GnuPG ¸®´ª½º¿¡¼­ ¾ÈÀüÇÏ°Ô Åë½ÅÇϱâ

[æ»: À±ºÀȯ, el@linuxlab.co.kr]
¿ø¹® : By Kapil Sharma

°³¿ä

GnuPG´Â Åë½Å»ó¿¡¼­ ȤÀº µ¥ÀÌÅ͸¦ ÀúÀåÇÒ ¶§ º¸¾ÈÀ» ÁöÅ°´Â µµ±¸ÀÌ´Ù. GnuPG´Â µ¥ÀÌÅ͸¦ ¾ÏȣȭÇÏ°í ÀüÀÚ ¼­¸íÀ» ¸¸µé ¼ö ÀÖÀ¸¸ç ¾Ïȣȭ µµ±¸·Î À¯¸íÇÑ PGP¸¦ ¿Ïº®ÇÏ°Ô ´ë½ÅÇÒ ¼ö ÀÖ´Ù. ÇÏÁö¸¸, IDEA ¾Ë°í¸®µëÀ» ÀüÇô ÀÌ¿ëÇÏÁö ¾ÊÀ¸¹Ç·Î ¾Æ¹«·± Á¦ÇÑ ¾øÀÌ ¾µ ¼ö ÀÖ´Ù.

GnuPG´Â °ø°³Å° ¹æ½ÄÀÇ ¾Ïȣȭ ±â¹ýÀ» »ç¿ëÇϹǷΠ´õ¿í ¾ÈÀüÇÏ°Ô Åë½ÅÇÒ ¼ö ÀÖ´Ù. °ø°³Å° ½Ã½ºÅÛ¿¡¼­´Â »ç¿ëÀÚ¸¶´Ù ºñ¹ÐÅ°¿Í(private key) °ø°³Å°¸¦ ½ÖÀ¸·Î °¡Áö°í ÀÖ´Ù. »ç¿ëÀÚÀÇ ºñ¹ÐÅ°´Â ³ëÃâµÇÁö ¾Ê°í ¾ÈÀüÇÏ°Ô º¸°üµÇ¸ç °ø°³Å°´Â »ç¿ëÀÚ¿Í Åë½ÅÇÏ·Á´Â ´Ù¸¥ À̵鿡°Ô ³ª´²ÁÙ °ÍÀÌ´Ù.

Features

¡¤PGP¸¦ ¿ÏÀüÇÏ°Ô ´ëü
¡¤¹èŸÀûÀÎ(ƯÇã) ¾Ë°í¸®µëÀº ÀüÇô »ç¿ëÇÏÁö ¾Ê´Â´Ù.
¡¤GPL¿¡ µû¸¥´Ù.
¡¤ÇÊÅÍ ÇÁ·Î±×·¥Ã³·³ »ç¿ëÇÒ ¼ö ÀÖ´Ù.
¡¤OpenPGP¸¦ ÃæÁ·½ÃŲ´Ù.
¡¤PGP³ª º¸¾È¼ºÀÌ °­È­µÈ PGP 2º¸´Ù ³ªÀº ±â´ÉÀ» °¡Áö°í ÀÖ´Ù.
¡¤PGP 5.x ¸Þ½ÃÁö¸¦ Ç®°í °ËÁõÇÑ´Ù.
¡¤ElGamal (¼­¸í°ú ¾Ïȣȭ), DSA, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1,
   RIPE-MD-160, TIGER µîÀ» Áö¿øÇÑ´Ù.
¡¤»õ·Î¿î ¾Ë°í¸®µëÀ» ¸ðµâ ÇüÅ·Π½±°Ô Ãß°¡ÇÒ ¼ö ÀÖ´Ù.
¡¤»ç¿ëÀÚ ID´Â Ç¥ÁØ Çü½ÄÀ» µû¸£µµ·Ï ¸¸µç´Ù.
¡¤Å°¿Í ¼­¸íÀÇ ¸¸·á ±â°£À» Á¤ÇÒ ¼ö ÀÖ´Ù.
¡¤English, Danish, Dutch, Esperanto, French, German, Japanese, Italian, Polish,
   Portuguese (Brazilian), Portuguese (Portuguese), Russian, Spanish, Swedish µîÀ»
   Áö¿øÇÑ´Ù.
¡¤¿Â¶óÀÎ µµ¿ò¸» ½Ã½ºÅÛ.
¡¤ÀÍ¸í ¸Þ½ÃÁö ¼ö½ÅÀÚµéÀ» ¼±ÅÃÇÒ ¼öµµ ÀÖ´Ù.
¡¤HKP Å°¼­¹ö¸¦ ¿Ïº®ÇÏ°Ô Áö¿øÇÑ´Ù.(wwwkeys.pgp.net).
¡¤±×·¡ÇÈ À¯Àú ÀÎÅÍÆäÀ̽º¸¦ °¡Áø ÇÁ·ÐÆ® ¿£µå ÇÁ·Î±×·¥(GUI frontend)µéÀÌ ¸¹ÀÌ ÀÖ´Ù.
   GnuPG¿Í °ü·ÃµÈ ¼ÒÇÁÆ®¿þ¾îµéÀº http://www.gnupg.org/download.html¿¡¼­ ¸ðµÎ
   Ã£À» ¼ö ÀÖ´Ù.

¼³Ä¡

gnupg ¼Ò½º ÆÄÀÏÀ» ./usr/local/ µð·ºÅ丮³ª ¼³Ä¡ÇÏ·Á´Â µð·ºÅ丮·Î ¿Å°Ü°£´Ù.(cd ¸í·É)
 [root@dragon local]# tar xvzf gnupg-1.0.4.tar.gz
 [root@dragon local]# cd gnupg-1.0.4
 [root@dragon gnupg-1.0.4]# ./configure
 [root@dragon gnupg-1.0.4]# make
make ¸í·ÉÀº Makefile ¼Ó¿¡ Á¤ÇØÁø ±ÔÄ¢¿¡ µû¶ó ¼Ò½ºÆÄÀÏÀ» ÄÄÆÄÀÏÇؼ­ ½ÇÇàÇÒ ¼ö ÀÖ´Â
¹ÙÀ̳ʸ® ÇüÅ·Π¸¸µç´Ù.

 [root@dragon gnupg-1.0.4]# make check
ÆÐÅ°Áö¿¡ µé¾î ÀÖ´Â µµ±¸µé·Î ÀÚ°¡-Áø´ÜÀ» ½ÇÇàÇÑ´Ù.

 [root@dragon gnupg-1.0.4]# make install
¹ÙÀ̳ʸ®¿Í ±× ¹Û¿¡ ÇÊ¿äÇÑ ÆÄÀϵéÀ» ÁöÁ¤µÈ À§Ä¡¿¡ ¼³Ä¡ÇÑ´Ù.

 [root@dragon gnupg-1.0.4]# strip /usr/bin/gpg
"strip" ¸í·ÉÀº gpg ¹ÙÀ̳ʸ® ÆÄÀÏÀÇ Å©±â¸¦ ÁÙ¿© ¼Óµµ¸¦ Çâ»ó½ÃŲ´Ù.

Common Commands

 

1: »õ·Î¿î Å° ½Ö ¸¸µé±â

¸ÕÀú »õ·Î¿î Å°-½ÖÀ»(°ø°³Å°¿Í ºñ¹ÐÅ°) ¸¸µé¾î¾ß ÇÑ´Ù. ¸í·ÉÇà ¿É¼Ç --gen-key´Â »õ·Î¿î Å° ½ÖÀ» ¸¸µç´Ù.

Step 1
gpg¸¦ óÀ½ ½ÃÀÛÇϸé ÇÊ¿äÇÑ µð·ºÅ丮°¡ ¸¸µé¾îÁø´Ù:
 

[root@dragon /]# gpg --gen-key gpg (GnuPG) 1.0.2; Copyright (C) 2000 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: /root/.gnupg: directory created gpg: /root/.gnupg/options: new options file created gpg: you have to start GnuPG again, so it can read the new options file

Step 2
¾Æ·¡ ¸í·ÉÀ¸·Î GnuPG¸¦ ´Ù½Ã ½ÃÀÛÇÑ´Ù:
 

[root@dragon /]# gpg --gen-key gpg (GnuPG) 1.0.2; Copyright (C) 2000 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg:/root/.gnupg/secring.gpg: keyring created gpg: /root/.gnupg/pubring.gpg: keyring created Please select what kind of key you want:    (1) DSA and ElGamal (default)    (2) DSA (sign only)    (4) ElGamal (sign and encrypt) Your selection?  1 DSA keypair will have 1024 bits. About to generate a new ELG-E keypair.               minimum keysize is  768 bits               default keysize is 1024 bits     highest suggested keysize is 2048 bits What keysize do you want? (1024) 2048 Do you really need such a large keysize? y Requested keysize is 2048 bits Please specify how long the key should be valid.          0 = key does not expire       <n>   = key expires in n days       <n> w = key expires in n weeks       <n> m = key expires in n months       <n> y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: Real name: Kapil sharma Email address: kapil@linux4biz.net Comment: Unix/Linux consultant You selected this USER-ID:     "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Enter passphrase: [enter a passphrase] Repeat passphrase: [Repeat passphrase] We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++.+++++^^^ public and secret key created and signed.

Å° ½ÖÀ» ¸¸µé¾î ³»´Â µ¿¾È GnuPG°¡ ¹°¾îº¸´Â ´Ù¾çÇÑ Áú¹®µé¿¡ ´ëÇØ ¾Ë¾Æº¸ÀÚ.
 

Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection?

GnuPG´Â Á¾·ù°¡ ´Ù¸¥ Å° ½ÖÀ» ¸¸µé¾î ³¾ ¼ö ÀÖ´Ù. ¿©±â¿¡´Â ¼¼ °¡Áö ¿É¼ÇÀÌ ÀÖ´Ù.

DSA Å° ½ÖÀº ¼­¸íÀ» ¸¸µé ¶§¿¡¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Â 1Â÷ Å° ½ÖÀÌ´Ù. ElGamal ÇÏÀ§ Å° ½ÖÀº ¾ÏȣȭÇϴµ¥ ¾²ÀδÙ. µÎ ¹ø° ¿É¼ÇÀº ù ¹ø° ¿É¼Ç°ú ºñ½ÁÇÏÁö¸¸ ¿ÀÁ÷ DSA Å° ½Ö¸¸ »ý¼ºÇÑ´Ù. ¿É¼Ç 4[1]Àº ¼­¸í°ú ¾Ïȣȭ¿¡ ¸ðµÎ »ç¿ëÇÒ ElGamal Å° ½Ö ÇÑ°¡Áö¸¦ ¸¸µç´Ù. ´ë°³ ±âº» ¿É¼ÇÀ» »ç¿ëÇϸé ÁÁ´Ù.

ÀÌÁ¦´Â Å° Å©±â¸¦ °ñ¶ó¾ß ÇÑ´Ù. DSA Å° Å©±â´Â ¹Ýµå½Ã 512¿¡¼­ 1024 ºñÆ® »çÀÌ¿©¾ß Çϸç, ElGamal Å°´Â ¾î¶² Å©±â¶óµµ »ó°ü¾ø´Ù.
 

About to generate a new ELG-E keypair. minimum keysize is  768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024)

±ä Å°¸¦ ¼±ÅÃÇϸé ÁÁÀº Á¡°ú ³ª»Û Á¡ÀÌ Àִµ¥:

 ÁÁÀºÁ¡ : 1) ±ä Å°´Â ¹«½ÄÇÑ °ø°Ý¿¡ ´ëÇØ º¸´Ù ¾ÈÀüÇÏ´Ù.
 ´Ü   Á¡ : 1) ¾ÏȣȭÇϰųª ±× °ÍÀ» Ç®¾î³¾ ¶§ Å° Å©±â°¡ Å©¸é Ŭ¼ö·Ï ¿À·¡ °É¸°´Ù .
             2) ±ä Å°´Â ¼­¸í ±æÀÌ¿¡µµ ¿µÇâÀ» ÁØ´Ù.

±âº» Å° Å©±â´Â °ÅÀÇ ¸ðµç °æ¿ì¿¡ Àû´çÇϸç Å° Å©±â¸¦ ¼±ÅÃÇÑ ´ÙÀ½¿¡´Â °áÄÚ ¹Ù²îÁö ¾Ê°Ô ÇÒ ¼ö ÀÖ´Ù. ¸¶Áö¸·À¸·Î ¸¸·á±â°£À» °ñ¶ó¾ß ÇÑ´Ù. ¿É¼Ç 1À» ¼±ÅÃÇß´Ù¸é ¸¸·á±â°£Àº ElGamal°ú DSA Å° ½Ö ¸ðµÎ¿¡ Àû¿ëµÈ´Ù.
 

Please specify how long the key should be valid 0 = key does not expire   = key expires in n days <n> w = key expires in n weeks <n> m = key expires in n months <n> y = key expires in n years Key is valid for? (0)

´ëºÎºÐ »ç¿ëÀڵ鿡°Ô ¸¸·á ±â°£À» Á¤ÇØ µÎ´Â °ÍÀº ¾î¿ï¸®Áö ¾Ê´Â´Ù. Å°°¡ ¸¸µé¾îÁø ´ÙÀ½¿¡µµ ±â°£À» ¹Ù²Ü ¼ö ÀÖÁö¸¸ ¿©·¯ºÐÀÇ °ø°³Å°¸¦ °¡Áö°í ÀÖ´Â ´Ù¸¥ »ç¿ëÀڵ鿡°Ô ¹Ù²ï °ÍÀ» ¾Ë¸®±â ¾î·Á¿ï ¼ö ÀÖÀ¸¹Ç·Î ¸¸·á ±â°£Àº Á¶½É½º·´°Ô ¼±ÅÃÇØ¾ß ÇÑ´Ù.

¿©·¯ºÐÀº ¹Ýµå½Ã Å° Æз¯¹ÌÅÍ¿¡ »ç¿ëÀÚ ID¸¦ ³Ö¾î¾ß ÇÑ´Ù. »ç¿ëÀÚ ID´Â Å°°¡ ¸¸µé¾îÁö´Â µ¿¾È ½ÇÁ¦ »ç¶÷°ú ¿¬°ü½Ãų ¶§ »ç¿ëµÈ´Ù.
 

You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Kapil Sharma (Linux consultant) <kapil@linux4biz.net> " Real name: Enter you name here Email address: Enter you email address Comment: Enter any comment here

GnuPG´Â ¿©·¯ºÐÀÌ ¼ÒÀ¯ÇÑ ÁÖ Å°¿Í ÇÏÀ§ Å°¸¦ º¸È£Çϱâ À§ÇØ ºñ¹Ð¹®±¸(passphrase)¸¦ ¿ä±¸ÇÑ´Ù.
 

You need a Passphrase to protect your secret key. Enter passphrase:

ºñ¹Ð¹®±¸(ÝúÚËÙþÏ£) ±æÀÌ¿¡´Â Á¦ÇÑÀÌ ¾ø´Ù. º¸¾ÈÀû °üÁ¡¿¡¼­ ºñ¹ÐÅ°¸¦ ÇØÁ¦Çϱâ À§ÇÑ passphrase´Â GnuPGÀÇ Ãë¾àÁ¡ °¡¿îµ¥ ÇϳªÀ̹ǷÎ(±×¸®°í ´Ù¸¥ °ø°³Å° ¾Ïȣȭ ½Ã½ºÅÛ¿¡¼­µµ) ±¸¹®À» ¸Å¿ì Á¶½É½º·´°Ô ¼±ÅÃÇØ¾ß ÇÑ´Ù .ÀÌ»óÀûÀÎ ºñ¹Ð¹®±¸´Â »çÀü¿¡ ³ª¿ÍÀÖ´Â ´Ü¾î¸¦ »ç¿ëÇÏÁö ¾Ê°í ¾ËÆĺª ¹®ÀÚ¿Í ¾ËÆĺªÀÌ ¾Æ´Ñ ¹®ÀÚµéÀ» Á¶ÇÕÇÑ ¹®ÀÚ¿­ÀÌ´Ù. ÁÁÀº ºñ¹Ð¹®±¸´Â GnuPG ÀÚ½ÅÀÇ º¸¾È¿¡ ¸Å¿ì Áß¿äÇÏ´Ù.

 

2: ÀÎÁõ ÆóÁö Áõ¸í

¿©·¯ºÐÀÌ »ç¿ëÇÒ Å° ½ÖÀÌ ¸¸µé¾îÁø ´ÙÀ½¿¡´Â ¹Ù·Î "--gen-revoke" ¿É¼ÇÀ» µ¡ºÙ¿©¼­ ÁÖ °ø°³Å°¿¡¼­ »ç¿ëÇÒ ÆóÁö Áõ¸íÀ» ¸¸µé¾î¾ß ÇÑ´Ù. ¿©·¯ºÐÀÌ ¼³Á¤ÇÑ ºñ¹Ð¹®±¸¸¦ Àؾú°Å³ª ¿©·¯ºÐÀÇ ºñ¹ÐÅ°°¡ ÈѼյǰųª ÀÒ¾î¹ö·ÈÀ» ¶§ ÆóÁö Áõ¸íÀº ¿©·¯ºÐÀÌ ³ª´²ÁØ °ø°³Å°°¡ ´õ ÀÌ»ó ¾µ¸ð ¾ø´Ù´Â °ÍÀ» ´Ù¸¥ À̵鿡°Ô ¾Ë¸®´Â µ¥ ¾²ÀδÙ.
 

[root@dragon /]# gpg --output revoke.asc --gen-revoke mykey

mykey¿¡´Â ¿©·¯ºÐÀÌ ¾Õ¼­ ¸¸µç ÁÖ Å° ½ÖÀÇ Å° ID¸¦ ³Ö°Å³ª, Å° ½ÖÀ» ½Äº°Çϱâ À§ÇØ ³ÖÀº »ç¿ëÀÚ ID ÀϺθ¦ ³Ö´Â´Ù. »ý¼ºµÈ Áõ¸íÀº revoke.asc¶ó´Â À̸§À» °¡Áø ÆÄÀÏ¿¡ ÀúÀåµÈ´Ù. ÆóÁöÁõ¸íÀº ´Ù¸¥ À̵éÀÌ Á¢±ÙÇÒ ¼ö ÀÖ´Â µð·ºÅ丮¿¡ µÎÁö ¾Ê´Â´Ù. ¾Æ¹«³ª ÀÌ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Ù¸é ´©±¸³ª ÆóÁö Áõ¸íÀ» ÃâÆÇÇÒ ¼ö ÀÖÀ» °ÍÀÌ°í ÀÏÄ¡ÇÏ´Â °ø°³Å°¸¦ ÃßÃâÇØ ³¾ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù.
 

root@alive /root [18] # gpg --output revoke.asc --gen-revoke el sec  1024D/C8D2B7E5 2000-12-07   electuz (Linux Consultant) <el@linuxlab.co.kr> Create a revocation certificate for this key? y You need a passphrase to unlock the secret key for user: "electuz (Linux Consultant) <el@linuxlab.co.kr>" 1024-bit DSA key, ID C8D2B7E5, created 2000-12-07 ASCII armored output forced. Revocation certificate created. Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable.  But have some caution:  The print system of your machine might store the data and make it available to others!


 

3: Å° ¸ñ·Ï

¿©·¯ºÐÀÇ °ø°³Å°¸¦ ¸ñ·ÏÀ¸·Î ¸¸µé¾î °í¸®¿¡ °É¾î µÎ·Á¸é ¸í·ÉÇà¿¡¼­ --list-keys ¿É¼ÇÀ» »ç¿ëÇÑ´Ù.
 

[root@dragon /]#  gpg --list-keys /root/.gnupg/pubring.gpg ------------------------ pub  1024D/020C9884 2000-11-09 Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> sub  2048g/555286CA 2000-11-09


 

4: °ø°³Å° ÃßÃâÇϱâ

¿©·¯ºÐ ȨÆäÀÌÁö³ª ÀÎÅͳݿ¡ ÀÖ´Â Å° ¼­¹ö, ȤÀº ´Ù¸¥ ¹æ¹ýµéÀ» ÀÌ¿ëÇؼ­ °ø°³Å°¸¦ ¹èÆ÷ÇÒ ¼ö ÀÖ´Ù. ¿©·¯ºÐ¿¡°Ô ÆíÁö¸¦ º¸³¾ »ç¶÷¿¡°Ô °ø°³Å°¸¦ º¸³»±â Àü¿¡ ¸ÕÀú ÃßÃâÇØ¾ß ÇÑ´Ù. ¸í·ÉÇà¿¡¼­ --export ¿É¼ÇÀ» »ç¿ëÇÑ´Ù. ÃßÃâÇÏ·Á´Â °ø°³Å°¸¦ ÁöÁ¤ÇÏ´Â ¿É¼ÇÀ» µ¡ºÙÀδÙ.

¹ÙÀ̳ʸ® Æ÷¸ËÀ¸·Î °ø°³Å°¸¦ ÃßÃâÇÏ·Á¸é ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
 

[root@dragon /]# gpg --output kapil.gpg --export kapil@linux4biz.net

ASCII ¹®ÀÚµé·Î ¹Ù²Ù¾î °ø°³Å°¸¦ ÃßÃâÇÒ ¶§¿¡´Â ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
 

[root@dragon /]# gpg  --export-armor > kapil-key.asc

"--export"´Â ¾ÏȣȭµÈ °ø°³Å° ¿­¼è°í¸® ÆÄÀÏ¿¡¼­ °ø°³Å°¸¦ »Ì¾Æ³½´Ù. "-armor"´Â(¿ªÀÚ°¡ Å×½ºÆ®ÇÑ 1.0.4 ¹öÀü¿¡¼­´Â --export -a ¶Ç´Â --export --armor ¿É¼ÇÀ» »ç¿ëÇÑ´Ù) ÀüÀÚ¿ìÆíÀ̳ª À¥ ÆäÀÌÁö¸¦ ÅëÇØ °ø°³Å°¸¦ ¹èÆ÷ÇÒ ¼ö ÀÖµµ·Ï ASCII ¹®ÀÚµé·Î ±¸¼ºµÈ Ãâ·Â¹°À» »ý¼ºÇϸç "> kapil-key.asc"´Â Ãâ·ÂµÈ °á°ú¸¦ ÆÄÀÏ·Î ÀúÀåÇÑ´Ù.

ASCII ¹®ÀÚµé·Î ±¸¼ºµÈ Ãâ·Â¹°À» ±×Àú È­¸é»óÀ¸·Î º¸±â¸¸ ÇÑ´Ù¸é ´ÙÀ½ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
 

[root@dragon /]# gpg  --export-armor -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: For info see http://www.gnupg.org [...] -----END PGP PUBLIC KEY BLOCK-----

5: °ø°³Å° °¡Á®¿À±â

¿©·¯ºÐÀÇ Å° ½ÖÀÌ ¸¸µé¾îÁ³À¸¸é, ±× °ÍÀ» °ø°³ ¿­¼è°í¸®(public keyring) µ¥ÀÌÅͺ£À̽º¿¡ ³ÖÀ» ¼ö ÀÖ´Ù. ¹ÏÀ» ¼ö ÀÖ´Â »ó´ë°¡ º¸³»´Â ¸ðµç Å°µéÀ» °ø°³ ¿­¼è°í¸®¿¡ °É¾î µÎ°í ÇÊ¿ä¿¡ µû¶ó ¾Ïȣȭ¿Í ÀÎÁõ Åë½Å¿¡ »ç¿ëÇÒ ¼ö ÀÖ´Ù. °ø°³Å°´Â --import ¿É¼ÇÀ» ÀÌ¿ëÇؼ­ ¿©·¯ºÐÀÇ °ø°³ ¿­¼è°í¸®¿¡ º¸ÅÄ´Ù.
 

[root@dragon /]# gpg --import <filename>

"filename"Àº ¹èÆ÷ÇÏ´Â °ø°³Å° À̸§ÀÌ´Ù. ¿¹¸¦ µé¾î:
 

[root@dragon /]# gpg --import mandrake.asc gpg: key :9B4A4024: public key imported gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: Total number processed: 1 gpg:                     imported: 1

À§ ¿¹¹®Àº ¸Çµå·¹ÀÌÅ© ¸®´ª½º ȸ»ç¿¡¼­ ¹èÆ÷ÇÏ´Â °ø°³Å° ÆÄÀÏ "mandrake.asc"¸¦ ÀÎÅÍ³Ý »çÀÌÆ®·ÎºÎÅÍ °¡Á®¿Í¼­ ¿ì¸® ¿­¼è°í¸®¿¡ ´õÇÑ´Ù.

 

6: Å° ºñÁØÇϱâ

Å°¸¦ °¡Á®¿ÔÀ¸¸é ¸ÕÀú ºñÁØ(Ýëñ×)°úÁ¤À» °ÅÃÄ¾ß ÇÑ´Ù. Å°´Â ÇΰÅÇÁ¸°Æ®(fingerprint)¸¦ °Ë»çÇؼ­ ºñÁØÇÏ°í °Ë»çÇÑ Å°°¡ À¯È¿ÇÑ Å°ÀÓÀ» Áõ¸íÇϱâ À§ÇØ ¼­¸íÇÑ´Ù. Å° ÇΰÅÇÁ¸°Æ®´Â --fingerprint ¿É¼ÇÀ» ÀÌ¿ëÇØ ½±°Ô º¼ ¼ö ÀÖ´Ù.
 

[root@dragon /]# gpg --fingerprint <UID>

UID´Â °ø°³Å° ¹èÆ÷ÀÚÀÇ À̸§ °¡¿îµ¥ ÀϺÎÀÌ´Ù. ¿¹¸¦ µé¾î:
 

[root@dragon /]# gpg --fingerprint mandrake pub  1024D/9B4A4024 2000-01-06 MandrakeSoft (MandrakeSoft official         keys) <mandrake@mandrakesoft.com>         Key fingerprint = 63A2 8CBD A7A8 387E 1A53  2C1E 59E7 0DEE 9B4A         4024 sub  1024g/686FF394 2000-01-06

 

À§ ¿¹¹®¿¡¼­ ¸Çµå·¹ÀÌÅ© ÇΰÅÇÁ¸°Æ®¸¦ °Ë»çÇß´Ù. --fingerprint ¿É¼ÇÀ» ÀÌ¿ëÇØ ÃßÃâÇÑ Å° ÇΰÅÇÁ¸°Æ®´Â Å°¸¦ ¹èÆ÷ÇÑ ¿ø·¡ ¼ÒÀ¯ÀÚ¸¦ ÅëÇØ È®ÀÎÇÑ´Ù. ±× »ç¶÷¿¡°Ô Á÷Á¢ ¹¯°Å³ª ÀüÈ­³ª ȤÀº º¸ÁõÇÒ ¼ö ÀÖ´Â ´Ù¸¥ ¹æ¹ýÀ» ÅëÇØ ÁøÂ¥ ¼ÒÀ¯ÀÚ¿¡°Ô ¿¬¶ôÇؼ­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¿©·¯ºÐÀÌ --fingerprint ¿É¼ÇÀ» ÀÌ¿ëÇØ ¾Ë¾Æ³½ ÇΰÅÇÁ¸°Æ®°¡ ¿ø·¡ ¼ÒÀ¯ÀÚÀÇ °Í°ú ÀÏÄ¡ÇÑ´Ù¸é ÁøÂ¥ Å°¸¦ °¡Áö°Ô µÈ °ÍÀÌ´Ù.

 

7: Å° ¼­¸íÇϱâ

Å°¸¦ °¡Á®¿Í¼­ ¿©·¯ºÐÀÇ °ø°³Å° µ¥ÀÌÅͺ£À̽º¿¡ ³Ö°í È®ÀÎÇÑ ´ÙÀ½¿¡´Â ¿©·¯ºÐÀÇ ¼­¸íÀ» µ¡ºÙÀÏ ¼ö ÀÖ´Ù. Å°¿¡ ¼­¸íÀ» µ¡ºÙÀÌ´Â °ÍÀº ¿©·¯ºÐÀÌ ±× Å°ÀÇ ÁÖÀÎÀ» ¾Ë°í ÀÖÀ¸¸ç ¹ÏÀ» ¸¸ ÇÏ´Ù´Â °ÍÀ» º¸ÁõÇÏ´Â ¼ÀÀÌ´Ù. ±×·¯¹Ç·Î, 100% ½Å·ÚÇÒ ¼ö ÀÖÀ» ¶§¿¡¸¸ ¼­¸íÇØ¾ß ÇÑ´Ù.

¿©·¯ºÐÀÌ À§¿¡¼­ ¿­¼è°í¸®¿¡ µ¡ºÙÀÎ Mandrakeȸ»çÀÇ Å°¿¡ ¼­¸íÇÏ·Á¸é ´ÙÀ½ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
 

[root@dragon /]# gpg --sign-key <UID>

¿¹¸¦ µé¾î:
 

[root@dragon /]# gpg --sign-key mandrake pub  1024D/9B4A4024  created: 2000-01-06 expires: never      trust: -/q sub  1024g/686FF394  created: 2000-01-06 expires: never (1)    MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com> pub  1024D/9B4A4024  created: 2000-01-06 expires: never      trust: -/q              Fingerprint: 63A2 8CBD A7A8 387E 1A53  2C1E 59E7 0DEE 9B4A 4024         MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com> Are you really sure that you want to sign this key with your key: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> " Really sign? y You need a passphrase to unlock the secret key for user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> " 1024-bit DSA key, ID 020C9884, created 2000-11-09 Enter passphrase: [Enter passphrase]

8: ¼­¸í °Ë»çÇϱâ

¼­¸íÇÑ ´ÙÀ½¿¡´Â ¿©·¯ºÐÀÇ ¼­¸íÀÌ µ¡ºÙ¿©Á³´ÂÁö ¼­¸í ¸ñ·ÏÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ´Ù¸¥ À̵鵵 Å°¸¦ º¸ÁõÇÏ´Â ¼­¸íÀ» ÇÑ´Ù¸é »ç¿ëÀÚ ID¸¶´Ù Çϳª ÀÌ»óÀÇ ÀÚ°¡-¼­¸í(self-signatures)ÀÌ ÀÖÀ» °ÍÀÌ´Ù. "--check-sigs" ¿É¼ÇÀ¸·Î ¼­¸íÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù:

¿¹¸¦ µé¾î:
 

[root@dragon /]# gpg --check-sigs mandrake pub   1024D/9B4A4024 2000-01-06 MandrakeSoft (MandrakeSoft official          keys) <mandrake@mandrakesoft.com> sig!    9B4A4024 2000-01-06  MandrakeSoft (MandrakeSoft official keys)          <mandrake@mandrakesoft.com> sig!    020C9884 2000-11-09  Kapil Sharma (Unix/Linux consultant)          <kapil@linux4biz.net> sub    1024g/686FF394 2000-01-06 sig!    9B4A4024 2000-01-06  MandrakeSoft (MandrakeSoft official keys)          <mandrake@mandrakesoft.com>

9: ¾ÏȣȭÇϱâ¿Í Çص¶Çϱâ

¹®¼­¸¦ ¾ÏȣȭÇϰųª Çص¶Çϱâ´Â ¸Å¿ì °£´ÜÇÏ´Ù.

mandrake¿¡°Ô º¸³¾ ¸Þ½ÃÁö¸¦ ¾ÏȣȭÇÏ·Á ÇÑ´Ù¸é mandrake°¡ ¹èÆ÷ÇÏ´Â °ø°³Å°¸¦ ÀÌ¿ëÇØ ¾ÏȣȭÇؼ­ ¸Þ½ÃÁö¸¦ º¸³½´Ù. ÀÌ ¸Þ½ÃÁö´Â ¿ÀÁ÷ mandrake°¡ °¡Áö°í ÀÖ´Â ºñ¹ÐÅ°¸¦ ÅëÇؼ­¸¸ Çص¶ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ¸¸¾à mandrake°¡ ¿©·¯ºÐ¿¡°Ô ¸Þ½ÃÁö¸¦ º¸³»·Á ÇÑ´Ù¸é ¿©·¯ºÐÀÌ ¹èÆ÷ÇÑ °ø°³Å°¸¦ ÀÌ¿ëÇؼ­ ¾ÏȣȭÇØ¾ß ÇÑ´Ù. ¹°·Ð, ¿©·¯ºÐÀÌ °¡Áø ºñ¹ÐÅ°¸¸ÀÌ ±× ¸Þ½ÃÁö¸¦ Çص¶ÇÒ ¼ö ÀÖ´Ù.

¿ì¸® ¿­¼è°í¸®¿¡ ÀÖ´Â °ø°³Å°¸¦ ÀÌ¿ëÇØ ¸Çµå·¹ÀÌÅ©¿¡°Ô º¸³¾ ÀڷḦ ¾Ïȣȭ/¼­¸íÇϱâ À§Çؼ­´Â ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù(´ç¿¬È÷ ÆíÁö ¹ÞÀ» ÀÌ°¡ ¹èÆ÷ÇÑ °ø°³Å°¸¦ ¹Ì¸® °¡Áö°í ÀÖ¾î¾ß ÇÑ´Ù):
 

[root@dragon /]# gpg  -sear <UID of the public key> <file>

¿¹¸¦ µé¾î:
 

[root@dragon /]# gpg -sear Mandrake document.txt You need a passphrase to unlock the secret key for user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> " 1024-bit DSA key, ID 020C9884, created 2000-11-09 Enter passphrase: [Enter passphrase]

¿É¼Ç¿¡ ¾²ÀÎ "s"´Â ¼­¸íÇϱâ, "e"´Â ¾ÏȣȭÇϱâ, "a"´Â ¾ÏȣȭµÈ ASCII Çü½ÄÀ¸·Î(".asc"´Â ÀüÀÚ¿ìÆíÀ» ÅëÇØ º¸³»±â À§Çؼ­ÀÌ´Ù), "r"Àº ¾Ïȣȭ¿¡ »ç¿ëÇÒ »ç¿ëÀÚ ID À̸§, <file>Àº ¾ÏȣȭÇÏ·Á´Â ÀÚ·áÀÌ´Ù:

¸Þ½ÃÁö¸¦ Çص¶ÇÒ ¶§¿¡´Â -d ¿É¼ÇÀ» »ç¿ëÇÑ´Ù:
 

[root@dragon /]# gpg  -d <file>

¿¹¸¦ µé¾î:
 

[root@dragon /]# gpg -d documentforkapil.asc You need a passphrase to unlock the secret key for user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> " 1024-bit DSA key, ID 020C9884, created 2000-11-09 Enter passphrase: [Enter passphrase]

"-d" ¿É¼ÇÀº ¿©·¯ºÐÀÌ ¹ÞÀº ¾ÏȣȭµÈ ÀÚ·á <file>À» Çص¶ÇÑ´Ù. [ÁÖÀÇ: ¸Þ½ÃÁö/ÀڷḦ º¸³½ »ç¶÷ÀÇ °ø°³Å°°¡ ¿©·¯ºÐÀÇ ¿­¼è°í¸®¿¡ ¹Ýµå½Ã µé¾î ÀÖ¾î¾ß ÇÑ´Ù]

 

10: ¼­¸í °Ë»çÇϱâ

¿©·¯ºÐÀÇ °ø°³Å°¸¦ ÃßÃâÇؼ­ ¹èÆ÷ÇÑ ´ÙÀ½¿¡´Â, ´ç½ÅÀÌ ¾ÏȣȭµÈ ¸Þ½ÃÁö¸¦ º¸³»´õ¶óµµ, ¸Þ½ÃÁö¸¦ ¹ÞÀº ´Ù¸¥ À̵éÀÌ ±× ¸Þ½ÃÁö¿¡ ´ç½ÅÀÇ ¼­¸íÀÌ ÀÖ´ÂÁö GnuPG --verify ¿É¼ÇÀ» ÀÌ¿ëÇØ ¾Ë¾Æº¼ ¼ö ÀÖ´Ù.
¾ÏȣȭµÈ µ¥ÀÌÅÍ¿¡¼­ ¼­¸íÀ» °Ë»çÇÏ·Á¸é ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
 

[root@dragon /]#  gpg --verify <Data>

"--verify" ¿É¼ÇÀº ¼­¸íÀ» Á¡°ËÇÏ´Â ¿É¼ÇÀÌ°í, Á¡°ËÇÏ·Á´Â ¾ÏȣȭµÈ ÀÚ·á/ÆÄÀÏÀº "<Data>" ÀÚ¸®¿¡ ½á³Ö´Â´Ù.

¿¹¸¦ µé¾î:
 

el@alive el [10] $ gpg --verify hello gpg: Signature made 2000³â 12¿ù 12ÀÏ È­¿äÀÏ ¿ÀÀü  9½Ã 42ºÐ 42ÃÊ KST         using DSA key ID C8D2B7E5 gpg: Good signature from "electuz (Linux Consultant) <el@linuxlab.co.kr>"

¸î °¡Áö ¾²ÀÓ»õ

1: ¸ÞÀÏ ¸Þ½ÃÁö ¾ÏȣȭÇؼ­ º¸³»±â
2: ÆÄÀÏÀ̳ª ¹®¼­ ¾Ïȣȭ
3: ³×Æ®¿öÅ©¸¦ ÅëÇØ ÆÄÀÏ°ú Áß¿äÇÑ ¹®¼­µéÀ» ¾ÏȣȭÇؼ­ º¸³»±â

 

GnuPG¿¡ ¾²ÀÌ´Â ¸î °¡Áö ¼ÒÇÁÆ®¿þ¾î¿Í ÇÁ·ÐÆ®¿£µåµé:

GPA http://www.gnupg.org/gpa.html
        Ç¥ÁØ GnuPG¿¡ ¾²ÀÌ´Â ±×·¡ÇÈ ÇÁ·ÐÆ®¿£µå. ¸Å¿ì ¿¹»Û GUI ÀÎÅÍÆäÀ̽º.

GnomePGP http://www.geocities.com/SiliconValley/Chip/3708/gpgp/gpgp-intro.html#
        GnuPG¸¦ Á¦¾îÇÏ´Â GNOME µ¥½ºÅ©Å¾ µµ±¸

Geheimniss http://geheimnis.sourceforge.net/
        GnuPG KDE ÇÁ·ÐÆ®¿£µå

pgp4pine http://pgp4pine.flatline.de/
        PGP ¸Þ½ÃÁö¸¦ ´Ù·ç±â À§ÇÑ Pine ÇÊÅÍ

MagicPGP http://www.physto.se/~p99jlu/MagicPGP.html
        GnuPG¿Í Pine¿¡ ¾²ÀÌ´Â ¶Ç´Ù¸¥ ½ºÅ©¸³Æ®

PinePGP http://www.megaloman.com/~hany/software/pinepgp/
        ¿ª½Ã GnuPG¿¡ ¾²ÀÌ´Â Pine ÇÊÅÍ

´õ ¸¹Àº Á¤º¸

http://www.gnupg.org/docs.html

¸ÎÀ½

º¸¾È¿¡ ½Å°æÀÌ ¾²ÀÎ´Ù¸é ¹Ýµå½Ã GnuPG¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù. GnuPG´Â ÈǸ¢ÇÑ ¿ÀÇÂ-¼Ò½º ÇÁ·Î±×·¥ °¡¿îµ¥ Çϳª·Î ¿©·¯ºÐÀÇ º¸¾È µ¥ÀÌÅ͸¦ ¾ÏȣȭÇÏ°í Çص¶ÇÏ´Â ¸ðµç ±â´ÉÀ» °¡Áö°í ÀÖÀ¸¸ç GNU General Public License¸¦ µû¸£¹Ç·Î ¾î¶² Á¦Çѵµ ¾øÀÌ »ç¿ëÇÒ ¼ö ÀÖ´Ù. GnuPG´Â ¸ÞÀÏ ¸Þ½ÃÁö³ª ÆÄÀÏ, ȤÀº º¸¾ÈÀÌ ÇÊ¿äÇÑ ¹®¼­µéÀ» ¾ÏȣȭÇÏ´Â µ¥ »ç¿ëÇÒ ¼ö ÀÖ´Ù. ¶Ç, Áß¿äÇÑ ¹®¼­¿Í ÀÚ·áµéÀ» ³×Æ®¿öÅ©·Î Àü¼ÛÇÒ ¶§¿¡µµ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

[ÁÖÀÇ: ¹öÀü 1.0.4 ÀÌÀüÀÇ GnuPG¿¡´Â ¼­¸í Á¡°Ë°ú °ü·ÃµÈ º¸¾È¹ö±×°¡ ÀÖ´Ù.
 ÆÐÄ¡ ÆÄÀÏÀº ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.security-patch1.diff]

¡ã top