GnuPG ¸®´ª½º¿¡¼­ ¾ÈÀüÇÏ°Ô Åë½ÅÇϱâ

[æ»: À±ºÀȯ, el@linuxlab.co.kr]
¿ø¹® : By Kapil Sharma

 

     

°³¿ä

    GnuPG´Â Åë½Å»ó¿¡¼­ ȤÀº µ¥ÀÌÅ͸¦ ÀúÀåÇÒ ¶§ º¸¾ÈÀ» ÁöÅ°´Â µµ±¸ÀÌ´Ù. GnuPG´Â µ¥ÀÌÅ͸¦ ¾ÏȣȭÇÏ°í ÀüÀÚ ¼­¸íÀ» ¸¸µé ¼ö ÀÖÀ¸¸ç ¾Ïȣȭ µµ±¸·Î À¯¸íÇÑ PGP¸¦ ¿Ïº®ÇÏ°Ô ´ë½ÅÇÒ ¼ö ÀÖ´Ù. ÇÏÁö¸¸, IDEA ¾Ë°í¸®µëÀ» ÀüÇô ÀÌ¿ëÇÏÁö ¾ÊÀ¸¹Ç·Î ¾Æ¹«·± Á¦ÇÑ ¾øÀÌ ¾µ ¼ö ÀÖ´Ù.

    GnuPG´Â °ø°³Å° ¹æ½ÄÀÇ ¾Ïȣȭ ±â¹ýÀ» »ç¿ëÇϹǷΠ´õ¿í ¾ÈÀüÇÏ°Ô Åë½ÅÇÒ ¼ö ÀÖ´Ù. °ø°³Å° ½Ã½ºÅÛ¿¡¼­´Â »ç¿ëÀÚ¸¶´Ù ºñ¹ÐÅ°¿Í(private key) °ø°³Å°¸¦ ½ÖÀ¸·Î °¡Áö°í ÀÖ´Ù. »ç¿ëÀÚÀÇ ºñ¹ÐÅ°´Â ³ëÃâµÇÁö ¾Ê°í ¾ÈÀüÇÏ°Ô º¸°üµÇ¸ç °ø°³Å°´Â »ç¿ëÀÚ¿Í Åë½ÅÇÏ·Á´Â ´Ù¸¥ À̵鿡°Ô ³ª´²ÁÙ °ÍÀÌ´Ù.

 

Features

    ¡¤PGP¸¦ ¿ÏÀüÇÏ°Ô ´ëü
    ¡¤¹èŸÀûÀÎ(ƯÇã) ¾Ë°í¸®µëÀº ÀüÇô »ç¿ëÇÏÁö ¾Ê´Â´Ù.
    ¡¤GPL¿¡ µû¸¥´Ù.
    ¡¤ÇÊÅÍ ÇÁ·Î±×·¥Ã³·³ »ç¿ëÇÒ ¼ö ÀÖ´Ù.
    ¡¤OpenPGP¸¦ ÃæÁ·½ÃŲ´Ù.
    ¡¤PGP³ª º¸¾È¼ºÀÌ °­È­µÈ PGP 2º¸´Ù ³ªÀº ±â´ÉÀ» °¡Áö°í ÀÖ´Ù.
    ¡¤PGP 5.x ¸Þ½ÃÁö¸¦ Ç®°í °ËÁõÇÑ´Ù.
    ¡¤ElGamal (¼­¸í°ú ¾Ïȣȭ), DSA, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1,
       RIPE-MD-160, TIGER µîÀ» Áö¿øÇÑ´Ù.
    ¡¤»õ·Î¿î ¾Ë°í¸®µëÀ» ¸ðµâ ÇüÅ·Π½±°Ô Ãß°¡ÇÒ ¼ö ÀÖ´Ù.
    ¡¤»ç¿ëÀÚ ID´Â Ç¥ÁØ Çü½ÄÀ» µû¸£µµ·Ï ¸¸µç´Ù.
    ¡¤Å°¿Í ¼­¸íÀÇ ¸¸·á ±â°£À» Á¤ÇÒ ¼ö ÀÖ´Ù.
    ¡¤English, Danish, Dutch, Esperanto, French, German, Japanese, Italian, Polish,
       Portuguese (Brazilian), Portuguese (Portuguese), Russian, Spanish, Swedish µîÀ»
       Áö¿øÇÑ´Ù.
    ¡¤¿Â¶óÀÎ µµ¿ò¸» ½Ã½ºÅÛ.
    ¡¤ÀÍ¸í ¸Þ½ÃÁö ¼ö½ÅÀÚµéÀ» ¼±ÅÃÇÒ ¼öµµ ÀÖ´Ù.
    ¡¤HKP Å°¼­¹ö¸¦ ¿Ïº®ÇÏ°Ô Áö¿øÇÑ´Ù.(wwwkeys.pgp.net).
    ¡¤±×·¡ÇÈ À¯Àú ÀÎÅÍÆäÀ̽º¸¦ °¡Áø ÇÁ·ÐÆ® ¿£µå ÇÁ·Î±×·¥(GUI frontend)µéÀÌ ¸¹ÀÌ ÀÖ´Ù.
       GnuPG¿Í °ü·ÃµÈ ¼ÒÇÁÆ®¿þ¾îµéÀº http://www.gnupg.org/download.html¿¡¼­ ¸ðµÎ
       Ã£À» ¼ö ÀÖ´Ù.

 

¼³Ä¡

    gnupg ¼Ò½º ÆÄÀÏÀ» ./usr/local/ µð·ºÅ丮³ª ¼³Ä¡ÇÏ·Á´Â µð·ºÅ丮·Î ¿Å°Ü°£´Ù.(cd ¸í·É)
     [root@dragon local]# tar xvzf gnupg-1.0.4.tar.gz
     [root@dragon local]# cd gnupg-1.0.4
     [root@dragon gnupg-1.0.4]# ./configure
     [root@dragon gnupg-1.0.4]# make
    make ¸í·ÉÀº Makefile ¼Ó¿¡ Á¤ÇØÁø ±ÔÄ¢¿¡ µû¶ó ¼Ò½ºÆÄÀÏÀ» ÄÄÆÄÀÏÇؼ­ ½ÇÇàÇÒ ¼ö ÀÖ´Â
    ¹ÙÀ̳ʸ® ÇüÅ·Π¸¸µç´Ù.

     [root@dragon gnupg-1.0.4]# make check
    ÆÐÅ°Áö¿¡ µé¾î ÀÖ´Â µµ±¸µé·Î ÀÚ°¡-Áø´ÜÀ» ½ÇÇàÇÑ´Ù.

     [root@dragon gnupg-1.0.4]# make install
    ¹ÙÀ̳ʸ®¿Í ±× ¹Û¿¡ ÇÊ¿äÇÑ ÆÄÀϵéÀ» ÁöÁ¤µÈ À§Ä¡¿¡ ¼³Ä¡ÇÑ´Ù.

     [root@dragon gnupg-1.0.4]# strip /usr/bin/gpg
    "strip" ¸í·ÉÀº gpg ¹ÙÀ̳ʸ® ÆÄÀÏÀÇ Å©±â¸¦ ÁÙ¿© ¼Óµµ¸¦ Çâ»ó½ÃŲ´Ù.

 

Common Commands

     

    1: »õ·Î¿î Å° ½Ö ¸¸µé±â

    ¸ÕÀú »õ·Î¿î Å°-½ÖÀ»(°ø°³Å°¿Í ºñ¹ÐÅ°) ¸¸µé¾î¾ß ÇÑ´Ù. ¸í·ÉÇà ¿É¼Ç --gen-key´Â »õ·Î¿î Å° ½ÖÀ» ¸¸µç´Ù.

    Step 1
    gpg¸¦ óÀ½ ½ÃÀÛÇϸé ÇÊ¿äÇÑ µð·ºÅ丮°¡ ¸¸µé¾îÁø´Ù:
     

    [root@dragon /]# gpg --gen-key
    gpg (GnuPG) 1.0.2; Copyright (C) 2000 Free Software Foundation, Inc.
    This program comes with ABSOLUTELY NO WARRANTY.
    This is free software, and you are welcome to redistribute it
    under certain conditions. See the file COPYING for details.

    gpg: /root/.gnupg: directory created
    gpg: /root/.gnupg/options: new options file created
    gpg: you have to start GnuPG again, so it can read the new options file

 

    Step 2
    ¾Æ·¡ ¸í·ÉÀ¸·Î GnuPG¸¦ ´Ù½Ã ½ÃÀÛÇÑ´Ù:
     

    [root@dragon /]# gpg --gen-key
    gpg (GnuPG) 1.0.2; Copyright (C) 2000 Free Software Foundation, Inc.
    This program comes with ABSOLUTELY NO WARRANTY.
    This is free software, and you are welcome to redistribute it
    under certain conditions. See the file COPYING for details.

    gpg:/root/.gnupg/secring.gpg: keyring created
    gpg: /root/.gnupg/pubring.gpg: keyring created
    Please select what kind of key you want:
       (1) DSA and ElGamal (default)
       (2) DSA (sign only)
       (4) ElGamal (sign and encrypt)
    Your selection?  1
    DSA keypair will have 1024 bits.
    About to generate a new ELG-E keypair.
                  minimum keysize is  768 bits
                  default keysize is 1024 bits
        highest suggested keysize is 2048 bits
    What keysize do you want? (1024) 2048
    Do you really need such a large keysize? y
    Requested keysize is 2048 bits
    Please specify how long the key should be valid.
             0 = key does not expire
          <n>   = key expires in n days
          <n> w = key expires in n weeks
          <n> m = key expires in n months
          <n> y = key expires in n years
    Key is valid for? (0) 0
    Key does not expire at all
    Is this correct (y/n)? y

    You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: Real name: Kapil sharma
    Email address: kapil@linux4biz.net
    Comment: Unix/Linux consultant
    You selected this USER-ID:
        "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "

    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
    You need a Passphrase to protect your secret key.

    Enter passphrase: [enter a passphrase]
    Repeat passphrase: [Repeat passphrase]

    We need to generate a lot of random bytes. It is a good idea to perform
    some other action (type on the keyboard, move the mouse, utilize the
    disks) during the prime generation; this gives the random number
    generator a better chance to gain enough entropy. ++++++++++.+++++^^^
    public and secret key created and signed.

 

    Å° ½ÖÀ» ¸¸µé¾î ³»´Â µ¿¾È GnuPG°¡ ¹°¾îº¸´Â ´Ù¾çÇÑ Áú¹®µé¿¡ ´ëÇØ ¾Ë¾Æº¸ÀÚ.
     

    Please select what kind of key you want:
    (1) DSA and ElGamal (default)
    (2) DSA (sign only)
    (4) ElGamal (sign and encrypt)
    Your selection?

 

    GnuPG´Â Á¾·ù°¡ ´Ù¸¥ Å° ½ÖÀ» ¸¸µé¾î ³¾ ¼ö ÀÖ´Ù. ¿©±â¿¡´Â ¼¼ °¡Áö ¿É¼ÇÀÌ ÀÖ´Ù.

    DSA Å° ½ÖÀº ¼­¸íÀ» ¸¸µé ¶§¿¡¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Â 1Â÷ Å° ½ÖÀÌ´Ù. ElGamal ÇÏÀ§ Å° ½ÖÀº ¾ÏȣȭÇϴµ¥ ¾²ÀδÙ. µÎ ¹ø° ¿É¼ÇÀº ù ¹ø° ¿É¼Ç°ú ºñ½ÁÇÏÁö¸¸ ¿ÀÁ÷ DSA Å° ½Ö¸¸ »ý¼ºÇÑ´Ù. ¿É¼Ç 4[1]Àº ¼­¸í°ú ¾Ïȣȭ¿¡ ¸ðµÎ »ç¿ëÇÒ ElGamal Å° ½Ö ÇÑ°¡Áö¸¦ ¸¸µç´Ù. ´ë°³ ±âº» ¿É¼ÇÀ» »ç¿ëÇϸé ÁÁ´Ù.

    ÀÌÁ¦´Â Å° Å©±â¸¦ °ñ¶ó¾ß ÇÑ´Ù. DSA Å° Å©±â´Â ¹Ýµå½Ã 512¿¡¼­ 1024 ºñÆ® »çÀÌ¿©¾ß Çϸç, ElGamal Å°´Â ¾î¶² Å©±â¶óµµ »ó°ü¾ø´Ù.
     

    About to generate a new ELG-E keypair.
    minimum keysize is  768 bits
    default keysize is 1024 bits
    highest suggested keysize is 2048 bits
    What keysize do you want? (1024)

 

    ±ä Å°¸¦ ¼±ÅÃÇϸé ÁÁÀº Á¡°ú ³ª»Û Á¡ÀÌ Àִµ¥:

     ÁÁÀºÁ¡ : 1) ±ä Å°´Â ¹«½ÄÇÑ °ø°Ý¿¡ ´ëÇØ º¸´Ù ¾ÈÀüÇÏ´Ù.
     ´Ü   Á¡ : 1) ¾ÏȣȭÇϰųª ±× °ÍÀ» Ç®¾î³¾ ¶§ Å° Å©±â°¡ Å©¸é Ŭ¼ö·Ï ¿À·¡ °É¸°´Ù .
                 2) ±ä Å°´Â ¼­¸í ±æÀÌ¿¡µµ ¿µÇâÀ» ÁØ´Ù.

    ±âº» Å° Å©±â´Â °ÅÀÇ ¸ðµç °æ¿ì¿¡ Àû´çÇϸç Å° Å©±â¸¦ ¼±ÅÃÇÑ ´ÙÀ½¿¡´Â °áÄÚ ¹Ù²îÁö ¾Ê°Ô ÇÒ ¼ö ÀÖ´Ù. ¸¶Áö¸·À¸·Î ¸¸·á±â°£À» °ñ¶ó¾ß ÇÑ´Ù. ¿É¼Ç 1À» ¼±ÅÃÇß´Ù¸é ¸¸·á±â°£Àº ElGamal°ú DSA Å° ½Ö ¸ðµÎ¿¡ Àû¿ëµÈ´Ù.
     

    Please specify how long the key should be valid
    0 = key does not expire   = key expires in n days
    <n> w = key expires in n weeks
    <n> m = key expires in n months
    <n> y = key expires in n years
    Key is valid for? (0)

 

    ´ëºÎºÐ »ç¿ëÀڵ鿡°Ô ¸¸·á ±â°£À» Á¤ÇØ µÎ´Â °ÍÀº ¾î¿ï¸®Áö ¾Ê´Â´Ù. Å°°¡ ¸¸µé¾îÁø ´ÙÀ½¿¡µµ ±â°£À» ¹Ù²Ü ¼ö ÀÖÁö¸¸ ¿©·¯ºÐÀÇ °ø°³Å°¸¦ °¡Áö°í ÀÖ´Â ´Ù¸¥ »ç¿ëÀڵ鿡°Ô ¹Ù²ï °ÍÀ» ¾Ë¸®±â ¾î·Á¿ï ¼ö ÀÖÀ¸¹Ç·Î ¸¸·á ±â°£Àº Á¶½É½º·´°Ô ¼±ÅÃÇØ¾ß ÇÑ´Ù.

    ¿©·¯ºÐÀº ¹Ýµå½Ã Å° Æз¯¹ÌÅÍ¿¡ »ç¿ëÀÚ ID¸¦ ³Ö¾î¾ß ÇÑ´Ù. »ç¿ëÀÚ ID´Â Å°°¡ ¸¸µé¾îÁö´Â µ¿¾È ½ÇÁ¦ »ç¶÷°ú ¿¬°ü½Ãų ¶§ »ç¿ëµÈ´Ù.
     

    You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form:
    "Kapil Sharma (Linux consultant) <kapil@linux4biz.net> "
    Real name: Enter you name here
    Email address: Enter you email address
    Comment: Enter any comment here

 

    GnuPG´Â ¿©·¯ºÐÀÌ ¼ÒÀ¯ÇÑ ÁÖ Å°¿Í ÇÏÀ§ Å°¸¦ º¸È£Çϱâ À§ÇØ ºñ¹Ð¹®±¸(passphrase)¸¦ ¿ä±¸ÇÑ´Ù.
     

    You need a Passphrase to protect your secret key.

    Enter passphrase:

 

    ºñ¹Ð¹®±¸(ÝúÚËÙþÏ£) ±æÀÌ¿¡´Â Á¦ÇÑÀÌ ¾ø´Ù. º¸¾ÈÀû °üÁ¡¿¡¼­ ºñ¹ÐÅ°¸¦ ÇØÁ¦Çϱâ À§ÇÑ passphrase´Â GnuPGÀÇ Ãë¾àÁ¡ °¡¿îµ¥ ÇϳªÀ̹ǷÎ(±×¸®°í ´Ù¸¥ °ø°³Å° ¾Ïȣȭ ½Ã½ºÅÛ¿¡¼­µµ) ±¸¹®À» ¸Å¿ì Á¶½É½º·´°Ô ¼±ÅÃÇØ¾ß ÇÑ´Ù .ÀÌ»óÀûÀÎ ºñ¹Ð¹®±¸´Â »çÀü¿¡ ³ª¿ÍÀÖ´Â ´Ü¾î¸¦ »ç¿ëÇÏÁö ¾Ê°í ¾ËÆĺª ¹®ÀÚ¿Í ¾ËÆĺªÀÌ ¾Æ´Ñ ¹®ÀÚµéÀ» Á¶ÇÕÇÑ ¹®ÀÚ¿­ÀÌ´Ù. ÁÁÀº ºñ¹Ð¹®±¸´Â GnuPG ÀÚ½ÅÀÇ º¸¾È¿¡ ¸Å¿ì Áß¿äÇÏ´Ù.

     

    2: ÀÎÁõ ÆóÁö Áõ¸í

    ¿©·¯ºÐÀÌ »ç¿ëÇÒ Å° ½ÖÀÌ ¸¸µé¾îÁø ´ÙÀ½¿¡´Â ¹Ù·Î "--gen-revoke" ¿É¼ÇÀ» µ¡ºÙ¿©¼­ ÁÖ °ø°³Å°¿¡¼­ »ç¿ëÇÒ ÆóÁö Áõ¸íÀ» ¸¸µé¾î¾ß ÇÑ´Ù. ¿©·¯ºÐÀÌ ¼³Á¤ÇÑ ºñ¹Ð¹®±¸¸¦ Àؾú°Å³ª ¿©·¯ºÐÀÇ ºñ¹ÐÅ°°¡ ÈѼյǰųª ÀÒ¾î¹ö·ÈÀ» ¶§ ÆóÁö Áõ¸íÀº ¿©·¯ºÐÀÌ ³ª´²ÁØ °ø°³Å°°¡ ´õ ÀÌ»ó ¾µ¸ð ¾ø´Ù´Â °ÍÀ» ´Ù¸¥ À̵鿡°Ô ¾Ë¸®´Â µ¥ ¾²ÀδÙ.
     

    [root@dragon /]# gpg --output revoke.asc --gen-revoke mykey

 

    mykey¿¡´Â ¿©·¯ºÐÀÌ ¾Õ¼­ ¸¸µç ÁÖ Å° ½ÖÀÇ Å° ID¸¦ ³Ö°Å³ª, Å° ½ÖÀ» ½Äº°Çϱâ À§ÇØ ³ÖÀº »ç¿ëÀÚ ID ÀϺθ¦ ³Ö´Â´Ù. »ý¼ºµÈ Áõ¸íÀº revoke.asc¶ó´Â À̸§À» °¡Áø ÆÄÀÏ¿¡ ÀúÀåµÈ´Ù. ÆóÁöÁõ¸íÀº ´Ù¸¥ À̵éÀÌ Á¢±ÙÇÒ ¼ö ÀÖ´Â µð·ºÅ丮¿¡ µÎÁö ¾Ê´Â´Ù. ¾Æ¹«³ª ÀÌ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Ù¸é ´©±¸³ª ÆóÁö Áõ¸íÀ» ÃâÆÇÇÒ ¼ö ÀÖÀ» °ÍÀÌ°í ÀÏÄ¡ÇÏ´Â °ø°³Å°¸¦ ÃßÃâÇØ ³¾ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù.
     

    root@alive /root [18] # gpg --output revoke.asc --gen-revoke el

    sec  1024D/C8D2B7E5 2000-12-07   electuz (Linux Consultant) <el@linuxlab.co.kr>

    Create a revocation certificate for this key? y

    You need a passphrase to unlock the secret key for user: "electuz (Linux Consultant) <el@linuxlab.co.kr>"
    1024-bit DSA key, ID C8D2B7E5, created 2000-12-07

    ASCII armored output forced.
    Revocation certificate created.

    Please move it to a medium which you can hide away; if Mallory gets
    access to this certificate he can use it to make your key unusable.
    It is smart to print this certificate and store it away, just in case your media
    become unreadable.  But have some caution:  The print system of
    your machine might store the data and make it available to others!


     

    3: Å° ¸ñ·Ï

    ¿©·¯ºÐÀÇ °ø°³Å°¸¦ ¸ñ·ÏÀ¸·Î ¸¸µé¾î °í¸®¿¡ °É¾î µÎ·Á¸é ¸í·ÉÇà¿¡¼­ --list-keys ¿É¼ÇÀ» »ç¿ëÇÑ´Ù.
     

    [root@dragon /]#  gpg --list-keys
    /root/.gnupg/pubring.gpg
    ------------------------
    pub  1024D/020C9884 2000-11-09 Kapil Sharma (Unix/Linux consultant)
    <kapil@linux4biz.net>
    sub  2048g/555286CA 2000-11-09


     

    4: °ø°³Å° ÃßÃâÇϱâ

    ¿©·¯ºÐ ȨÆäÀÌÁö³ª ÀÎÅͳݿ¡ ÀÖ´Â Å° ¼­¹ö, ȤÀº ´Ù¸¥ ¹æ¹ýµéÀ» ÀÌ¿ëÇؼ­ °ø°³Å°¸¦ ¹èÆ÷ÇÒ ¼ö ÀÖ´Ù. ¿©·¯ºÐ¿¡°Ô ÆíÁö¸¦ º¸³¾ »ç¶÷¿¡°Ô °ø°³Å°¸¦ º¸³»±â Àü¿¡ ¸ÕÀú ÃßÃâÇØ¾ß ÇÑ´Ù. ¸í·ÉÇà¿¡¼­ --export ¿É¼ÇÀ» »ç¿ëÇÑ´Ù. ÃßÃâÇÏ·Á´Â °ø°³Å°¸¦ ÁöÁ¤ÇÏ´Â ¿É¼ÇÀ» µ¡ºÙÀδÙ.

    ¹ÙÀ̳ʸ® Æ÷¸ËÀ¸·Î °ø°³Å°¸¦ ÃßÃâÇÏ·Á¸é ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
     

    [root@dragon /]# gpg --output kapil.gpg --export kapil@linux4biz.net

 

    ASCII ¹®ÀÚµé·Î ¹Ù²Ù¾î °ø°³Å°¸¦ ÃßÃâÇÒ ¶§¿¡´Â ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
     

    [root@dragon /]# gpg  --export-armor > kapil-key.asc

 

    "--export"´Â ¾ÏȣȭµÈ °ø°³Å° ¿­¼è°í¸® ÆÄÀÏ¿¡¼­ °ø°³Å°¸¦ »Ì¾Æ³½´Ù. "-armor"´Â(¿ªÀÚ°¡ Å×½ºÆ®ÇÑ 1.0.4 ¹öÀü¿¡¼­´Â --export -a ¶Ç´Â --export --armor ¿É¼ÇÀ» »ç¿ëÇÑ´Ù) ÀüÀÚ¿ìÆíÀ̳ª À¥ ÆäÀÌÁö¸¦ ÅëÇØ °ø°³Å°¸¦ ¹èÆ÷ÇÒ ¼ö ÀÖµµ·Ï ASCII ¹®ÀÚµé·Î ±¸¼ºµÈ Ãâ·Â¹°À» »ý¼ºÇϸç "> kapil-key.asc"´Â Ãâ·ÂµÈ °á°ú¸¦ ÆÄÀÏ·Î ÀúÀåÇÑ´Ù.

    ASCII ¹®ÀÚµé·Î ±¸¼ºµÈ Ãâ·Â¹°À» ±×Àú È­¸é»óÀ¸·Î º¸±â¸¸ ÇÑ´Ù¸é ´ÙÀ½ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
     

    [root@dragon /]# gpg  --export-armor
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.0.2 (GNU/Linux)
    Comment: For info see http://www.gnupg.org
    [...]
    -----END PGP PUBLIC KEY BLOCK-----


 

    5: °ø°³Å° °¡Á®¿À±â

    ¿©·¯ºÐÀÇ Å° ½ÖÀÌ ¸¸µé¾îÁ³À¸¸é, ±× °ÍÀ» °ø°³ ¿­¼è°í¸®(public keyring) µ¥ÀÌÅͺ£À̽º¿¡ ³ÖÀ» ¼ö ÀÖ´Ù. ¹ÏÀ» ¼ö ÀÖ´Â »ó´ë°¡ º¸³»´Â ¸ðµç Å°µéÀ» °ø°³ ¿­¼è°í¸®¿¡ °É¾î µÎ°í ÇÊ¿ä¿¡ µû¶ó ¾Ïȣȭ¿Í ÀÎÁõ Åë½Å¿¡ »ç¿ëÇÒ ¼ö ÀÖ´Ù. °ø°³Å°´Â --import ¿É¼ÇÀ» ÀÌ¿ëÇؼ­ ¿©·¯ºÐÀÇ °ø°³ ¿­¼è°í¸®¿¡ º¸ÅÄ´Ù.
     

    [root@dragon /]# gpg --import <filename>

 

    "filename"Àº ¹èÆ÷ÇÏ´Â °ø°³Å° À̸§ÀÌ´Ù. ¿¹¸¦ µé¾î:
     

    [root@dragon /]# gpg --import mandrake.asc
    gpg: key :9B4A4024: public key imported
    gpg: /root/.gnupg/trustdb.gpg: trustdb created
    gpg: Total number processed: 1
    gpg:                     imported: 1

 

    À§ ¿¹¹®Àº ¸Çµå·¹ÀÌÅ© ¸®´ª½º ȸ»ç¿¡¼­ ¹èÆ÷ÇÏ´Â °ø°³Å° ÆÄÀÏ "mandrake.asc"¸¦ ÀÎÅÍ³Ý »çÀÌÆ®·ÎºÎÅÍ °¡Á®¿Í¼­ ¿ì¸® ¿­¼è°í¸®¿¡ ´õÇÑ´Ù.

     

    6: Å° ºñÁØÇϱâ

    Å°¸¦ °¡Á®¿ÔÀ¸¸é ¸ÕÀú ºñÁØ(Ýëñ×)°úÁ¤À» °ÅÃÄ¾ß ÇÑ´Ù. Å°´Â ÇΰÅÇÁ¸°Æ®(fingerprint)¸¦ °Ë»çÇؼ­ ºñÁØÇÏ°í °Ë»çÇÑ Å°°¡ À¯È¿ÇÑ Å°ÀÓÀ» Áõ¸íÇϱâ À§ÇØ ¼­¸íÇÑ´Ù. Å° ÇΰÅÇÁ¸°Æ®´Â --fingerprint ¿É¼ÇÀ» ÀÌ¿ëÇØ ½±°Ô º¼ ¼ö ÀÖ´Ù.
     

    [root@dragon /]# gpg --fingerprint <UID>

 

    UID´Â °ø°³Å° ¹èÆ÷ÀÚÀÇ À̸§ °¡¿îµ¥ ÀϺÎÀÌ´Ù. ¿¹¸¦ µé¾î:
     

    [root@dragon /]# gpg --fingerprint mandrake
    pub  1024D/9B4A4024 2000-01-06 MandrakeSoft (MandrakeSoft official         keys) <mandrake@mandrakesoft.com>
            Key fingerprint = 63A2 8CBD A7A8 387E 1A53  2C1E 59E7 0DEE 9B4A         4024
    sub  1024g/686FF394 2000-01-06

     

    À§ ¿¹¹®¿¡¼­ ¸Çµå·¹ÀÌÅ© ÇΰÅÇÁ¸°Æ®¸¦ °Ë»çÇß´Ù. --fingerprint ¿É¼ÇÀ» ÀÌ¿ëÇØ ÃßÃâÇÑ Å° ÇΰÅÇÁ¸°Æ®´Â Å°¸¦ ¹èÆ÷ÇÑ ¿ø·¡ ¼ÒÀ¯ÀÚ¸¦ ÅëÇØ È®ÀÎÇÑ´Ù. ±× »ç¶÷¿¡°Ô Á÷Á¢ ¹¯°Å³ª ÀüÈ­³ª ȤÀº º¸ÁõÇÒ ¼ö ÀÖ´Â ´Ù¸¥ ¹æ¹ýÀ» ÅëÇØ ÁøÂ¥ ¼ÒÀ¯ÀÚ¿¡°Ô ¿¬¶ôÇؼ­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¿©·¯ºÐÀÌ --fingerprint ¿É¼ÇÀ» ÀÌ¿ëÇØ ¾Ë¾Æ³½ ÇΰÅÇÁ¸°Æ®°¡ ¿ø·¡ ¼ÒÀ¯ÀÚÀÇ °Í°ú ÀÏÄ¡ÇÑ´Ù¸é ÁøÂ¥ Å°¸¦ °¡Áö°Ô µÈ °ÍÀÌ´Ù.

     

    7: Å° ¼­¸íÇϱâ

    Å°¸¦ °¡Á®¿Í¼­ ¿©·¯ºÐÀÇ °ø°³Å° µ¥ÀÌÅͺ£À̽º¿¡ ³Ö°í È®ÀÎÇÑ ´ÙÀ½¿¡´Â ¿©·¯ºÐÀÇ ¼­¸íÀ» µ¡ºÙÀÏ ¼ö ÀÖ´Ù. Å°¿¡ ¼­¸íÀ» µ¡ºÙÀÌ´Â °ÍÀº ¿©·¯ºÐÀÌ ±× Å°ÀÇ ÁÖÀÎÀ» ¾Ë°í ÀÖÀ¸¸ç ¹ÏÀ» ¸¸ ÇÏ´Ù´Â °ÍÀ» º¸ÁõÇÏ´Â ¼ÀÀÌ´Ù. ±×·¯¹Ç·Î, 100% ½Å·ÚÇÒ ¼ö ÀÖÀ» ¶§¿¡¸¸ ¼­¸íÇØ¾ß ÇÑ´Ù.

    ¿©·¯ºÐÀÌ À§¿¡¼­ ¿­¼è°í¸®¿¡ µ¡ºÙÀÎ Mandrakeȸ»çÀÇ Å°¿¡ ¼­¸íÇÏ·Á¸é ´ÙÀ½ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
     

    [root@dragon /]# gpg --sign-key <UID>

 

    ¿¹¸¦ µé¾î:
     

    [root@dragon /]# gpg --sign-key mandrake
    pub  1024D/9B4A4024  created: 2000-01-06 expires: never      trust: -/q
    sub  1024g/686FF394  created: 2000-01-06 expires: never
    (1)    MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>

    pub  1024D/9B4A4024  created: 2000-01-06 expires: never      trust: -/q
                 Fingerprint: 63A2 8CBD A7A8 387E 1A53  2C1E 59E7 0DEE 9B4A 4024

            MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>

    Are you really sure that you want to sign this key
    with your key: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
    Really sign? y
    You need a passphrase to unlock the secret key for
    user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
    1024-bit DSA key, ID 020C9884, created 2000-11-09

    Enter passphrase: [Enter passphrase]


 

    8: ¼­¸í °Ë»çÇϱâ

    ¼­¸íÇÑ ´ÙÀ½¿¡´Â ¿©·¯ºÐÀÇ ¼­¸íÀÌ µ¡ºÙ¿©Á³´ÂÁö ¼­¸í ¸ñ·ÏÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ´Ù¸¥ À̵鵵 Å°¸¦ º¸ÁõÇÏ´Â ¼­¸íÀ» ÇÑ´Ù¸é »ç¿ëÀÚ ID¸¶´Ù Çϳª ÀÌ»óÀÇ ÀÚ°¡-¼­¸í(self-signatures)ÀÌ ÀÖÀ» °ÍÀÌ´Ù. "--check-sigs" ¿É¼ÇÀ¸·Î ¼­¸íÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù:

    ¿¹¸¦ µé¾î:
     

    [root@dragon /]# gpg --check-sigs mandrake
    pub   1024D/9B4A4024 2000-01-06 MandrakeSoft (MandrakeSoft official
             keys) <mandrake@mandrakesoft.com>
    sig!    9B4A4024 2000-01-06  MandrakeSoft (MandrakeSoft official keys)
             <mandrake@mandrakesoft.com>
    sig!    020C9884 2000-11-09  Kapil Sharma (Unix/Linux consultant)
             <kapil@linux4biz.net>
    sub    1024g/686FF394 2000-01-06
    sig!    9B4A4024 2000-01-06  MandrakeSoft (MandrakeSoft official keys)
             <mandrake@mandrakesoft.com>


 

    9: ¾ÏȣȭÇϱâ¿Í Çص¶Çϱâ

    ¹®¼­¸¦ ¾ÏȣȭÇϰųª Çص¶Çϱâ´Â ¸Å¿ì °£´ÜÇÏ´Ù.

    mandrake¿¡°Ô º¸³¾ ¸Þ½ÃÁö¸¦ ¾ÏȣȭÇÏ·Á ÇÑ´Ù¸é mandrake°¡ ¹èÆ÷ÇÏ´Â °ø°³Å°¸¦ ÀÌ¿ëÇØ ¾ÏȣȭÇؼ­ ¸Þ½ÃÁö¸¦ º¸³½´Ù. ÀÌ ¸Þ½ÃÁö´Â ¿ÀÁ÷ mandrake°¡ °¡Áö°í ÀÖ´Â ºñ¹ÐÅ°¸¦ ÅëÇؼ­¸¸ Çص¶ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ¸¸¾à mandrake°¡ ¿©·¯ºÐ¿¡°Ô ¸Þ½ÃÁö¸¦ º¸³»·Á ÇÑ´Ù¸é ¿©·¯ºÐÀÌ ¹èÆ÷ÇÑ °ø°³Å°¸¦ ÀÌ¿ëÇؼ­ ¾ÏȣȭÇØ¾ß ÇÑ´Ù. ¹°·Ð, ¿©·¯ºÐÀÌ °¡Áø ºñ¹ÐÅ°¸¸ÀÌ ±× ¸Þ½ÃÁö¸¦ Çص¶ÇÒ ¼ö ÀÖ´Ù.

    ¿ì¸® ¿­¼è°í¸®¿¡ ÀÖ´Â °ø°³Å°¸¦ ÀÌ¿ëÇØ ¸Çµå·¹ÀÌÅ©¿¡°Ô º¸³¾ ÀڷḦ ¾Ïȣȭ/¼­¸íÇϱâ À§Çؼ­´Â ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù(´ç¿¬È÷ ÆíÁö ¹ÞÀ» ÀÌ°¡ ¹èÆ÷ÇÑ °ø°³Å°¸¦ ¹Ì¸® °¡Áö°í ÀÖ¾î¾ß ÇÑ´Ù):
     

    [root@dragon /]# gpg  -sear <UID of the public key> <file>

 

    ¿¹¸¦ µé¾î:
     

    [root@dragon /]# gpg -sear Mandrake document.txt
    You need a passphrase to unlock the secret key for
    user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
    1024-bit DSA key, ID 020C9884, created 2000-11-09

    Enter passphrase: [Enter passphrase]

 

    ¿É¼Ç¿¡ ¾²ÀÎ "s"´Â ¼­¸íÇϱâ, "e"´Â ¾ÏȣȭÇϱâ, "a"´Â ¾ÏȣȭµÈ ASCII Çü½ÄÀ¸·Î(".asc"´Â ÀüÀÚ¿ìÆíÀ» ÅëÇØ º¸³»±â À§Çؼ­ÀÌ´Ù), "r"Àº ¾Ïȣȭ¿¡ »ç¿ëÇÒ »ç¿ëÀÚ ID À̸§, <file>Àº ¾ÏȣȭÇÏ·Á´Â ÀÚ·áÀÌ´Ù:

    ¸Þ½ÃÁö¸¦ Çص¶ÇÒ ¶§¿¡´Â -d ¿É¼ÇÀ» »ç¿ëÇÑ´Ù:
     

    [root@dragon /]# gpg  -d <file>

 

    ¿¹¸¦ µé¾î:
     

    [root@dragon /]# gpg -d documentforkapil.asc
    You need a passphrase to unlock the secret key for
    user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
    1024-bit DSA key, ID 020C9884, created 2000-11-09
    Enter passphrase: [Enter passphrase]

 

    "-d" ¿É¼ÇÀº ¿©·¯ºÐÀÌ ¹ÞÀº ¾ÏȣȭµÈ ÀÚ·á <file>À» Çص¶ÇÑ´Ù. [ÁÖÀÇ: ¸Þ½ÃÁö/ÀڷḦ º¸³½ »ç¶÷ÀÇ °ø°³Å°°¡ ¿©·¯ºÐÀÇ ¿­¼è°í¸®¿¡ ¹Ýµå½Ã µé¾î ÀÖ¾î¾ß ÇÑ´Ù]

     

    10: ¼­¸í °Ë»çÇϱâ

    ¿©·¯ºÐÀÇ °ø°³Å°¸¦ ÃßÃâÇؼ­ ¹èÆ÷ÇÑ ´ÙÀ½¿¡´Â, ´ç½ÅÀÌ ¾ÏȣȭµÈ ¸Þ½ÃÁö¸¦ º¸³»´õ¶óµµ, ¸Þ½ÃÁö¸¦ ¹ÞÀº ´Ù¸¥ À̵éÀÌ ±× ¸Þ½ÃÁö¿¡ ´ç½ÅÀÇ ¼­¸íÀÌ ÀÖ´ÂÁö GnuPG --verify ¿É¼ÇÀ» ÀÌ¿ëÇØ ¾Ë¾Æº¼ ¼ö ÀÖ´Ù.
    ¾ÏȣȭµÈ µ¥ÀÌÅÍ¿¡¼­ ¼­¸íÀ» °Ë»çÇÏ·Á¸é ¾Æ·¡ ¸í·ÉÀ» »ç¿ëÇÑ´Ù:
     

    [root@dragon /]#  gpg --verify <Data>

 

    "--verify" ¿É¼ÇÀº ¼­¸íÀ» Á¡°ËÇÏ´Â ¿É¼ÇÀÌ°í, Á¡°ËÇÏ·Á´Â ¾ÏȣȭµÈ ÀÚ·á/ÆÄÀÏÀº "<Data>" ÀÚ¸®¿¡ ½á³Ö´Â´Ù.

    ¿¹¸¦ µé¾î:
     

    el@alive el [10] $ gpg --verify hello
    gpg: Signature made 2000³â 12¿ù 12ÀÏ È­¿äÀÏ ¿ÀÀü  9½Ã 42ºÐ 42ÃÊ KST
            using DSA key ID C8D2B7E5
    gpg: Good signature from "electuz (Linux Consultant) <el@linuxlab.co.kr>"


 

¸î °¡Áö ¾²ÀÓ»õ

    1: ¸ÞÀÏ ¸Þ½ÃÁö ¾ÏȣȭÇؼ­ º¸³»±â
    2: ÆÄÀÏÀ̳ª ¹®¼­ ¾Ïȣȭ
    3: ³×Æ®¿öÅ©¸¦ ÅëÇØ ÆÄÀÏ°ú Áß¿äÇÑ ¹®¼­µéÀ» ¾ÏȣȭÇؼ­ º¸³»±â

     

GnuPG¿¡ ¾²ÀÌ´Â ¸î °¡Áö ¼ÒÇÁÆ®¿þ¾î¿Í ÇÁ·ÐÆ®¿£µåµé:

    GPA http://www.gnupg.org/gpa.html
            Ç¥ÁØ GnuPG¿¡ ¾²ÀÌ´Â ±×·¡ÇÈ ÇÁ·ÐÆ®¿£µå. ¸Å¿ì ¿¹»Û GUI ÀÎÅÍÆäÀ̽º.

    GnomePGP http://www.geocities.com/SiliconValley/Chip/3708/gpgp/gpgp-intro.html#
            GnuPG¸¦ Á¦¾îÇÏ´Â GNOME µ¥½ºÅ©Å¾ µµ±¸

    Geheimniss http://geheimnis.sourceforge.net/
            GnuPG KDE ÇÁ·ÐÆ®¿£µå

    pgp4pine http://pgp4pine.flatline.de/
            PGP ¸Þ½ÃÁö¸¦ ´Ù·ç±â À§ÇÑ Pine ÇÊÅÍ

    MagicPGP http://www.physto.se/~p99jlu/MagicPGP.html
            GnuPG¿Í Pine¿¡ ¾²ÀÌ´Â ¶Ç´Ù¸¥ ½ºÅ©¸³Æ®

    PinePGP http://www.megaloman.com/~hany/software/pinepgp/
            ¿ª½Ã GnuPG¿¡ ¾²ÀÌ´Â Pine ÇÊÅÍ

 

´õ ¸¹Àº Á¤º¸

    http://www.gnupg.org/docs.html

 

¸ÎÀ½

    º¸¾È¿¡ ½Å°æÀÌ ¾²ÀÎ´Ù¸é ¹Ýµå½Ã GnuPG¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù. GnuPG´Â ÈǸ¢ÇÑ ¿ÀÇÂ-¼Ò½º ÇÁ·Î±×·¥ °¡¿îµ¥ Çϳª·Î ¿©·¯ºÐÀÇ º¸¾È µ¥ÀÌÅ͸¦ ¾ÏȣȭÇÏ°í Çص¶ÇÏ´Â ¸ðµç ±â´ÉÀ» °¡Áö°í ÀÖÀ¸¸ç GNU General Public License¸¦ µû¸£¹Ç·Î ¾î¶² Á¦Çѵµ ¾øÀÌ »ç¿ëÇÒ ¼ö ÀÖ´Ù. GnuPG´Â ¸ÞÀÏ ¸Þ½ÃÁö³ª ÆÄÀÏ, ȤÀº º¸¾ÈÀÌ ÇÊ¿äÇÑ ¹®¼­µéÀ» ¾ÏȣȭÇÏ´Â µ¥ »ç¿ëÇÒ ¼ö ÀÖ´Ù. ¶Ç, Áß¿äÇÑ ¹®¼­¿Í ÀÚ·áµéÀ» ³×Æ®¿öÅ©·Î Àü¼ÛÇÒ ¶§¿¡µµ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

    [ÁÖÀÇ: ¹öÀü 1.0.4 ÀÌÀüÀÇ GnuPG¿¡´Â ¼­¸í Á¡°Ë°ú °ü·ÃµÈ º¸¾È¹ö±×°¡ ÀÖ´Ù.
     ÆÐÄ¡ ÆÄÀÏÀº ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.4.security-patch1.diff]




¡ã top

homeÀ¸·Î...