --armor --recipient 18A489A6 --encrypt
gpg: 9BD7D221: There is no assurance this key belongs to the named user
pub 4096R/9BD7D221 2014-11-06 Apotheke2
Primary key fingerprint: CAAF 8F36 3B87 E945 25D9 8AF8 9B73 8EE5 18A4 89A6
Subkey fingerprint: 6817 E44B E8CF B4A8 4D88 BED4 B74B 3DAC 9BD7 D221
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQIMA7dLPayb19IhAQ/+PQSNWVgAKWjeQsotCvFeV95RFqNHFj7EDeLrbgdhWQAu
0MgCg7MrCrT8Hr6kKVXG1FmPX8ql9/CZfQf5iqSNL6v0k8zQCpet7RRhL2TuUwmm
3qLkEcbTzieoukKYqhVqascBSYUFpnpTKocywDScuiB4tRbRSgbca9YJvF3IgAtv
fcdoyspGef4QaEcgJ/mAFhun0AtQSZgPErxl87HBbgAV6VnC9L/0jpev3lZDn4CF
YN5jtOogSiZCVNQEm8uWUNN7j2S1HD0yfAdTU6ngB9g4gXQq3UEIN1hxHUzBSguD
N2C4/dGnKGDkvy9UFiV9rjYhwaEwyYqbChrwilxfhirZh1OY/pLJmTyy4BPgX3hP
EemUNW8TfjkXnciSdv0/nb/Ll+29dK/wW0nI1/4yU6lmAkAxC+ZLcT+GAK9kIQk1
RkuMk4DS5cRDRvTno5zPWKdYKlzcxeZczDvBBJLzBhiwOYAoHR7moFHm1n2QFR78
LKm/nyHvm34YDkjSloEGygfLo9oSzi+L/BeX9IHOYO3O8p5p+sisqzoti7JFsdZp
1iRdCu7wKyVI74bYHU6CzoB7awyI3QTmcgy83IgB6Ntlwjwt/J2OObT9K9WBOiJC
L3UqUrlTfjpSVdfZeqpAdR9AISU7rLd7LH2XWezs2YRDlg74ey8ruz+kYnVSi0DS
SQHfqlwyqpb+r5kW/GBdOdxVFSVZMpz0qyNcUFeNdAfCrCdWDmyqPc47+2tY8xsn
y/ZitDx9ram0Nc99GddxkmxGsz15vQFE/Ak=
=uHqF
-----END PGP MESSAGE-----
加密并将结果传输到文件中:
>>> echo "encrypt this." | gpg --armor --recipient 18A489A6 --encrypt > text.enc
gpg: 9BD7D221: There is no assurance this key belongs to the named user
pub 4096R/9BD7D221 2014-11-06 Apotheke2
Primary key fingerprint: CAAF 8F36 3B87 E945 25D9 8AF8 9B73 8EE5 18A4 89A6
Subkey fingerprint: 6817 E44B E8CF B4A8 4D88 BED4 B74B 3DAC 9BD7 D221
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
>>> cat text.enc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQIMA7dLPayb19IhARAAq5Sgcqr+reXH8V35ZvFCL3l/Auqq/EkNwIICHW9LfflB
exst6WHaF2t/wMKSCw0kkyCoqbw6typD4Hida4jg5QJytWjezWPA6qLcpf9LtMxg
hO4vPVOyP9sK1140LhqTK4lkTHEYrcS9HC1uy4KUVhEoYll43xwn8ofO7VfKuMzj
KmskwNiehSfye3KuCvbpqsHW14vK193GgGylaDwKRqvwkeXIzDN1Wv8Xq6wspocP
Q96fo5gTn5RxtlLZ5UJgdVQgjUgKs1V+LnUABQgAloEJdmFKCMRvIuE680doaJzF
A2ny+rfoDJYFSkfnWHebd2v21vKruSWFrseVLRadKlejgzjUmND7oflAjaX0hYt2
uFIjRhLshrMTPmgMXai+vSx3LgtMa5fJvkZ/5k9svm/e7PUoagEaD1y3dM81f99j
vvmcRVsVsABMwa7YvQz/C4i4PgD/LTeIZMuVU7ynbP9IpVUlP8XRvkOu1XBzxVFa
ggD4O8TTKgcfoy2D+dbnuSEH4ftQOpE4oC7Q9JaBEsUE3bAi8DC8OdkidJpGYVx/
rdfz6n2XW4W3siU4teGkmpnJacGrNCHpYbdesxYwj/9P/gvrumX7Xt6kbiCJVpte
r5wI7YSZcVLYvnWOcqFZ2vU6aTgK2enB6n9OChdYnkgZoQZ3PkQzYC2hw+ZOksnS
SQHlNBYasLhYqNDH8oYN5UKcZfip+R67r0kv8pYshFLoDIdFaDeRRWMovDfO9vRE
jaPHU2PgUB2JkqNHcWcUsLYy4nVbm8QKD8M=
=r7ho
-----END PGP MESSAGE-----
为什么加密结果不一样?
答案1
造成此种差异的原因是多种多样的。
- OpenPGP 是一个混合密码体制,结合了对称和公钥/私钥加密。随机生成的会话密钥用于加密实际消息,会话密钥本身使用公钥加密。由于每次加密新消息时都会随机选择会话密钥,因此每次加密某些内容时都会获得新的加密文本,无论是来自 STDIN 还是文件。
- “文字数据包”,包含实际消息的最内层(在压缩和加密之前)包含文件名 - 或者如果从 STDIN 加密则包含空字符串。
- 上面提到的文字数据包还包括一个时间戳,通常是加密文件的时间戳,或者从STDIN加密时的当前时间。
所有这些点都会导致输入的细微差异产生截然不同的密文。因此,早一秒加密将产生完全不相关的密文!
- 最后,加密(如果使用的话,签名)数据包也有时间戳,但这些时间戳只会改变单个时间戳,而不是整个密文。
答案2
似乎是一个随机数而不是时间戳。
PGP 的工作原理 PGP 结合了传统和公钥加密技术的一些最佳特性。PGP 是一种混合加密系统。当用户使用 PGP 加密明文时,PGP 首先会压缩明文。数据压缩可节省调制解调器传输时间和磁盘空间,更重要的是,可增强加密安全性。大多数密码分析技术都利用在明文中发现的模式来破解密码。压缩可减少明文中的这些模式,从而大大增强对密码分析的抵抗力。(太短而无法压缩的文件或压缩效果不佳的文件不会被压缩。)
然后,PGP 创建一个会话密钥,这是一个一次性的密钥。此密钥是根据鼠标的随机移动和键入的按键生成的随机数。此会话密钥与非常安全、快速的传统加密算法配合使用,对明文进行加密;结果是密文。数据加密后,会话密钥将加密为收件人的公钥。此公钥加密的会话密钥将与密文一起发送给收件人。