我们常常使用电子邮件来传递信息,它确实给我们带来了便利,但同时我们也需要知道电子邮件其实是一种很糟糕的沟通渠道,因为它的隐私,完整性和可信度至今还是无法确定。所以对于网络安全攻击载体来说,电子邮件仍然是最大的威胁。

如果你正在处理一些重要信息,就应该使用更加安全的方法。传统加密通信的方法中,Bob需要Alice的公钥,并将其添加到自己的数字密钥环中。这之后,Bob使用Alice的公钥加密他自己生成的随机对称密钥。唯一能揭示随机对称密钥的密钥是Alice的私钥:

img

这种方法的一大优势是Bob可以使用自己的私钥对消息的哈希进行签名,Alice可以使用公钥对其进行检查,这样我们就拥有了隐私、完整性和信任。

认识GPG

Phil Zimmerman创建了PGP (Pretty Good Privacy),并将其发展到GNU Privacy Guard (GPG)。总的来说,GPG是一个基于OpenPGP的程序,可以生成密钥对,加密和解密数据,对文件进行数字签名和验证数字签名。本文使用2.4.0版本。支持RSA、ELG、DSA、ECDH、ECDSA、EDDSA等公钥方法。还有IDEA、3DES、CAST5、BLOWFISH、AES、AES192、AES256、TWOFISH、CAMELLIA128、CAMELLIA192和CAMELLIA256的对称密钥密码,以及SHA1、RIPEMD160、SHA256、SHA384、SHA512和SHA224。支持的压缩方式有ZIP、ZLIB和BZIP2。

为此,我们可以安装GPG,如果可能的话,GPG版本2是最好的,因为它支持一系列椭圆曲线签名,包括ECDSA和EdDSA。接下来,我们可以用Python GnuPG链接到可执行文件。

要创建密钥对,我们需要:类型(RSA、ECDSA或EdDSA)、用户名、他们的电子邮件地址和密码。如果我们有一个RSA密钥对,我们可以定义密钥的大小,比如RSA-1024、RSA-2048和RSA-4096。如果我们有ECDSA,我们需要定义曲线,例如secp256k1或NIST P256。对于EdDSA,我们通常将曲线定义为曲线25519(并使用Ed25519作为密钥)。下面的代码生成了一些密钥类型:

import gnupg
import sys
gpg = gnupg.GPG(gnupghome="c:\\gpg")
enc="rsa-1024"
password="password"
user="Fred Bloggs"
email="fred@home.com"
if (len(sys.argv)>1):
  enc=str(sys.argv[1])
if (len(sys.argv)>2):
  password=str(sys.argv[2])
if (len(sys.argv)>3):
  user=str(sys.argv[3])
if (len(sys.argv)>4):
  email=str(sys.argv[4])
input_data = gpg.gen_key_input(key_type="RSA",key_length=1024,passphrase=password,name_real=user,name_email=email)
if (enc=="ecdsa-p256"):
 input_data = gpg.gen_key_input(key_type="ECDSA",key_curve='nistp256',passphrase=password,name_real=user,name_email=email)
if (enc=="ecdsa-p384"):
 input_data = gpg.gen_key_input(key_type="ECDSA",key_curve='nistp384',passphrase=password,name_real=user,name_email=email)
if (enc=="ecdsa-p521"):
 input_data = gpg.gen_key_input(key_type="ECDSA",key_curve='nistp521',passphrase=password,name_real=user,name_email=email)
if (enc=="ecdsa-secp256k1"):
 input_data = gpg.gen_key_input(key_type="ECDSA",key_curve='secp256k1',passphrase=password,name_real=user,name_email=email)
if (enc=="eddsa"):
 input_data = gpg.gen_key_input(key_type="EDDSA",key_curve='ed25519',passphrase=password,name_real=user,name_email=email)
if (enc=="rsa-1024"):
 input_data = gpg.gen_key_input(key_type="RSA",key_length=1024,passphrase=password,name_real=user,name_email=email)
if (enc=="rsa-2048"):
 input_data = gpg.gen_key_input(key_type="RSA",key_length=2048,passphrase=password,name_real=user,name_email=email)
if (enc=="rsa-3072"):
 input_data = gpg.gen_key_input(key_type="RSA",key_length=3072,passphrase=password,name_real=user,name_email=email)
key = gpg.gen_key(input_data)
fp = key.fingerprint
print ("Key ID: ",fp) 
print ("Type: ",enc)
ascii_armored_public_keys = gpg.export_keys(fp)
print("Public key:\n",ascii_armored_public_keys.replace(chr(13),''))
ascii_armored_private_keys = gpg.export_keys(fp,True,passphrase=password)
print("Private key:\n",ascii_armored_private_keys.replace(chr(13),''))
print("Private key deleted: ",gpg.delete_keys(fp,True,passphrase=password))
print("Public key deleted: ",gpg.delete_keys(fp))

RSA-1024的示例运行:

Key ID:  E2728597FE4C56AB211B40F9DCDFA59903EB6813
Type:  rsa-1024
Public key:
 -----BEGIN PGP PUBLIC KEY BLOCK-----

mI0EY+oDWgEEALwMAM1SefOei3tcrzyaxE/ibdfbfcJCo+eA4PwpHOPiiH2mQYyU
mLqBLLt/F+rdDJY4mDKYkmPreObvhGp2meGpUyDf01d9jANQx0EIWDju3KXA9EdE
3Lp+QFhQWSYA/rgIrME2pAShn2bxF2ESM83XYPW30h5D2DRj94OJe7ShABEBAAG0
G0ZyZWQgQmxvZ2dzIDxmcmVkQGhvbWUuY29tPojRBBMBCAA7FiEE4nKFl/5MVqsh
G0D53N+lmQPraBMFAmPqA1oCGy8FCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQ3N+lmQPraBOnrAP/c1NDE4OTPRJp8SkRUPMwQjStu/jnJ6fEM5NoyDy1iQPJ
wxW7YkLPvAPhbPoExWhIenKeqeH8PaVdqSCt7tr04WjamQiGf66OVqjetPb3hOqv
S/eScHlg9qd68SxIhVoPNWb/Zzt7E94QNS3ZZsleyTj09HrlKKM5DbjJoW9oxdI=
=IiJW
-----END PGP PUBLIC KEY BLOCK-----

Private key:
 -----BEGIN PGP PRIVATE KEY BLOCK-----

lQIGBGPqA1oBBAC8DADNUnnznot7XK88msRP4m3X233CQqPngOD8KRzj4oh9pkGM
lJi6gSy7fxfq3QyWOJgymJJj63jm74RqdpnhqVMg39NXfYwDUMdBCFg47tylwPRH
RNy6fkBYUFkmAP64CKzBNqQEoZ9m8RdhEjPN12D1t9IeQ9g0Y/eDiXu0oQARAQAB
/gcDAglYHcBL14Lgygpw6MCoYwGazwihMaRjG/brI9EC7iiJTZJXCn4o3OqPdHN+
9fyUziDyXN0DtEZoGK2s9PRtbeH8Rg7Wbd7Cry5FFlUdlkUTZdEVKdbgDT0ROe0I
4ohWn+B423+rDDtY+MD1qyegalLMXuDhsGnZrg73zfFwOOjkmsrImU2B3rC4XQBp
vCfIfFUub8oNw9cTnmsNUAGjWZ3tkMoYlRTq6c5vNdn4TvW7Vb9eegDKu2hSTGFL
/ORn9NknTzs/HavhZN/61bryZQCGXdLfeXtg+dMfu8AHEUCuCDoz+C/79RGatqyS
O9d9vZ3AO/JsbMegiURK1DY+gVAfVnPRTJCBipo0wnJ5XjejZijw3VGxtmt87A5i
0UzUzh7kO2xXOV1qXCkYwoSTo53Ognfe+4wgmky6bSfMVXCpsx/dyDPjO4VrZFmQ
uV8H7fJp4R8BACINj16lzPn/bbFQCgWYbmjUivio7KhNCiJABvDp+S60G0ZyZWQg
QmxvZ2dzIDxmcmVkQGhvbWUuY29tPojRBBMBCAA7FiEE4nKFl/5MVqshG0D53N+l
mQPraBMFAmPqA1oCGy8FCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ3N+l
mQPraBOnrAP/c1NDE4OTPRJp8SkRUPMwQjStu/jnJ6fEM5NoyDy1iQPJwxW7YkLP
vAPhbPoExWhIenKeqeH8PaVdqSCt7tr04WjamQiGf66OVqjetPb3hOqvS/eScHlg
9qd68SxIhVoPNWb/Zzt7E94QNS3ZZsleyTj09HrlKKM5DbjJoW9oxdI=
=XA59
-----END PGP PRIVATE KEY BLOCK-----

如果现在尝试使用此公钥,会得到:

img

对于 RSA-2048,我们有更大的密钥,其中 RSA 模数为 2,048 位长:

Key ID:  3F3151C450A6075E643D1AA32D3C1A6A46928499
Type:  rsa-2048
Public key:
 -----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGPqBQQBCACpEKQ6DUn7FOTDB203cPBX5PCodxQ37x9la5ich0yoKtU71l9U
mpwuncTZaFrtNsML7xUuC5WvMvclgX5ELCkMuX+mdvi/rMBQBMrbuYKw/3+/IhjJ
JBwMmJVRI6f2oQrlHYeJEE2m0oyUyiMaWiKoi8xMmik1UGCOh22taKrcMXqwkdO2
UO42na6b0GaswHcToGaC0ZA53Rh80sjP6lMEJbxMd8gB4jf8Q0PXQKtmANKA9hMv
8rPiCuA97p4sCkFRaKoIH6Yaiz2ePC1KoqAmn0be50e4ruaBh8R6EOIOnG0h8WdN
GpT/IbLLBhphFRyZV9R+k+oNEmRGWYYcmuuTABEBAAG0G0ZyZWQgQmxvZ2dzIDxm
cmVkQGhvbWUuY29tPokBUQQTAQgAOxYhBD8xUcRQpgdeZD0aoy08GmpGkoSZBQJj
6gUEAhsvBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEC08GmpGkoSZzl4I
AJ8fEhLaEHHYzsq9n3LRK5E1yKL7IM/iuD62viPI0N0LaRiI4rfUTGo7mAHmCFcB
CorMg4ljYHm91ihZWVJwyu9NnIClE/w9yzG6L/7KQWMJOWiPIQl0EZgwWfS1kXWJ
RWQWDhNprW0q7f3/nDx7oVJGszeqrriXSx2HYXC6thnfoS9mqd5c1JJDqw9Ol32g
kae/Sh+wbgr7fd/1R+ygsDlWku34OjR+RupJtpSOh8Qc5ciHBo+w8LWpEmCNXZ7j
1e2BgQz+dGFn7eNonSmDXW4SFF96uTEOqOEePU+r+W9y0QvS2p2MQVAecTsqB0CI
p51RCb/nejyAyOyfkWwczmM=
=o7uF
-----END PGP PUBLIC KEY BLOCK-----

Private key:
 -----BEGIN PGP PRIVATE KEY BLOCK-----

lQPGBGPqBQQBCACpEKQ6DUn7FOTDB203cPBX5PCodxQ37x9la5ich0yoKtU71l9U
mpwuncTZaFrtNsML7xUuC5WvMvclgX5ELCkMuX+mdvi/rMBQBMrbuYKw/3+/IhjJ
JBwMmJVRI6f2oQrlHYeJEE2m0oyUyiMaWiKoi8xMmik1UGCOh22taKrcMXqwkdO2
UO42na6b0GaswHcToGaC0ZA53Rh80sjP6lMEJbxMd8gB4jf8Q0PXQKtmANKA9hMv
8rPiCuA97p4sCkFRaKoIH6Yaiz2ePC1KoqAmn0be50e4ruaBh8R6EOIOnG0h8WdN
GpT/IbLLBhphFRyZV9R+k+oNEmRGWYYcmuuTABEBAAH+BwMCAwiurM16QdrKJcl0
TC1KM9CjOBBihFskrAgOyusFewwgjSvULk0Uc5CeT8FnoBYMsn9U0UJZwE2xqlPt
3LYbPSfsY5/jXaglLUZLYSTTYxHOpM6Zs5Cx1FYu7BEhtN4u8/PK0b4NqpjdX7G0
Rxrppgn+L2AU51CLE0B/hkD0obrPhE7k3EfXYqKKd+UfPFChFmi+/pa32PBSN+pB
gfSoFpLY3LQa4E0WEITzivhdWXpooCzvpv5Qz0RyNk9QeJM0YVvWpNyXKjB1heho
r8bev5nkyNiy34lWOE08YNc/v1S6VLJNTdfBMbELKjvG9BIxnFgEbSXHr6Y+M19y
NP9a+95anGmZvDKEz51ZFazH73a5vmDRx0cw35pf0ITWFV4xVnRsH/98WIn8jD9F
Y8CXR7rAECNuCZjIsbNL2aABZsBmBUXnNpfr8Q6kHRdnI7IdrI36yxXD93C45eZy
LHEZZHGkMUx/aq42lk3YHFwkKJyLYDjKkPvQvWX2MpsGsZ8fXGeyBx8IqYcqnPw3
rai1IcEfOJBR/q3rSYNB7QxatBfLmV5KW/+esTRcw451uWLkhr5lND8GPbW+GLYl
wIENK46PJJVQNhBgvkfsVBL5qRc70IXkhykflfD4M5xMxjroiLGnDvhkoQ+r5+dF
p0EDcstIDWc5bbb2epmQWoj23tnegS845kCIgvkiNgtsLdTg2D8AfH1jDT/TqFZI
ybZ19WLHZANTbbEQJ57QVs/koDadNLXtS75tBN5nuZhbrxVz/a6aiAgfBvK0ct1q
PT/O9Sjj4NY0LN7Qs1tbfHruktmTFPruthHnglDS+GhgfhPybNatGxVYqv7lh/KI
xA6XZFW8jBdcmZJeWkQo6gAkoCji/V8IBFfK+aaUMNIPOsLFNURnHqqvxbo2U4QX
uyCeABfDj322tBtGcmVkIEJsb2dncyA8ZnJlZEBob21lLmNvbT6JAVEEEwEIADsW
IQQ/MVHEUKYHXmQ9GqMtPBpqRpKEmQUCY+oFBAIbLwULCQgHAgIiAgYVCgkICwIE
FgIDAQIeBwIXgAAKCRAtPBpqRpKEmc5eCACfHxIS2hBx2M7KvZ9y0SuRNcii+yDP
4rg+tr4jyNDdC2kYiOK31ExqO5gB5ghXAQqKzIOJY2B5vdYoWVlScMrvTZyApRP8
Pcsxui/+ykFjCTlojyEJdBGYMFn0tZF1iUVkFg4Taa1tKu39/5w8e6FSRrM3qq64
l0sdh2FwurYZ36EvZqneXNSSQ6sPTpd9oJGnv0ofsG4K+33f9UfsoLA5VpLt+Do0
fkbqSbaUjofEHOXIhwaPsPC1qRJgjV2e49XtgYEM/nRhZ+3jaJ0pg11uEhRferkx
DqjhHj1Pq/lvctEL0tqdjEFQHnE7KgdAiKedUQm/53o8gMjsn5FsHM5j
=xPNy
-----END PGP PRIVATE KEY BLOCK-----

同样,如果我们将公钥进行粘贴,将得到:

img

对于采用 NIST P-256 的 ECDSA,我们可以看到缩短的密钥,因为我们只需要一个 256 位私钥和一个 512 位公钥:

-----BEGIN PGP PUBLIC KEY BLOCK-----PUBLIC KEY BLOCK-----
mFIEY+laIBMIKoZIzj0DAQcCAwQyqwvyzudbI/SasQPfwk8wTKTpfGS943Pfpocq
X6WNlUr79fm3YriOgBLNbWl92fiQ04jrVLuO4qFHjXRXCqY3tBtGcmVkIEJsb2dn
cyA8ZnJlZEBob21lLmNvbT6IkwQTEwgAOxYhBCgJu09BnND1s5jVBNE2PiMXDdki
BQJj6VogAhsjBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJENE2PiMXDdki
vQEBAMLDBI7lPPbNFl2bBr37qdzMD8MWcFI1x+VWonJAWmzfAQDgQX7BNz2C4ql0
AtaLG+LfbW8KPTsVIVcwOBkJVTC/gw==
=Y0Y+
-----END PGP PUBLIC KEY BLOCK-----
Private key:
 -----BEGIN PGP PRIVATE KEY BLOCK-----
lKUEY+laIBMIKoZIzj0DAQcCAwQyqwvyzudbI/SasQPfwk8wTKTpfGS943Pfpocq
X6WNlUr79fm3YriOgBLNbWl92fiQ04jrVLuO4qFHjXRXCqY3/gcDAr29l+/OcJdm
ymBkFTA6Li1y0GOLtkhWP30/F5LvyLlER9OXplzcs7j0oBJ+ZN9rRRC6W97sy4tj
/s2YBr8JZTKUT+V0TWJXTpGmepbqL+G0G0ZyZWQgQmxvZ2dzIDxmcmVkQGhvbWUu
Y29tPoiTBBMTCAA7FiEEKAm7T0Gc0PWzmNUE0TY+IxcN2SIFAmPpWiACGyMFCwkI
BwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ0TY+IxcN2SK9AQEAwsMEjuU89s0W
XZsGvfup3MwPwxZwUjXH5VaickBabN8BAOBBfsE3PYLiqXQC1osb4t9tbwo9OxUh
VzA4GQlVML+D
=KamW
-----END PGP PRIVATE KEY BLOCK-----

对于 NIST P-521,密钥大小更大(私钥为 521 位):

Key ID:  C2E0A8F95633536EB7D05F4C37D7097A6371A8BE
Type:  ecdsa-p521
Public key:
 -----BEGIN PGP PUBLIC KEY BLOCK-----
mJMEY+laNxMFK4EEACMEIwQA8A0Kz1i/3baTHi1M37Qj3o60CdT6eXRyGHr72VYn
42NpsPEfbXhF+dUkGKXwonFMrSpr3dJDeoLMEPqr4GludYIAvIpPWopkPbEkyUB7
FSGQ9bpfHuqDy0L5RGE4k6dDkpEVmb7jl9CHvKYomU2doAFcmr2LQlT/NpHsiA+v
i/f/1Zq0G0ZyZWQgQmxvZ2dzIDxmcmVkQGhvbWUuY29tPojXBBMTCgA7FiEEwuCo
+VYzU2630F9MN9cJemNxqL4FAmPpWjcCGyMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
HgcCF4AACgkQN9cJemNxqL7enAIJAf4WHrAwGeoRkUKwohIbplFORfad/HZDZH7G
fDxnqKeVLpHtMgSKlX5jhKdNJZwWvgy9BASSsyB+SFyLCLhBj3DoAgkBWnZryEqN
XrFGWUFr41HMLEKxXDfEUSieeTCRNkS8zODOWcemdzEc6em/1sqoySP2dmT8NRFx
BqaRoyl9MRmyp3c=
=gUWO
-----END PGP PUBLIC KEY BLOCK-----
Private key:
 -----BEGIN PGP PRIVATE KEY BLOCK-----
lQEHBGPpWjcTBSuBBAAjBCMEAPANCs9Yv922kx4tTN+0I96OtAnU+nl0chh6+9lW
J+NjabDxH214RfnVJBil8KJxTK0qa93SQ3qCzBD6q+BpbnWCALyKT1qKZD2xJMlA
exUhkPW6Xx7qg8tC+URhOJOnQ5KRFZm+45fQh7ymKJlNnaABXJq9i0JU/zaR7IgP
r4v3/9Wa/gcDAg3buJmP0QDRyvMGlsik5lqJ7A5UP1HCf8ft5Ngcg2bU60t0WeEy
wTfj6uoV/2c4BBuCh++JQMBOMULHTpDo64LRLqqDz+hXEvfHiejqDek7MBLXz2ZA
m7ot6akzcGaaMT/U/2xHzJ/eXTEmY3FTdS+0G0ZyZWQgQmxvZ2dzIDxmcmVkQGhv
bWUuY29tPojXBBMTCgA7FiEEwuCo+VYzU2630F9MN9cJemNxqL4FAmPpWjcCGyMF
CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQN9cJemNxqL7enAIJAf4WHrAw
GeoRkUKwohIbplFORfad/HZDZH7GfDxnqKeVLpHtMgSKlX5jhKdNJZwWvgy9BASS
syB+SFyLCLhBj3DoAgkBWnZryEqNXrFGWUFr41HMLEKxXDfEUSieeTCRNkS8zODO
WcemdzEc6em/1sqoySP2dmT8NRFxBqaRoyl9MRmyp3c=
=Zubb
-----END PGP PRIVATE KEY BLOCK-----

总体而言,ECDSA 和 EdDSA 用于数字签名,但 RSA 可用于加密和数字签名。不过,RSA 确实有更大的密钥大小。

结论

从许多方面而言,互联网自 1980 年代以来从未真正发展起来,我们使用的协议仍然与当时大同小异。但是,随着时代的更替,网络安全方面一定是可以做得更好的。

Source:https://medium.com/asecuritysite-when-bob-met-alice/privacy-integrity-and-trust-some-day-we-will-integrate-these-into-all-our-communications-the-71040f7e07e0

关于

ChinaDeFi – ChinaDeFi.com 是一个研究驱动的DeFi创新组织,同时我们也是区块链开发团队。每天从全球超过500个优质信息源的近900篇内容中,寻找思考更具深度、梳理更为系统的内容,以最快的速度同步到中国市场提供决策辅助材料。

Layer 2道友 – 欢迎对Layer 2感兴趣的区块链技术爱好者、研究分析人与Gavin(微信: chinadefi)联系,共同探讨Layer 2带来的落地机遇。敬请关注我们的微信公众号 “去中心化金融社区”