Red Hat Training

A Red Hat training course is available for Red Hat Satellite

3.2. RHN 软​​​件​​​包​​​的​​​数​​​字​​​签​​​名​​​

所​​​有​​​通​​​过​​​ RHN 发​​​布​​​的​​​软​​​件​​​包​​​都​​​应​​​该​​​有​​​一​​​个​​​数​​​字​​​签​​​名​​​。​​​数​​​字​​​签​​​名​​​根​​​据​​​唯​​​一​​​的​​​私​​​钥​​​创​​​建​​​,并​​​可​​​使​​​用​​​对​​​应​​​的​​​公​​​钥​​​验​​​证​​​。​​​在​​​创​​​建​​​软​​​件​​​包​​​后​​​,SRPM (源​​​ RPM) 和​​​ RPM 可​​​以​​​使​​​用​​​一​​​个​​​ GnuPG 密​​​钥​​​进​​​行​​​数​​​字​​​签​​​注​​​。​​​在​​​安​​​装​​​软​​​件​​​包​​​前​​​,公​​​钥​​​可​​​以​​​被​​​用​​​来​​​验​​​证​​​这​​​个​​​软​​​件​​​包​​​是​​​否​​​被​​​可​​​信​​​任​​​的​​​一​​​方​​​签​​​注​​​并​​​在​​​签​​​注​​​后​​​没​​​有​​​被​​​修​​​改​​​。​​​

3.2.1. 生​​​成​​​ GnuPG 密​​​钥​​​对​​​

GnuPG 密​​​钥​​​对​​​包​​​括​​​私​​​钥​​​和​​​公​​​钥​​​。​​​要​​​生​​​成​​​一​​​个​​​密​​​钥​​​对​​​,请​​​在​​​ shell 中​​​以​​​ root 用​​​户​​​的​​​身​​​份​​​运​​​行​​​以​​​下​​​命​​​令​​​: 
gpg --gen-key
如​​​果​​​您​​​以​​​非​​​ root 用​​​户​​​的​​​身​​​份​​​运​​​行​​​这​​​个​​​命​​​令​​​,您​​​将​​​会​​​看​​​到​​​以​​​下​​​信​​​息​​​: 
gpg: Warning: using insecure memory!
出​​​现​​​此​​​信​​​息​​​是​​​因​​​为​​​非​​​ root 用​​​户​​​无​​​法​​​锁​​​定​​​内​​​存​​​页​​​。​​​因​​​为​​​您​​​不​​​想​​​让​​​任​​​何​​​人​​​得​​​到​​​您​​​的​​​专​​​用​​​ GnuPG 密​​​钥​​​或​​​者​​​密​​​码​​​短​​​语​​​,所​​​以​​​您​​​想​​​要​​​以​​​ root 户​​​生​​​成​​​密​​​钥​​​对​​​。​​​root 用​​​户​​​可​​​以​​​锁​​​定​​​内​​​存​​​页​​​,就​​​是​​​说​​​永​​​远​​​无​​​法​​​在​​​磁​​​盘​​​中​​​写​​​入​​​信​​​息​​​。​​​
在​​​执​​​行​​​了​​​生​​​成​​​一​​​个​​​密​​​钥​​​对​​​的​​​命​​​令​​​后​​​,您​​​将​​​会​​​看​​​到​​​与​​​以​​​下​​​类​​​似​​​的​​​、​​​包​​​括​​​了​​​密​​​钥​​​选​​​项​​​的​​​引​​​导​​​屏​​​幕​​​: 
	gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software
	Foundation, Inc.  This program comes with ABSOLUTELY NO
	WARRANTY. This is free software, and you are welcome to
	redistribute it under certain conditions. See the file COPYING
	for details. Please select what kind of key you want: (1) DSA
	and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only)
	Your selection?
接​​​受​​​默​​​认​​​选​​​项​​​:(1) DSA 和​​​ ElGamal。​​​这​​​个​​​选​​​项​​​允​​​许​​​您​​​创​​​建​​​一​​​个​​​数​​​字​​​签​​​名​​​并​​​使​​​用​​​两​​​种​​​加​​​密​​​技​​​术​​​进​​​行​​​加​​​密​​​/解​​​密​​​。​​​输​​​入​​​ 1 后​​​按​​​ Enter 键​​​。​​​
接​​​下​​​来​​​,选​​​择​​​密​​​钥​​​的​​​长​​​度​​​,即​​​密​​​钥​​​应​​​有​​​的​​​长​​​度​​​。​​​密​​​钥​​​的​​​长​​​度​​​越​​​大​​​,它​​​被​​​破​​​解​​​的​​​可​​​能​​​性​​​就​​​越​​​小​​​。​​​推​​​荐​​​您​​​创​​​建​​​最​​​短​​​为​​​ 1024 位​​​的​​​密​​​钥​​​。​​​
下​​​一​​​个​​​选​​​项​​​将​​​让​​​您​​​指​​​定​​​密​​​钥​​​的​​​有​​​效​​​期​​​。​​​如​​​果​​​您​​​指​​​定​​​了​​​密​​​钥​​​过​​​期​​​的​​​日​​​期​​​,任​​​何​​​使​​​用​​​您​​​的​​​公​​​钥​​​的​​​用​​​户​​​都​​​需​​​要​​​被​​​告​​​知​​​过​​​期​​​的​​​时​​​间​​​并​​​在​​​过​​​期​​​后​​​获​​​得​​​新​​​密​​​钥​​​。​​​我​​​们​​​推​​​荐​​​您​​​使​​​用​​​没​​​有​​​过​​​期​​​时​​​间​​​的​​​设​​​置​​​。​​​如​​​果​​​您​​​没​​​有​​​选​​​择​​​一​​​个​​​过​​​期​​​的​​​日​​​期​​​,会​​​提​​​示​​​您​​​确​​​认​​​您​​​的​​​选​​​择​​​: 
Key does not expire at all Is this correct (y/n)?
按​​​ y 来​​​确​​​认​​​您​​​的​​​决​​​定​​​。​​​
您​​​的​​​下​​​一​​​个​​​任​​​务​​​是​​​提​​​供​​​一​​​个​​​包​​​括​​​您​​​的​​​名​​​称​​​、​​​电​​​子​​​邮​​​件​​​地​​​址​​​和​​​注​​​释​​​(可​​​选​​​的​​​)的​​​用​​​户​​​ ID,其​​​中​​​的​​​每​​​项​​​都​​​需​​​要​​​独​​​立​​​的​​​内​​​容​​​。​​​完​​​成​​​后​​​,您​​​会​​​看​​​到​​​您​​​输​​​入​​​内​​​容​​​的​​​总​​​结​​​。​​​
一​​​旦​​​确​​​定​​​了​​​您​​​的​​​选​​​择​​​,您​​​需​​​要​​​输​​​入​​​一​​​个​​​密​​​码​​​短​​​语​​​(passphrase)。​​​

注意

和​​​您​​​的​​​帐​​​户​​​密​​​码​​​一​​​样​​​,一​​​个​​​好​​​的​​​密​​​码​​​短​​​语​​​对​​​ GnuPG 的​​​安​​​全​​​性​​​非​​​常​​​重​​​要​​​。​​​在​​​您​​​的​​​密​​​码​​​短​​​语​​​中​​​使​​​用​​​混​​​和​​​的​​​大​​​小​​​写​​​字​​​母​​​、​​​数​​​字​​​和​​​标​​​点​​​符​​​号​​​将​​​会​​​增​​​加​​​其​​​安​​​全​​​性​​​。​​​
在​​​输​​​入​​​并​​​验​​​证​​​了​​​您​​​的​​​密​​​码​​​短​​​语​​​后​​​,就​​​生​​​成​​​了​​​您​​​的​​​密​​​钥​​​。​​​此​​​时​​​会​​​出​​​现​​​一​​​个​​​类​​​似​​​如​​​下​​​的​​​信​​​息​​​: 
We need to generate a lot of random bytes. It is a good idea to perform some
other action (type on the keyboard, move the mouse, utilize the disks) 
during the prime generation; this gives the random number generator a 
better chance to gain enough entropy. 

+++++.+++++.++++++++....++++++++++..+++++.+++++.+++++++.+++++++ +++.
++++++++++++++++++++++++++++++++++++++..........................++++
当​​​这​​​些​​​行​​​动​​​完​​​成​​​后​​​,您​​​的​​​新​​​密​​​钥​​​会​​​被​​​放​​​置​​​在​​​ root 用​​​户​​​主​​​目​​​录​​​的​​​ .gnupg 目​​​录​​​中​​​。​​​密​​​钥​​​放​​​在​​​这​​​个​​​位​​​置​​​是​​​因​​​为​​​您​​​以​​​ root 用​​​户​​​的​​​身​​​份​​​运​​​行​​​了​​​这​​​个​​​命​​​令​​​。​​​要​​​列​​​出​​​您​​​的​​​ root 密​​​钥​​​,请​​​使​​​用​​​命​​​令​​​: 
gpg --list-keys
输​​​出​​​内​​​容​​​类​​​似​​​如​​​下​​​: 
/root/.gnupg/pubring.gpg ----------------  pub 1024D/B7085C8A 2002-02-18
 Your Name<you@example.com> 
sub 1024g/E12AF9C4 2002-02-18
要​​​获​​​得​​​您​​​的​​​公​​​钥​​​,使​​​用​​​以​​​下​​​命​​​令​​​: 
gpg --export -a 'Your Name' > public_key.txt
您​​​的​​​公​​​钥​​​被​​​写​​​在​​​ public_key.txt 文​​​件​​​中​​​。​​​
这​​​个​​​公​​​钥​​​非​​​常​​​重​​​要​​​。​​​它​​​是​​​必​​​须​​​被​​​部​​​属​​​在​​​所​​​有​​​通​​​过​​​ up2date 接​​​收​​​自​​​定​​​义​​​软​​​件​​​包​​​的​​​客​​​户​​​端​​​系​​​统​​​中​​​的​​​密​​​钥​​​。​​​《​​​Red Hat Network 客​​​户​​​端​​​配​​​置​​​指​​​南​​​》​​​介​​​绍​​​了​​​在​​​一​​​个​​​机​​​构​​​的​​​客​​​户​​​端​​​系​​​统​​​中​​​部​​​属​​​该​​​密​​​钥​​​的​​​方​​​法​​​。​​​