[FZH] microcai 讲座第三弹: GPG 签名与加密

CyrusYzGTt cyrusyzgtt at gmail.com
Wed May 18 04:48:34 UTC 2011 

現在所有 使用 fas cla的馬上更新吧 ,,鏈接
http://lists.fedoraproject.org/pipermail/announce/2011-May/002960.html

Please take a moment and read this brief email, as it is important.

Fedora is in the process of retiring our old "Individual Contributor
License Agreement" (also known as the ICLA or CLA) and replacing it with
the new Fedora Project Contributor Agreement (FPCA).

All Fedora contributors with accounts in the Fedora Account System
(https://admin.fedoraproject.org/accounts) who have agreed to the old
CLA *MUST* agree to the new FPCA by June 17, 2011 to continue
contributing to Fedora.

Here is how you do this:

1) Login to the Fedora Account System:
https://admin.fedoraproject.org/accounts
2) Once logged in, click on the "My Account" link in the blue box on the
left side of the window.
3) On the page that loads, you will see a section labeled "Account
Details". Look for the line that says "Contributor Agreement". On that
line, you should see a new section that says:

"New CLA Not Signed - We need contributors to sign the new Contributor
Agreement(Complete it now!)"

Click on "Complete it now!" and follow the prompts.

*****

It is important that Fedora Account holders who have signed the old
Fedora CLA sign the new FPCA. We have allotted a window of one month for
Fedora contributors to agree to the FPCA. This means that after June 17,
2011, any Fedora Contributors who have not agreed to the FPCA will have
their "cla_done" flag set to False. This also means that any groups that
they are in which are dependent upon "cla_done", such as "packager",
"ambassador", and Fedora People access will be removed.

There are a few accounts which are exempt from this, specifically,
accounts which are members of the "cla_dell", "cla_intel", and
"cla_redhat" groups. If you do not know what these groups are, you are
probably not in them. :) Accounts in these groups will not see the "New
CLA Not Signed" line on their "My Account" page, and do not need to take
any action at this time.

Please take a minute and login to FAS to agree to the terms of the FPCA,
to avoid loss of access.

More information about the FPCA, including the final FPCA text, can be
found here:
https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement

If you have any additional questions about the FPCA or the re-signing
process, please feel free to email me directly at legal at fedoraproject.org. <https://admin.fedoraproject.org/mailman/listinfo/announce>

Thanks,

Tom Callaway, Fedora Legal

==
Fedora Project



于 2011年04月22日 22:13, microcai 写道:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> 首先密码学的模型
>
> 1) 通信双方的机器是没有问题的。没有木马,没有坏人。
> 2)  通信线路是不可靠的,有人监听,有人伪造信息
>
>
> 那么,就要解决2个问题,首先,我得确信这个信息是你发送的,不是别人伪造你
> 发送的,俗称数字签名, 第二,我要确保没有人知道我们之间的通信,也就是加密。
>
>
> 非对称加密的意思就是,同时有2个key. 用其中一个加密,只能用另一个解密。
> 这样,随机选一个做私钥,另一个公开做公钥就是下面我要讲的 GPG 签名与加密。
>
>
> 对于 GPG 来说,GPG 会生成一个密钥对,一个是公钥,一个是私钥。
>
> 对于公钥,你需要将它上传到公钥服务器。
> 对于私钥,要绝对反正泄露,并且不能丢失!!!! 我重复,不能丢失,也不能泄露。
>
>
>
> 如果你要让别人相信你的邮件不是伪造的,那么你就需要进行签名。
> 签名就是用自己的私钥加密邮件。因为公钥是公开的,所以任何人都可以解密你的
> 邮件。但是只有用你的私钥才能发出那封邮件,所以别人可以肯定这是你的邮件,
> 不是别人伪造的。这就是用私钥进行签名的原因。
>
>
> 如果是发送加密邮件,那么你必须有对方的 GPG 公钥。
> 然后你用 *对方* 的 *公钥* 加密邮件。
>
> 因为这个时间上只有收件人有加密时使用的公钥的对应私钥,所以只有你的收件人
> 能解密这个邮件. 这样你就保证了你的邮件只有他能看到。PS, 你自己也不能解
> 密那个邮件。因为你没有他的私钥。
>
> 加密和签名同时使用的时候,就可以保证
>
> 1) 他可以确信邮件是你发送的
> 2) 你可以确信只有他能看那封邮件
>
> =====================================
> 但是,这个前提是,你怎么知道/确信指定的公钥就是他的? 他怎么知道/确信某
> 个密钥就是你的!!!!
>
> 这就引入了一个 信任机制。
>
> 比如 A B C
>
> A 通过见面得知了 B 的公钥。这个时候 A 和 B 可以相互100%确认对方的公钥。
>
> 这个时候来了个 C . C 自称他的公钥是 XXXX 。
>
> C 和 A 见过面。交换过公钥。
>
> 然后 A 就给 C  的公钥签名,
>
> B 收到 C 的邮件的时候,发现他的公钥被 A 签名了,B 就可以不需要亲自去核
> 实,就可以确定 XXXX 确实是 C 的公钥.
>
>
> 其实和 SSL 的证书机制差不多的啦。
> 我的 GPG 公钥是 E84C0359 ,
> 指纹是 85D9 2529 F2D6 EE19 CBEB A685 A4F8 533E E84C 0359
> 请记住哦 ;)
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
>
> iQEcBAEBAgAGBQJNsY0gAAoJEKT4Uz7oTANZS8wH/jMIyoVFqw01lOACWqQYolGl
> M7OCrHmXv0GDFc1iaJ8GCy2yjphXoDB/9MXDa1A31iirqo1AcgJ8haYS+4YsWkEg
> CcCHQiRx/GHhAcqesL1GW7t/H9KCQ2kjsDEJ3BCNe2exfJNh7G9ZV/guD0Qyp1mB
> KFjQ+wCMsmQ+IFsQ927O3ZEyjP9OMLExMKpGt7b3WYZrFychzU6J1BP+mZmuZR65
> +jQ0z7oruyvpz4bN4yHLUl9S2SFvxtRaWITfZG3v/io7jEULyr+/d8WIQzCqDtob
> ix3imTs837OGRQoGo8SRDLRAgDI2VAaOsV1hyhrU+tKVzWCgSZNqPrbN6WkwdWE=
> =tWt5
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chinese mailing list
> Chinese at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/chinese

More information about the Chinese mailing list