Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to apply the digital signature of Ubuntu documents". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use digital signatures in Ubuntu files.

Hint: "Digital signature" is a method that uses public key encryption algorithm to sign electronic information. The process of digital signature and verification of a file can be simply described as follows: the sender of the file first generates a set of summary information (characteristic information) of the sent file according to a certain abstract algorithm. and encrypt it with its own private key (that is, "signature") to form a signature file, and then send the original file and the signature file to the receiver. The receiver first calculates the summary information of the original file according to the algorithm, decrypts the signature file with the public key provided by the sender, and obtains another summary information. Through the comparison of the two summary information, it can confirm whether the file information is complete and correct. This is "check".

This article introduces an integrated desktop environment based on Ubuntu Desktop 9.10 (i386) and GNOME. And set up two hosts, Host1 and Host2, with the same user account (user name and password are the same for convenience).

Step 1. Sign the file on Host1

In the host Host1, assuming that there is a file "abc.txt" under the current user directory, then we select the file in the Nautilus file browser and right-click, select "sign" item in the pop-up shortcut menu, then pop-up "Select signer" dialog box (as shown in figure 1), in the "signing message key" column, select the corresponding private key of the user "testuser". Click the "OK" button, the "approve password access" dialog box pops up, and after confirmation, the file "abc.txt.sig" is generated under the directory of the currently logged-in user, which is the signature file of "abc.txt".

Select the private key to the user

Next, we send the original file "abc.txt" and the signature file "abc.txt.sig" to the Host2 host. Take the use of the "scp" command as an example.

Find the "Terminal" item under "Application → Accessories", click and open a GNOME terminal window, and enter the command "scp abc.* testuser@Host2:~/." in the terminal window. After the command is executed successfully, you can copy the above two files to the corresponding user directory in the Host2 host.

Step 2. Check the file on Host2

After receiving the files "abc.txt" and "abc.txt.sig" transmitted by users on Host1, how to confirm the legitimacy and integrity of the source of "abc.txt" files? This needs to be verified. Let's use the "gpg" command as an example to verify it.

First of all, the verification work needs to use the sender's public key, that is, the host Host1 user's public key, so the Host1 user's public key is first imported into the host Host2 (for details, see "how to encrypt files in the Ubuntu system").

Then, in the host Host2, sign the imported public key.

Run the Seahorse key manager program, in the "password and encryption key" window of the "other keys" tab, click the line where the imported key is located and right-click, select "sign key" item in the pop-up shortcut menu, click the "sign" button in the "sign key" dialog box, you can complete the signing operation of the imported public key.

Next, open a GNOME terminal window and enter the command: "gpg-- verify abc.txt.sig". In the output, if you see "gpg: intact signature, from …" The first line indicates that the file is complete and the source is legitimate.

Tip: if the imported public key is not signed, that is, the user on the Host2 does not confirm the validity of the public key, although you can still use the "gpg" command to verify the received file, it will give a warning message such as "warning: this key is not subject to trusted authorization verification" (see figure 2).

Signing operation is essential.

By verifying the information, we can confirm whether the received file has been tampered with, and by looking at the personal information of the sender, we can confirm whether the source of the file is legitimate, so as to confirm the identity of the other party.

Combination of double insurance encryption and digital signature

In this paper, we do not encrypt the file, but only carry out the digital signature operation. Although the receiver of the file can confirm the legitimacy of the source of the file and the integrity of the data, the file itself is not well protected. There are still risks such as data leakage. Therefore, in practical applications, encryption and digital signature technologies are generally used together.

Combined with the file encryption transmission method introduced in "how to encrypt files in the Ubuntu system", when a file is selected for encryption in the Nautilus file browser, there is a "key for signing message" at the bottom of the "Select recipient" dialog box, followed by a list of the user's available private key. If a user's private key is selected, the file is encrypted and digitally signed at the same time. After receiving the file, the receiver can use its own private key to decrypt the file, and then use the sender's public key to verify the file, thus further ensuring the security and integrity of the file.

At this point, I believe that everyone on the "Ubuntu document digital signature how to apply" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.