- A+
校验下载的文件的完整性
MD5 SHA-256
文件的加密
私钥private key
公钥public key
revocation Key
在某天你忘记密码口令或丢失私钥,你想要从密钥服务器上吊销你的公钥,唯一的补救措施是:你事先生成了吊销证书,使用吊销证书可以吊销公钥证书,使公钥其显示“吊销”字样,但依然无法从密钥服务器上删除公钥信息!所以务必要谨慎上传公钥,务必生成吊销证书备用!
Revoking an OpenPGP key means that we publish a statement saying that the key should not be used anymore. The statement may include a reason why the key shouldn’t be used (e.g., it has been compromised, or the user simply has a new one), and when the revocation should come into effect. The statement is a machine readable, cryptographic artifact and is called a “revocation certificate”.
Revocation certificates should be widely published (e.g. via WKD and on Key Servers) so that third parties will quickly learn that the key should not be used anymore, and to prevent an attacker from hindering distribution of the revocation certificate.
There are different reasons why we might want to revoke a user’s OpenPGP key. For example, the user’s key might have been compromised, or the user has left our organization. Revocation certificates contain information about the reason why the affected key has been revoked. OpenPGP implementations can use this information to determine how to treat existing artifacts. For instance, if a key has been compromised, the attacker could create backdated signatures. Thus, all signatures should be considered suspect. But, if a user simply switched to a new key, old signatures may still be considered valid.
在keopatra中选择产生revocation certificate,然后import进去【注意:要去掉文件里的:】,就revoke了
或者直接选择这个
fingerprint&key ID
签名
数字签名是OpenPGP的重要组成部分,数字签名是一个数学过程,与现实世界的签名功能相似,但更严谨、更安全且容易验证。数字签名保证了以下情况:
- 验证发送者身份:确认发送者确实是他声称的身份。
- 完整性:文件/邮件传输过程中未被更改。
- 不可否认:发送者不可否认已发送的文件/邮件。
数字签名的原理:发送者先通过加密散列函数获取数据的哈希,然后使用发送者的私钥加密哈希,得到数字签名。接收者使用发送者的公钥解密数字签名得到一个哈希,并与自己计算的数据的哈希值对比,一致则数字签名有效且数据完整。
Key server
