生成 PGP 密钥对时,您可以选择公钥算法:
$ gpg --expert --full-gen-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection?
当您列出/浏览 PGP 公钥时,该密钥使用的算法以数字表示。使用简单 RSA 2048 密钥的示例:
$ gpg --export [email protected] | gpg --list-packets --verbose
...
:public key packet:
version 4, algo 1, created 1531406055, expires 0s 0
...
:signature packet: algo 1, keyid 47F915B113C9BC18
version 4, created 1531406055, md5len 0, sigclass 0x13
digest algo 2, begin of digest 7a 9c
...
:public sub key packet:
version 4, algo 1, created 1531406055, expires 0
我在这里谈论
algo 1digest algo 8algo 2我正在寻找一个完整的列表,在其中我可以找到每个算法的名称,给定这个算法编号。
我在RFC 4880(OpenPGP消息格式)中找到了一个列表:
ID Algorithm
-- ---------
1 - RSA (Encrypt or Sign) [HAC]
2 - RSA Encrypt-Only [HAC]
3 - RSA Sign-Only [HAC]
16 - Elgamal (Encrypt-Only) [ELGAMAL] [HAC]
17 - DSA (Digital Signature Algorithm) [FIPS186] [HAC]
18 - Reserved for Elliptic Curve
19 - Reserved for ECDSA
20 - Reserved (formerly Elgamal Encrypt or Sign)
21 - Reserved for Diffie-Hellman (X9.42,
as defined for IETF-S/MIME)
100 to 110 - Private/Experimental algorithm
但是这个列表似乎不完整:如果我使用
ECCCurve 2551922gpg$ gpg --list-keys
pub ed25519 2022-04-06 [SC]
7D438CA8D0C6D57EA168521C2C800B246796CFC9
uid [ultimate] John <[email protected]>
sub cv25519 2022-04-06 [E]
是否有所有可用算法及其相关编号的最新列表?
不确定这是否完全满足您的需求,但除了 RFC4880 -
9.19.49.1. Public-Key Algorithms
9.2. Symmetric-Key Algorithms
9.3. Compression Algorithms
9.4. Hash Algorithms
这是我能找到的:
OpenPGP 中的椭圆曲线加密技术 (ECC)
RFC6637,第 5 节 - https://www.rfc-editor.org/rfc/rfc6637#section-5
“未知算法22”线程
https://lists.gnupg.org/pipermail/gnupg-devel/2017-April/032762.html
算法 22 似乎已在此线程中列出:
是的,我们比规格要快一点。 OpenPGP 工作组同意 2014 年中期,EdDSA 使用 22。 Draft-koch-eddsa-for-openpgp-00 指定算法;同时被取代 草案-ietf-openpgp-rfc4880bis-01。
+-----------+----------------------------------------------------+
| ID | Algorithm |
+-----------+----------------------------------------------------+
| 1 | RSA (Encrypt or Sign) [HAC] |
| 2 | RSA Encrypt-Only [HAC] |
| 3 | RSA Sign-Only [HAC] |
| 16 | Elgamal (Encrypt-Only) [ELGAMAL] [HAC] |
| 17 | DSA (Digital Signature Algorithm) [FIPS186] [HAC] |
| 18 | ECDH public key algorithm |
| 19 | ECDSA public key algorithm [FIPS186] |
| 20 | Reserved (formerly Elgamal Encrypt or Sign) |
| 21 | Reserved for Diffie-Hellman |
| | (X9.42, as defined for IETF-S/MIME) |
| 22 | EdDSA [I-D.irtf-cfrg-eddsa] |
| 100--110 | Private/Experimental algorithm |
+-----------+----------------------------------------------------+
注意:以防万一它对你有帮助,就像它对我有帮助一样,“摘要”是哈希算法的输出。
以下 Bash 函数从 IANA 服务器读取算法列表 (XML) 并显示给定算法编号的名称(来自 GPG 密钥):
get_algorithm_name() {
local n="${1}"
local xml=$(curl -X GET -o - -L -s "https://www.iana.org/assignments/openpgp/openpgp.xml")
if [ "$?" != "0" ]; then
echo -e "unknown algorithm (list not loaded)"
return
fi
local xpath="/reg:registry/reg:registry[@id='openpgp-public-key-algorithms']/reg:record[reg:value='${n}']/reg:description"
local name=$( echo -e "${xml}" | xmlstarlet sel -N reg=http://www.iana.org/assignments -t -v "${xpath}" )
if [ "$?" != "0" ]; then
echo -e "unknown algorithm (number not found)"
return
fi
echo -e "${name}"
}
get_algorithm_name "${1}"
您可以将脚本存储为
gpg-alggpg-alg 17
您需要安装
xmlstarlet