GPG/SMIME/HTTPS/PEM/DER手记
- Mac: https://www.gpgtools.org
- Windows: http://gpg4win.org
- Thunderbird: EnigMail插件
- 网页可以用Firefox/Chrome插件:mailvelope
例: 验证下载的Putty
Putty网站上提供了master key和release key. 其中, 对master key提供了指纹. master key与release key相互签署.
gpg --import master-rsa.asc
gpg --import release-rsa.asc
gpg --check-sigs
gpg --fingerprint
gpg --verify putty-0.65-installer.exe.RSA putty-0.65-installer.exe
Key Server:
Key Signing Party:
S/MIME邮件
可以去StartSSL上免费申请一个.
发出的邮件带一个smime.p7s附件, 里面包含被CA签过的公钥.
SSL 证书
概念:
证书 == 被签过的公钥
签 == 用私钥加密它人的公钥的指纹(常为SHA), 并附在该公钥后面
下面以从StartSSL上申请到的证书为例:
申请的时候, 生成一个CSR证书(实际上是公钥), 传给CA, CA签一下之后传回给你, 然后放到Nginx或Apache服务器里.
+---------------------+ +---------------------+ +------------+
+--+ CA Root Certificate + | CSR (Public Key) | ...... | Secret Key |
| +----------+----------+ +------+--------------+ +------------+
| | Sign |
| +----------v-------------+ Sign |
| | CA Class 1 Certificate +------>---+
^ +------------------------+ |
| |
| +---------+-----------+
| | Signed Certificate |
| Trust +---------+-----------+
^ |
| |
| +---------+-----------+
+------<---<---<-------------+ Browser |
+---------------------+
参考
- https://emailselfdefense.fsf.org/en/
- https://tonghuix.io/2014/11/gnupg-leaflet/
- https://tonghuix.io/2014/12/opensuse-gnupg-kleopatra/
- https://tonghuix.fedorapeople.org/F21-HFD2015.pdf
- The Most Common OpenSSL Commands
Mac
- https://ssd.eff.org/en/module/how-use-pgp-mac-os-x
- GPGTools的说明: http://support.gpgtools.org/kb/how-to/first-steps-where-do-i-start-where-do-i-begin
- http://support.gpgtools.org/kb/gpgmail-faq/gpgmail-2-hidden-settings