记录我在 Mac 上安装 gpg 的过程及使用
定义
gpg 是加密和数字签名的免费工具,大多用于加密信息的传递。除了仅用密码加密外,GPG 最大的不同是提供了“公钥/私钥”对。利用一方的“公钥”别人加密信息不再需要告诉密码,随时随地都能发送加密信息。而这种加密是单向的,只有一方的“私钥”能解开加密。数字签名又是另一大使用方向。通过签名认证,别人能确保发布的消息来自一方,而且没有经过修改。
安装
安装命令利用 brew 即可,具体视操作环境有所差异。
sh-3.2# brew install gpg **==>** **Downloading https://homebrew.bintray.com/bottles/gnupg-1.4.20.el_capitan.bottle.tar.gz** ######################################################################## 100.0% **==>** **Pouring gnupg-1.4.20.el_capitan.bottle.tar.gz** /usr/local/Cellar/gnupg/1.4.20: 53 files, 5.4M sh-3.2# gpg --version gpg (GnuPG) 1.4.20 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg 支持的算法: 公钥:RSA, RSA-E, RSA-S, ELG-E, DSA 对称加密:IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 散列:MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 压缩:不压缩, ZIP, ZLIB, BZIP2
生成私钥
安装之后需要利用 gpg --gen-key 命令生成私钥,这一步需要对私钥的用户、邮箱、有效期进行配置,我的操作记录如下:
sh-3.2# gpg --gen-key gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. 请选择您要使用的密钥种类: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (仅用于签名) (4) RSA (仅用于签名) 您的选择? RSA 密钥长度应在 1024 位与 4096 位之间。 您想要用多大的密钥尺寸?(2048) 您所要求的密钥尺寸是 2048 位 请设定这把密钥的有效期限。 0 = 密钥永不过期 = 密钥在 n 天后过期 w = 密钥在 n 周后过期 m = 密钥在 n 月后过期 y = 密钥在 n 年后过期 密钥的有效期限是?(0) 密钥永远不会过期 以上正确吗?(y/n)y 您需要一个用户标识来辨识您的密钥;本软件会用真实姓名、注释和电子邮件地址组合 成用户标识,如下所示: “Heinrich Heine (Der Dichter) ” 真实姓名:liumei 姓名含有无效的字符 真实姓名:liumapp (liumapp) 姓名含有无效的字符 真实姓名:liumapp 电子邮件地址:liumapp.com@gmail.com 注释: 您选定了这个用户标识: “liumapp ” 更改姓名(N)、注释(C)、电子邮件地址(E)或确定(O)/退出(Q)?o 您需要一个密码来保护您的私钥。 我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动 鼠标、读写硬盘之类的),这会让随机数字发生器有更好的机会获得足够的熵数。 ........+++++ ...+++++ 我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动 鼠标、读写硬盘之类的),这会让随机数字发生器有更好的机会获得足够的熵数。 ....+++++ +++++ gpg: /var/root/.gnupg/trustdb.gpg:建立了信任度数据库 gpg: 密钥 636BA03D 被标记为绝对信任 公钥和私钥已经生成并经签名。 gpg: 正在检查信任度数据库 gpg: 需要 3 份勉强信任和 1 份完全信任,PGP 信任模型 gpg: 深度:0 有效性: 1 已签名: 0 信任度:0-,0q,0n,0m,0f,1u pub 2048R/636BA03D 2017-07-20 密钥指纹 = 7CFB 016A 298A C90C C324 6A32 DAB3 F9DA 636B A03D uid liumapp sub 2048R/9F2B7F4B 2017-07-20
发布公钥
首先我们要看看自己的公钥编号是什么:
sh-3.2# gpg --list-keys /var/root/.gnupg/pubring.gpg ---------------------------- pub 2048R/636BA03D 2017-07-20 uid liumapp sub 2048R/9F2B7F4B 2017-07-20
可以看到,我的公钥编号是 636BA03D,所以接下来使用命令:
gpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys 636BA03D
将公钥上传到线上
sh-3.2# gpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys 636BA03D gpg: sending key 636BA03D to hkp server pool.sks-keyservers.net
使用
gpg 的使用一般搭配 Maven,比如 maven 的插件 maven-gpg-plugin,当然也有很多其他的用法,官方的说明比较详细:working-with-pgp。我自己仅仅就 maven-gpg-plugin 的使用进行一个记录。
场景说明
利用 maven 和 gpg,将一个 maven 项目上传到 maven 中央仓库的私服中。
配置
pom.xml:
首先需要取保虾面的几项基础配置要有:
<licenses> <license> <name>GNU General Public License v3.0</name> <url>http://www.gnu.org/licenses/agpl-3.0.html</url> <distribution>repo</distribution> <comments>A socket manager</comments> </license> </licenses> <developers> <developer> <name>liumapp</name> <url>http://www.liumapp.com</url> <email>liumapp.com@gmail.com</email> </developer> </developers> <scm> <connection>scm:git:https://github.com/liumapp/DNSQueen.git</connection> <developerConnection>scm:git:https://github.com/liumapp/DNSQueen.git</developerConnection> <url>https://github.com/liumapp/DNSQueen</url> <tag>v${project.version}</tag> </scm> <distributionManagement> <snapshotRepository> <id>ossrh</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>ossrh</id> <name>Maven Central Staging Repository</name> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url> </repository> </distributionManagement>
然后添加以下插件:
<plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>1.6.3</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.6</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>2.10.3</version> <executions> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar-no-fork</goal> </goals> </execution> </executions> </plugin>
然后便要修改 maven 的 settings.xml 文件,打开 maven 的安装目录,找到 config 下的 settings.xml,在 servers 节点和 profiles 节点分别添加以下两段内容:
<server> <id>ossrh</id> <username>sonatype的用户名</username> <password>sonatype的密码</password> </server> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault>//这个true的作用就是oss.sonatype的Staging Repositories会自动release </activation> <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>安装gpg时设置的密码</gpg.passphrase> </properties> </profile>
然后我们回到 maven 的项目根目录,执行:
mvn deploy -Dmaven.test.skip=true -e
如果看到 build success 的话,那么此刻我们的 maven 项目应该成功上传到 maven 中央仓库的一个私服里面了。我这边的相关日志如下:
Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.pom.asc Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.pom.asc (473 B at 0.1 KB/sec) Downloading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/maven-metadata.xml Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/maven-metadata.xml Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/maven-metadata.xml (299 B at 0.2 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-javadoc.jar.asc Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-javadoc.jar.asc (473 B at 1.2 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-sources.jar.asc Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-sources.jar.asc (473 B at 1.6 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.jar Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.jar (29 KB at 17.1 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.pom Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.pom (6 KB at 4.7 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.jar.asc Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0.jar.asc (473 B at 1.6 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-sources.jar Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-sources.jar (17 KB at 13.6 KB/sec) Uploading: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-javadoc.jar Uploaded: https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/comliumapp-1007/com/liumapp/DNSQueen/1.0.0/DNSQueen-1.0.0-javadoc.jar (131 KB at 18.6 KB/sec) [INFO] * Upload of locally staged artifacts finished. [INFO] * Closing staging repository with ID "comliumapp-1007". Waiting for operation to complete......... [INFO] Remote staged 1 repositories, finished with success. [INFO] Remote staging repositories are being released... Waiting for operation to complete.......... [INFO] Remote staging repositories released. [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 01:33 min [INFO] Finished at: 2017-07-20T14:08:53+08:00 [INFO] Final Memory: 31M/562M [INFO] ------------------------------------------------------------------------
最后附一张私服截图:
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于