我將使用儲存在 pub.pem 中的以下 PGP 金鑰:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQGiBDp1yy0RBADVlyDewVwltBs7HnHCG3bXlVUODFkn/00TdbM2SPnOAIkj4giB
ylOP7Mg+Hr5y7FIBvmPWx06In6JjNQiSbpshP5YHv57UfE79nEJdWuSTQt/7j7IJ
GkHYtBRHQMIAHMgT8IB5d3gFq52jSa8hw/ixMP09a0Rw8RP9+kOE4s9UrQCg/zVH
IHswdc/mb50PjdeXwnjxQbkD/3lJYEzz8eUlFHB4rVaC1yRi21Lypf0DIMfQg5j9
xBxY4odFJKyf22PeuAjp9roURRIbGIkIGH8eXF+Mav9OqEdD80JbEn1hZuaLk1RF
k1XJjmFRdKXz+Q7JmRdbs3zXXav2cYwalgzEXT5kuXuNlThLTnLoEFop8Hl3xM4/
PdqMBACkkHb07vPY5l429tdXqL00lE6LedlBW4FLjI534QgselsrUxq5U5y0Wg1Z
//a66l5QkyaMrpsHKfkLHdaPOVCs/WeG6eLwD/cUBEM1Y9Yb5DaB0njdZB3Yxcm8
W23hpKjDanb7SbaSA16gBIWRlvrB/qU+MZAj+EXRDJmwMJq2y7QjbmV0aXZhIGNh
ZnRvcmkgPG5ldGl2YWNAb25lYm94LmNvbT6JAE4EEBECAA4FAjp1yy0ECwMCAQIZ
AQAKCRDFpFclYzXzSwiRAJ0S3djCkJJPUalRyE+vWnfnhvJmDgCfTEBN2N6GlGWO
mrOg1tQlZoWbd5q5Ag0EOnXLLRAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65
Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09
jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brw
v0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiN
jrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrK
lQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH+wVFKD3A
FEdEBHqDZuKjLdLJIKHk4gloKeQ60R9NLLFynfIgSvgsii5uWLY9+gZ2FIGnP3Yc
GxZH1HASv+pG1sw0MnhutxZui3E3Mt69Uv1KTlTGYkfS+mXBw4Qr7hXavCkF45we
f/9Qlj6hSKVjy4YcewdvpopM9S4gVcBq+EdTp1negsCyj3YhFiEo0JEL40mnoHX7
HudJBbiBmknmBZOjxzBBeDPcu7fWV/LDCWiFoGg9uWy2KOcIt7sNXVJbukbSGYg2
hzOB2JPaqCqI5+4YfUCumNLd0lktT7S1V3/6xszEnybQL7tMtmrZZFAFHFAwLNPA
bLxdF/b26GbrTT+JAEYEGBECAAYFAjp1yy0ACgkQxaRXJWM180ttbQCg98c40J41
iXkP9CuqGR0LBJ46VNAAnj+5dH9N226fBp5TN0rAyxwBveTK
=0VvA
-----END PGP PUBLIC KEY BLOCK-----
導入金鑰:
>>> gpg < pub.pem
pub 1024D/6335F34B 2001-01-29 netiva caftori <[email protected]>
sub 2048g/97F431A1 2001-01-29
>>> gpg --import < pub.pem
gpg: key 6335F34B: "netiva caftori <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
加密並列印結果:
>>> echo "encrypt this." | gpg --armor --recipient 18A489A6 --encrypt
gpg: 9BD7D221: There is no assurance this key belongs to the named user
pub 4096R/9BD7D221 2014-11-06 Apotheke2
Primary key fingerprint: CAAF 8F36 3B87 E945 25D9 8AF8 9B73 8EE5 18A4 89A6
Subkey fingerprint: 6817 E44B E8CF B4A8 4D88 BED4 B74B 3DAC 9BD7 D221
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQIMA7dLPayb19IhAQ/+PQSNWVgAKWjeQsotCvFeV95RFqNHFj7EDeLrbgdhWQAu
0MgCg7MrCrT8Hr6kKVXG1FmPX8ql9/CZfQf5iqSNL6v0k8zQCpet7RRhL2TuUwmm
3qLkEcbTzieoukKYqhVqascBSYUFpnpTKocywDScuiB4tRbRSgbca9YJvF3IgAtv
fcdoyspGef4QaEcgJ/mAFhun0AtQSZgPErxl87HBbgAV6VnC9L/0jpev3lZDn4CF
YN5jtOogSiZCVNQEm8uWUNN7j2S1HD0yfAdTU6ngB9g4gXQq3UEIN1hxHUzBSguD
N2C4/dGnKGDkvy9UFiV9rjYhwaEwyYqbChrwilxfhirZh1OY/pLJmTyy4BPgX3hP
EemUNW8TfjkXnciSdv0/nb/Ll+29dK/wW0nI1/4yU6lmAkAxC+ZLcT+GAK9kIQk1
RkuMk4DS5cRDRvTno5zPWKdYKlzcxeZczDvBBJLzBhiwOYAoHR7moFHm1n2QFR78
LKm/nyHvm34YDkjSloEGygfLo9oSzi+L/BeX9IHOYO3O8p5p+sisqzoti7JFsdZp
1iRdCu7wKyVI74bYHU6CzoB7awyI3QTmcgy83IgB6Ntlwjwt/J2OObT9K9WBOiJC
L3UqUrlTfjpSVdfZeqpAdR9AISU7rLd7LH2XWezs2YRDlg74ey8ruz+kYnVSi0DS
SQHfqlwyqpb+r5kW/GBdOdxVFSVZMpz0qyNcUFeNdAfCrCdWDmyqPc47+2tY8xsn
y/ZitDx9ram0Nc99GddxkmxGsz15vQFE/Ak=
=uHqF
-----END PGP MESSAGE-----
加密並將結果傳輸到文件中:
>>> echo "encrypt this." | gpg --armor --recipient 18A489A6 --encrypt > text.enc
gpg: 9BD7D221: There is no assurance this key belongs to the named user
pub 4096R/9BD7D221 2014-11-06 Apotheke2
Primary key fingerprint: CAAF 8F36 3B87 E945 25D9 8AF8 9B73 8EE5 18A4 89A6
Subkey fingerprint: 6817 E44B E8CF B4A8 4D88 BED4 B74B 3DAC 9BD7 D221
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
>>> cat text.enc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQIMA7dLPayb19IhARAAq5Sgcqr+reXH8V35ZvFCL3l/Auqq/EkNwIICHW9LfflB
exst6WHaF2t/wMKSCw0kkyCoqbw6typD4Hida4jg5QJytWjezWPA6qLcpf9LtMxg
hO4vPVOyP9sK1140LhqTK4lkTHEYrcS9HC1uy4KUVhEoYll43xwn8ofO7VfKuMzj
KmskwNiehSfye3KuCvbpqsHW14vK193GgGylaDwKRqvwkeXIzDN1Wv8Xq6wspocP
Q96fo5gTn5RxtlLZ5UJgdVQgjUgKs1V+LnUABQgAloEJdmFKCMRvIuE680doaJzF
A2ny+rfoDJYFSkfnWHebd2v21vKruSWFrseVLRadKlejgzjUmND7oflAjaX0hYt2
uFIjRhLshrMTPmgMXai+vSx3LgtMa5fJvkZ/5k9svm/e7PUoagEaD1y3dM81f99j
vvmcRVsVsABMwa7YvQz/C4i4PgD/LTeIZMuVU7ynbP9IpVUlP8XRvkOu1XBzxVFa
ggD4O8TTKgcfoy2D+dbnuSEH4ftQOpE4oC7Q9JaBEsUE3bAi8DC8OdkidJpGYVx/
rdfz6n2XW4W3siU4teGkmpnJacGrNCHpYbdesxYwj/9P/gvrumX7Xt6kbiCJVpte
r5wI7YSZcVLYvnWOcqFZ2vU6aTgK2enB6n9OChdYnkgZoQZ3PkQzYC2hw+ZOksnS
SQHlNBYasLhYqNDH8oYN5UKcZfip+R67r0kv8pYshFLoDIdFaDeRRWMovDfO9vRE
jaPHU2PgUB2JkqNHcWcUsLYy4nVbm8QKD8M=
=r7ho
-----END PGP MESSAGE-----
為什麼產生的加密結果不相同?
答案1
造成差異的原因有很多。
- OpenPGP 是一個混合密碼系統,結合對稱公鑰/私鑰加密技術。隨機產生的會話金鑰用於加密實際訊息,並且會話金鑰本身是使用公鑰加密的。由於每次加密新訊息時都會隨機選擇會話密鑰,因此每次加密某些內容時都會得到一個新的加密文本,無論是來自 STDIN 還是來自檔案。
- “文字資料包”,即包含實際訊息(在壓縮和加密之前)的最內層,包含檔案名,或者如果從 STDIN 加密則為空字串。
- 上面提到的文字封包還包含時間戳,通常是加密檔案的時間戳,或從 STDIN 加密時的當前時間。
對於輸入中的微小差異,所有這些點都會導致非常不同的密碼文字。因此,提前一秒加密將產生完全不相關的密碼文字!
- 最後,加密(如果使用的話,簽名)資料包也有時間戳,但這些只會改變單一時間戳,而不是整個密碼文字。
答案2
似乎是一個隨機數字而不是時間戳。
PGP 的工作原理 PGP 結合了傳統金鑰加密和公鑰加密的一些最佳功能。 PGP 是一種混合密碼系統。當使用者使用PGP加密明文時,PGP會先壓縮明文。資料壓縮節省了調變解調器傳輸時間和磁碟空間,更重要的是,增強了加密安全性。大多數密碼分析技術利用明文中發現的模式來破解密碼。壓縮減少了明文中的這些模式,從而大大增強了對密碼分析的抵抗力。 (太短而無法壓縮或壓縮效果不好的檔案不會被壓縮。)
然後,PGP 會建立一個會話金鑰,這是一個一次性的秘密金鑰。此密鑰是根據滑鼠的隨機移動和您鍵入的按鍵產生的隨機數。此會話金鑰與非常安全、快速的傳統加密演算法一起對明文進行加密;結果是密文。一旦資料被加密,會話金鑰就會被加密為接收者的公鑰。此公鑰加密的會話金鑰與密文一起傳輸給接收者。