List of Pgpdump - text.Baldanders.info
tag:text.Baldanders.info,2022-04-14:/tags
2022-04-14T19:42:39+09:00
帰ってきた「しっぽのさきっちょ」
https://text.baldanders.info/images/avatar.jpg
https://text.baldanders.info/images/avatar.jpg
pgpdump 0.35 がリリースされていた
tag:text.Baldanders.info,2022-04-14:/release/2022/04/pgpdump-v0.35-was-released/
2022-04-14T10:42:39+00:00
2022-04-14T10:45:34+00:00
気が付かなかったよ orz
Spiegel
https://baldanders.info/profile/
<p>2022-02-28 に本家 <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> の v0.35 がリリースされていた。
気が付かなかったよ <code>orz</code></p>
<p>0.34 からの変更点は以下の通り。</p>
<figure lang="en">
<blockquote class="nobox"><pre tabindex="0"><code>0.35 2022/02/28
* Adding BrainPool-384/512 curve definitions.
https://github.com/kazu-yamamoto/pgpdump/pull/33
</code></pre></blockquote>
<figcaption><div>via <q><a href="https://github.com/kazu-yamamoto/pgpdump/blob/master/CHANGES">pgpdump/CHANGES</a></q></div></figcaption>
</figure>
<p>例によってソースコードのみの提供だが Linux 環境ならビルドは簡単である。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ ./configure
</span></span><span class="line"><span class="cl">...
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ make
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall pgpdump.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall types.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall tagfuncs.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall packet.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall subfunc.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall signature.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall keys.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall buffer.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall uatfunc.c
</span></span><span class="line"><span class="cl">gcc -g -O2 -O -Wall -o pgpdump pgpdump.o types.o tagfuncs.o packet.o subfunc.o signature.o keys.o buffer.o uatfunc.o -lbz2 -lz
</span></span></code></pre></div><p>作者の方は既に Haskell の人で <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> のメンテナンスは積極的には行っていないみたいだが pull request は歓迎のようだ。</p>
<p>拙作の <a href="https://github.com/spiegel-im-spiegel/gpgpdump" title="spiegel-im-spiegel/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> は本家 <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> をリファレンス実装とみなして参考にさせてもらってる。
こちらもよろしく【広告】</p>
<h2>参考図書</h2>
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51ZRZ62WKCL._SL160_.jpg" width="108" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号化 プライバシーを救った反乱者たち</a></dt>
<dd>スティーブン・レビー (著), 斉藤 隆央 (翻訳)</dd>
<dd>紀伊國屋書店 2002-02-16</dd>
<dd>単行本</dd>
<dd>4314009071 (ASIN), 9784314009072 (EAN), 4314009071 (ISBN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">20世紀末,暗号技術の世界で何があったのか。知りたかったらこちらを読むべし!</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-03-09">2015-03-09</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号化 プライバシーを救った反乱者たち -->
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51t6yHHVwEL._SL160_.jpg" width="113" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号技術入門 第3版 秘密の国のアリス</a></dt>
<dd>結城 浩 (著)</dd>
<dd>SBクリエイティブ 2015-08-25 (Release 2015-09-17)</dd>
<dd>Kindle版</dd>
<dd>B015643CPE (ASIN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">SHA-3 や Bitcoin/Blockchain など新しい知見や技術要素を大幅追加。暗号技術を使うだけならこれ1冊でとりあえず無問題。</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-09-20">2015-09-20</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号技術入門 第3版 -->
pgpdump 0.34 がリリースされた
tag:text.Baldanders.info,2021-12-11:/release/2021/12/pgpdump-v0.34-is-released/
2021-12-11T12:47:42+00:00
2021-12-11T12:51:08+00:00
Windows 用バイナリを作るか悩み中...
Spiegel
https://baldanders.info/profile/
<p>本家 <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> の v0.34 がリリースされたようだ。</p>
<p>変更点は以下の通り。</p>
<figure lang="en">
<blockquote class="nobox"><pre tabindex="0"><code>0.34 2021/12/07
* Uploading modifications to support GnuPG-2.3.3 ECC curves, additional hash and algorithm names.
https://github.com/kazu-yamamoto/pgpdump/pull/32
* Improved labels for Literal Data Packet fields.
https://github.com/kazu-yamamoto/pgpdump/pull/29
* Indicate unknown sigtype value is displayed in hex.
https://github.com/kazu-yamamoto/pgpdump/pull/27
* Fixing cross-building and avoiding infinite loop when invoking BZ2_bzDecompress.
https://github.com/kazu-yamamoto/pgpdump/pull/25
</code></pre></blockquote>
<figcaption><div>via <q><a href="https://github.com/kazu-yamamoto/pgpdump/blob/master/CHANGES">pgpdump/CHANGES</a></q></div></figcaption>
</figure>
<p>例によってソースコードのみの提供だが Linux 環境ならビルドは簡単である。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ ./configure
</span></span><span class="line"><span class="cl">...
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ make
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall pgpdump.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall types.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall tagfuncs.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall packet.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall subfunc.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall signature.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall keys.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall buffer.c
</span></span><span class="line"><span class="cl">gcc -c -g -O2 -O -Wall uatfunc.c
</span></span><span class="line"><span class="cl">gcc -g -O2 -O -Wall -o pgpdump pgpdump.o types.o tagfuncs.o packet.o subfunc.o signature.o keys.o buffer.o uatfunc.o -lbz2 -lz
</span></span></code></pre></div><p>作者の方は既に Haskell の人で <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> のメンテナンスは積極的には行っていないみたいだが pull request は歓迎のようだ。
拙作の <a href="https://github.com/spiegel-im-spiegel/gpgpdump" title="spiegel-im-spiegel/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> は本家 <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> をリファレンス実装とみなして参考にさせてもらってるので,今回の <a href="https://gnupg.org/" title="The GNU Privacy Guard">GnuPG</a> 2.3 系への対応はありがたい。</p>
<p><a href="https://text.baldanders.info/release/2018/05/pgpdump-v0.33-is-released/" title="pgpdump 0.33 がリリース">前回</a>のリリースは2018年で,このときはまだ Windows 環境だったのだが,今回はどうすっかなぁ。
まぁ,折角 <a href="https://text.baldanders.info/remark/2021/12/azure-virtual-desktop/" title="ようやく Azure Virtual Desktop を導入できた">Azure Virtual Desktop 環境を作った</a>んだし,そっちで MSYS2 環境を作るかな。</p>
<h2>参考図書</h2>
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51ZRZ62WKCL._SL160_.jpg" width="108" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号化 プライバシーを救った反乱者たち</a></dt>
<dd>スティーブン・レビー (著), 斉藤 隆央 (翻訳)</dd>
<dd>紀伊國屋書店 2002-02-16</dd>
<dd>単行本</dd>
<dd>4314009071 (ASIN), 9784314009072 (EAN), 4314009071 (ISBN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">20世紀末,暗号技術の世界で何があったのか。知りたかったらこちらを読むべし!</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-03-09">2015-03-09</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号化 プライバシーを救った反乱者たち -->
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51t6yHHVwEL._SL160_.jpg" width="113" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号技術入門 第3版 秘密の国のアリス</a></dt>
<dd>結城 浩 (著)</dd>
<dd>SBクリエイティブ 2015-08-25 (Release 2015-09-17)</dd>
<dd>Kindle版</dd>
<dd>B015643CPE (ASIN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">SHA-3 や Bitcoin/Blockchain など新しい知見や技術要素を大幅追加。暗号技術を使うだけならこれ1冊でとりあえず無問題。</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-09-20">2015-09-20</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号技術入門 第3版 -->
OpenPGP パケットを可視化する gpgpdump
tag:text.Baldanders.info,2019-09-10:/release/gpgpdump/
2019-09-10T13:07:44+00:00
2022-04-03T07:00:58+00:00
gpgpdump は OpenPGP パッケットの内容を human-readable な形式で可視化する CLI ツールである。
Spiegel
https://baldanders.info/profile/
<ul>
<li><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">goark/gpgpdump: OpenPGP packet visualizer</a></li>
</ul>
<p><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> は <a href="http://openpgp.org/">OpenPGP</a> パッケットの内容を human-readable な形式で可視化するコマンドライン・ツールである。
<a href="http://www.mew.org/~kazu/">山本和彦</a>さんによる <a href="http://www.mew.org/~kazu/proj/pgpdump/">pgpdump</a> を参考デザインとし, <a href="https://golang.org/" title="The Go Programming Language">Go 言語</a>で組み直している。</p>
<p><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> は <a href="http://www.mew.org/~kazu/proj/pgpdump/">pgpdump</a> と比較して以下の特徴がある。</p>
<ul>
<li>平文テキストによる結果出力のほか <a href="https://tools.ietf.org/html/rfc7159" title="RFC 7159 - The JavaScript Object Notation (JSON) Data Interchange Format">JSON</a> 形式による出力もできる</li>
<li>現行仕様である <a href="https://tools.ietf.org/html/rfc4880">RFC 4880</a> に追加して <a href="http://tools.ietf.org/html/rfc5581">RFC 5581</a> および <a href="http://tools.ietf.org/html/rfc6637">RFC 6637</a> にも対応している</li>
<li>次期 <a href="http://openpgp.org/">OpenPGP</a> ドラフト案である <a href="https://datatracker.ietf.org/doc/draft-ietf-openpgp-rfc4880bis/">RFC 4880bis</a> にも一部対応している</li>
<li><a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00" title="draft-shaw-openpgp-hkp-00 - The OpenPGP HTTP Keyserver Protocol (HKP)">HKP (HTTP Keyserver Protocol)</a> を用いて <a href="http://openpgp.org/">OpenPGP</a> 鍵サーバから直接公開鍵を取得して検証できる</li>
<li><a href="https://github.com/" title="GitHub">GitHub</a> に登録している OpenPGP 公開鍵を直接取得して検証できる</li>
</ul>
<p><a href="https://github.com/goark/gpgpdump/actions"><img src="https://github.com/goark/gpgpdump/workflows/vulns/badge.svg" alt="check vulns"></a>
<a href="https://github.com/goark/gpgpdump/actions"><img src="https://github.com/goark/gpgpdump/workflows/lint/badge.svg" alt="lint status"></a>
<a href="https://raw.githubusercontent.com/goark/gpgpdump/master/LICENSE"><img src="https://img.shields.io/badge/license-Apache%202-blue.svg" alt="GitHub license"></a>
<a href="https://github.com/goark/gpgpdump/releases/latest"><img src="https://img.shields.io/github/release/goark/gpgpdump.svg" alt="GitHub release"></a></p>
<h2>ダウンロードとビルド</h2>
<p><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> は以下の <a href="https://go.dev/">Go</a> コマンドでダウンロードとビルドができる。</p>
<pre tabindex="0"><code>$ go get github.com/goark/gpgpdump@latest
</code></pre><p>なおビルドには <a href="https://go.dev/">Go</a> 1.13 以降が要件となるのでご注意を。</p>
<p>64ビット版のみであるが,各プラットフォーム用のバイナリも用意している。
<a href="https://github.com/goark/gpgpdump/releases/latest">最新バイナリはリリースページから取得</a>できる。</p>
<h2>簡単な使い方</h2>
<p><code>-h</code> オプションで簡単なヘルプを表示できる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump -h
</span></span><span class="line"><span class="cl">OpenPGP (RFC 4880) packet visualizer by golang.
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Usage:
</span></span><span class="line"><span class="cl"> gpgpdump [flags]
</span></span><span class="line"><span class="cl"> gpgpdump [command]
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Available Commands:
</span></span><span class="line"><span class="cl"> completion Generate completion script
</span></span><span class="line"><span class="cl"> fetch Dumps OpenPGP packets form the Web
</span></span><span class="line"><span class="cl"> github Dumps OpenPGP keys registered on GitHub
</span></span><span class="line"><span class="cl"> help Help about any command
</span></span><span class="line"><span class="cl"> hkp Dumps OpenPGP packets from the key server
</span></span><span class="line"><span class="cl"> version Print the version number
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Flags:
</span></span><span class="line"><span class="cl"> -a, --armor accepts ASCII armor text only
</span></span><span class="line"><span class="cl"> -c, --cert dumps attested certification in signature packets (tag 2)
</span></span><span class="line"><span class="cl"> --clipboard input from clipboard (ASCII armor text only)
</span></span><span class="line"><span class="cl"> --debug for debug
</span></span><span class="line"><span class="cl"> -f, --file string path of OpenPGP file
</span></span><span class="line"><span class="cl"> -h, --help help for gpgpdump
</span></span><span class="line"><span class="cl"> --indent int indent size for output text
</span></span><span class="line"><span class="cl"> -i, --int dumps multi-precision integers
</span></span><span class="line"><span class="cl"> -j, --json output with JSON format
</span></span><span class="line"><span class="cl"> -l, --literal dumps literal packets (tag 11)
</span></span><span class="line"><span class="cl"> -m, --marker dumps marker packets (tag 10)
</span></span><span class="line"><span class="cl"> -p, --private dumps private packets (tag 60-63)
</span></span><span class="line"><span class="cl"> -u, --utc output with UTC time
</span></span><span class="line"><span class="cl"> -v, --version output version of gpgpdump
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Use "gpgpdump [command] --help" for more information about a command.
</span></span></code></pre></div><p>たとえば以下のような <a href="http://openpgp.org/">OpenPGP</a> 電子署名データファイルがあるとする。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ cat testdata/eccsig.asc
</span></span><span class="line"><span class="cl">-----BEGIN PGP SIGNATURE-----
</span></span><span class="line"><span class="cl">Version: GnuPG v2
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">iF4EARMIAAYFAlTDCN8ACgkQMfv9qV+7+hg2HwEA6h2iFFuCBv3VrsSf2BREQaT1
</span></span><span class="line"><span class="cl">T1ZprZqwRPOjiLJg9AwA/ArTwCPz7c2vmxlv7sRlRLUI6CdsOqhuO1KfYXrq7idI
</span></span><span class="line"><span class="cl">=ZOTN
</span></span><span class="line"><span class="cl">-----END PGP SIGNATURE-----
</span></span></code></pre></div><p>これを <a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> で表示するとこんな感じの出力になる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump -u -f testdata/eccsig.asc
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (94 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Signature of a canonical text document (0x01)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: ECDSA public key algorithm (pub 19)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-256 (hash 8)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (6 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2015-01-24T02:52:15Z
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0x31fbfda95fbbfa18
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> 36 1f
</span></span><span class="line"><span class="cl"> ECDSA value r (256 bits)
</span></span><span class="line"><span class="cl"> ECDSA value s (252 bits)
</span></span></code></pre></div><p>パイプ等を使って標準入力からの入力も可能である。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ cat testdata/eccsig.asc | gpgpdump -u
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (94 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Signature of a canonical text document (0x01)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: ECDSA public key algorithm (pub 19)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-256 (hash 8)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (6 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2015-01-24T02:52:15Z
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0x31fbfda95fbbfa18
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> 36 1f
</span></span><span class="line"><span class="cl"> ECDSA value r (256 bits)
</span></span><span class="line"><span class="cl"> ECDSA value s (252 bits)
</span></span></code></pre></div><p><code>-j</code> オプションを指定すれば JSON フォーマットで出力される<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ cat testdata/eccsig.asc | gpgpdump -u -j | jq .
</span></span><span class="line"><span class="cl">{
</span></span><span class="line"><span class="cl"> "Packet": [
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Signature Packet (tag 2)",
</span></span><span class="line"><span class="cl"> "note": "94 bytes",
</span></span><span class="line"><span class="cl"> "Item": [
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Version",
</span></span><span class="line"><span class="cl"> "value": "4",
</span></span><span class="line"><span class="cl"> "note": "current"
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Signiture Type",
</span></span><span class="line"><span class="cl"> "value": "Signature of a canonical text document (0x01)"
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Public-key Algorithm",
</span></span><span class="line"><span class="cl"> "value": "ECDSA public key algorithm (pub 19)"
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Hash Algorithm",
</span></span><span class="line"><span class="cl"> "value": "SHA2-256 (hash 8)"
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Hashed Subpacket",
</span></span><span class="line"><span class="cl"> "note": "6 bytes",
</span></span><span class="line"><span class="cl"> "Item": [
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Signature Creation Time (sub 2)",
</span></span><span class="line"><span class="cl"> "value": "2015-01-24T02:52:15Z"
</span></span><span class="line"><span class="cl"> }
</span></span><span class="line"><span class="cl"> ]
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Unhashed Subpacket",
</span></span><span class="line"><span class="cl"> "note": "10 bytes",
</span></span><span class="line"><span class="cl"> "Item": [
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Issuer (sub 16)",
</span></span><span class="line"><span class="cl"> "value": "0x31fbfda95fbbfa18"
</span></span><span class="line"><span class="cl"> }
</span></span><span class="line"><span class="cl"> ]
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "Hash left 2 bytes",
</span></span><span class="line"><span class="cl"> "dump": "36 1f"
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "ECDSA value r",
</span></span><span class="line"><span class="cl"> "note": "256 bits"
</span></span><span class="line"><span class="cl"> },
</span></span><span class="line"><span class="cl"> {
</span></span><span class="line"><span class="cl"> "name": "ECDSA value s",
</span></span><span class="line"><span class="cl"> "note": "252 bits"
</span></span><span class="line"><span class="cl"> }
</span></span><span class="line"><span class="cl"> ]
</span></span><span class="line"><span class="cl"> }
</span></span><span class="line"><span class="cl"> ]
</span></span><span class="line"><span class="cl">}
</span></span></code></pre></div><p><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> で使える主なオプションは以下の通り。</p>
<table>
<thead>
<tr>
<th>オプション名</th>
<th style="text-align:center">短縮名</th>
<th>内容</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>armor</code></td>
<td style="text-align:center"><code>a</code></td>
<td>ASCII armor テキストのみ受け入れる</td>
</tr>
<tr>
<td><code>cert</code></td>
<td style="text-align:center"><code>c</code></td>
<td>署名パケット(tag 2)内の証明された認証を16進ダンプ表示する</td>
</tr>
<tr>
<td><code>int</code></td>
<td style="text-align:center"><code>i</code></td>
<td>MPI データを16進ダンプ表示する</td>
</tr>
<tr>
<td><code>literal</code></td>
<td style="text-align:center"><code>l</code></td>
<td>リテラル・パケット(tag 11)を16進ダンプ表示する</td>
</tr>
<tr>
<td><code>marker</code></td>
<td style="text-align:center"><code>m</code></td>
<td>マーカー・パケット(tag 10)を16進ダンプ表示する</td>
</tr>
<tr>
<td><code>private</code></td>
<td style="text-align:center"><code>p</code></td>
<td>プライベート用パケット(tag 60-63)を16進ダンプ表示する</td>
</tr>
<tr>
<td><code>utc</code></td>
<td style="text-align:center"><code>u</code></td>
<td>時刻を UTC で表示する</td>
</tr>
<tr>
<td><code>file</code></td>
<td style="text-align:center"><code>f</code></td>
<td><a href="http://openpgp.org/">OpenPGP</a> データファイルのパスを指定する</td>
</tr>
<tr>
<td><code>json</code></td>
<td style="text-align:center"><code>j</code></td>
<td><a href="https://tools.ietf.org/html/rfc7159" title="RFC 7159 - The JavaScript Object Notation (JSON) Data Interchange Format">JSON</a> 形式で出力する</td>
</tr>
<tr>
<td><code>indent</code></td>
<td style="text-align:center"></td>
<td>平文テキスト出力時のインデント幅を指定する</td>
</tr>
<tr>
<td><code>debug</code></td>
<td style="text-align:center"></td>
<td>デバッグ用</td>
</tr>
</tbody>
</table>
<h2>HKP モード</h2>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump hkp -h
</span></span><span class="line"><span class="cl">Dumps OpenPGP packets from the key server.
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Usage:
</span></span><span class="line"><span class="cl"> gpgpdump hkp [flags] {userID | keyID}
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Aliases:
</span></span><span class="line"><span class="cl"> hkp, h
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Flags:
</span></span><span class="line"><span class="cl"> -h, --help help for hkp
</span></span><span class="line"><span class="cl"> --keyserver string OpenPGP key server (default "keys.gnupg.net")
</span></span><span class="line"><span class="cl"> --port int port number of OpenPGP key server (default 11371)
</span></span><span class="line"><span class="cl"> --raw output raw text from OpenPGP key server
</span></span><span class="line"><span class="cl"> --secure enable HKP over HTTPS
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Global Flags:
</span></span><span class="line"><span class="cl"> -a, --armor accepts ASCII armor text only
</span></span><span class="line"><span class="cl"> -c, --cert dumps attested certification in signature packets (tag 2)
</span></span><span class="line"><span class="cl"> --debug for debug
</span></span><span class="line"><span class="cl"> --indent int indent size for output text
</span></span><span class="line"><span class="cl"> -i, --int dumps multi-precision integers
</span></span><span class="line"><span class="cl"> -j, --json output with JSON format
</span></span><span class="line"><span class="cl"> -l, --literal dumps literal packets (tag 11)
</span></span><span class="line"><span class="cl"> -m, --marker dumps marker packets (tag 10)
</span></span><span class="line"><span class="cl"> -p, --private dumps private packets (tag 60-63)
</span></span><span class="line"><span class="cl"> -u, --utc output with UTC time
</span></span></code></pre></div><p><code>hkp</code> サブコマンドを指定することで <a href="http://openpgp.org/">OpenPGP</a> 鍵サーバから <a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00" title="draft-shaw-openpgp-hkp-00 - The OpenPGP HTTP Keyserver Protocol (HKP)">HKP</a> により直接公開鍵を取得して中身を検証することができる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump hkp 0x44ce6900e2b307a4 -u
</span></span><span class="line"><span class="cl">Public-Key Packet (tag 6) (269 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Public key creation time: 2009-11-08T15:20:55Z
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> RSA public modulus n (2048 bits)
</span></span><span class="line"><span class="cl"> RSA public encryption exponent e (17 bits)
</span></span><span class="line"><span class="cl">User ID Packet (tag 13) (25 bytes)
</span></span><span class="line"><span class="cl"> User ID: Alice <alice@example.com>
</span></span><span class="line"><span class="cl">...
</span></span></code></pre></div><p>以下のオプションを使って <a href="http://openpgp.org/">OpenPGP</a> 鍵サーバを指定可能。</p>
<table>
<thead>
<tr>
<th>オプション名</th>
<th>既定値</th>
<th>内容</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>keyserver</code></td>
<td><code>keys.gnupg.net</code></td>
<td><a href="http://openpgp.org/">OpenPGP</a> 鍵サーバ名(ホスト名)</td>
</tr>
<tr>
<td><code>port</code></td>
<td>11371</td>
<td><a href="http://openpgp.org/">OpenPGP</a> 鍵サーバのポート番号</td>
</tr>
<tr>
<td><code>secure</code></td>
<td>false</td>
<td><a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00" title="draft-shaw-openpgp-hkp-00 - The OpenPGP HTTP Keyserver Protocol (HKP)">HKP</a> over HTTPS を有効にする</td>
</tr>
</tbody>
</table>
<p>さらに <code>--raw</code> オプションを使うとダンプ表示はせず,鍵サーバから取得したデータ(ASCII armor テキスト)をそのまま表示する。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump hkp --raw 0x44ce6900e2b307a4
</span></span><span class="line"><span class="cl">-----BEGIN PGP PUBLIC KEY BLOCK-----
</span></span><span class="line"><span class="cl">Version: SKS 1.1.6
</span></span><span class="line"><span class="cl">Comment: Hostname: sks.pod02.fleetstreetops.com
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">mQENBEr24dcBCADQeCxUo1pNF33ytHuzLn4vK9Z8LWXCUoZsQAZ9+cMKAzbQ9ncO+LfMleDz
</span></span><span class="line"><span class="cl">RpjsBxYWDaTnn6a8OySveDcw9/CZ9Wu0ND0+uHErdNk5qh+z81x15sOAfN9xj4pUm0iH092Z
</span></span><span class="line"><span class="cl">wuILrLjWWqgKMZYmB8HKaHXDkQmSfQmhx7oyZ4tWHfMN/VqBWLyUt0RaU0X+s4zLrdJSsTaf
</span></span><span class="line"><span class="cl">ECZRo/2OJecpyBzLBc45Tzv3RJAXTyv31MLDYn38bS0EiShRoqaGIZthC7ZnX9EoaS2trg1K
</span></span><span class="line"><span class="cl">uZtv6NeScRU4TqS21q/kYnE6HBnAMg7mI7dtFbg8x20TB2rTA5v8o/8cqZ3MLQukqjZ1ABEB
</span></span><span class="line"><span class="cl">AAG0GUFsaWNlIDxhbGljZUBleGFtcGxlLmNvbT6IjAQQFggANBYhBDvMx8/SWX5TRN2WSnKb
</span></span><span class="line"><span class="cl">Uj0R86jXBQJe8BASFhSAAAAAAA0AAHJlbUBnbnVwZy5vcmcACgkQcptSPRHzqNexFQEA3wFC
</span></span><span class="line"><span class="cl">8PN9jOyFJak06/OWplZpQCMvBEBKJl+hJZYLNdIBAPEZay004L/HD0CA6O8l9emQyDCglYkT
</span></span><span class="line"><span class="cl">y2AIzzpeFvABiQE4BBMBAgAiBQJK9uHXAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
</span></span><span class="line"><span class="cl">CRBEzmkA4rMHpJNiB/0bWxus4CYj1fdRmRTIJmSVNiuqrohX3c1DZry8j34v5fEFLsAwHPL8
</span></span><span class="line"><span class="cl">54uw2FhQVgjhZN75vKPzghsZoUh7dbtC+KZuACnAqmsHV/Nx9D0Ac7x8tVEvt90glG9jkp8Q
</span></span><span class="line"><span class="cl">SMLA8SElUmfPQoXvjugc93ZdZs7A6J8Nxxlcu9zsrKQqH+60aTIUs03F5D/PaQFeZOCFkoOt
</span></span><span class="line"><span class="cl">dj5QTV8Kwkow4nnMdQ55dJCnD1Ze7RFZmMEqd+jAQ6N3Vg41f6+qsmBew+t7aqC30tWpVw+s
</span></span><span class="line"><span class="cl">6XSdIkbFfLN8yPiRARn1r8U2ZzsLDs1O6ftdcBNaQTOnl/4zXNu+R1skFwWfDML/xkcW3pVx
</span></span><span class="line"><span class="cl">uQENBEr24dcBCADZ+26/F9bLQ92XPiCeCwPG2rwzg2o4a5kHkpX9lR6HLwDKbHpXZIjyEIFR
</span></span><span class="line"><span class="cl">eu1oefIGPmnlpdVuCh8ulaE7574vU3fEg6B/QoSTVz6mAKeLuMjx0qth02Gots/U/sixx/Nn
</span></span><span class="line"><span class="cl">V5epDVuR/exH6egunpzDvEg+UD6Rkib86LIL8CmQXq38ZZVfd/Px0rObF7YyUbWUidqKW6+l
</span></span><span class="line"><span class="cl">2lj/X6svQdx3B65PWGwBuoxv3j4eLP7zJouyGf7h+2H9v3eIcPTyTOgiT50YwztdalMFllkP
</span></span><span class="line"><span class="cl">71Lf3F/6L5zo4yZ4/YMyCkHV+2LevwjnDpjGSHyXQ603WPjQtOwybcgCkV0N+KuYwvinABEB
</span></span><span class="line"><span class="cl">AAGJAR8EGAECAAkFAkr24dcCGwwACgkQRM5pAOKzB6Rm8wgAyw09KTy98Y1lMvuS4sr+IHPt
</span></span><span class="line"><span class="cl">RCLg8/JKHfNut8N+W7z9B+7q1bB9XDg1KxtYhuEtwVr393xfY8v9f1saUUt4bh8hwrciU5gt
</span></span><span class="line"><span class="cl">cGP7MhgQT5xztAkM1JChtT2+SKRF4NU9El4oUao4lbTU/jB8ZSF2jJAhUnpcHgCSzPzsqyye
</span></span><span class="line"><span class="cl">XMGK/CQPmGRWr96c9L2efBZvV0aLrziI/ftIl+TJ68P9oV0RwjoA6z6dWgwMfaZ8GN6MsuXQ
</span></span><span class="line"><span class="cl">KH/KNBqYms9+E0UXWd70hQZaKKV3Tch/ldnAVMSwMaKmkD6zFvULJqkcP+QNWIqxLqc7He8/
</span></span><span class="line"><span class="cl">P1FRChSHTwsazDVjP0AKzttqhGYxNw==
</span></span><span class="line"><span class="cl">=QFnp
</span></span><span class="line"><span class="cl">-----END PGP PUBLIC KEY BLOCK-----
</span></span></code></pre></div><h2><a href="https://github.com/" title="GitHub">GitHub</a> に登録されている OpenPGP 公開鍵を検証する</h2>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump github -h
</span></span><span class="line"><span class="cl">Dumps OpenPGP keys registered on GitHub.
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Usage:
</span></span><span class="line"><span class="cl"> gpgpdump github [flags] GitHubUserID
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Aliases:
</span></span><span class="line"><span class="cl"> github, gh, g
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Flags:
</span></span><span class="line"><span class="cl"> -h, --help help for github
</span></span><span class="line"><span class="cl"> --keyid string OpenPGP key ID
</span></span><span class="line"><span class="cl"> --raw output raw text (ASCII armor text)
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Global Flags:
</span></span><span class="line"><span class="cl"> -a, --armor accepts ASCII armor text only
</span></span><span class="line"><span class="cl"> -c, --cert dumps attested certification in signature packets (tag 2)
</span></span><span class="line"><span class="cl"> --debug for debug
</span></span><span class="line"><span class="cl"> --indent int indent size for output text
</span></span><span class="line"><span class="cl"> -i, --int dumps multi-precision integers
</span></span><span class="line"><span class="cl"> -j, --json output with JSON format
</span></span><span class="line"><span class="cl"> -l, --literal dumps literal packets (tag 11)
</span></span><span class="line"><span class="cl"> -m, --marker dumps marker packets (tag 10)
</span></span><span class="line"><span class="cl"> -p, --private dumps private packets (tag 60-63)
</span></span><span class="line"><span class="cl"> -u, --utc output with UTC time
</span></span></code></pre></div><p><a href="https://github.com/" title="GitHub">GitHub</a> はユーザごとに OpenPGP 公開鍵を登録することができ,コミット等に付与された電子署名を検証することができる。
<code>github</code> サブコマンドでこの公開鍵を <a href="https://github.com/" title="GitHub">GitHub</a> から直接取得して中身を検証することができる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump github spiegel-im-spiegel -u
</span></span><span class="line"><span class="cl">Public-Key Packet (tag 6) (1198 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Public key creation time: 2013-04-28T10:29:43Z
</span></span><span class="line"><span class="cl"> Public-key Algorithm: DSA (Digital Signature Algorithm) (pub 17)
</span></span><span class="line"><span class="cl"> DSA p (3072 bits)
</span></span><span class="line"><span class="cl"> DSA q (q is a prime divisor of p-1) (256 bits)
</span></span><span class="line"><span class="cl"> DSA g (3070 bits)
</span></span><span class="line"><span class="cl"> DSA y (= g^x mod p where x is secret) (3067 bits)
</span></span><span class="line"><span class="cl">...
</span></span></code></pre></div><p>複数の OpenPGP 公開鍵を登録している場合は,全ての鍵が連結された状態で取得される。
特定の公開鍵だけを見たい場合は <code>--keyid</code> オプションを使って</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump github spiegel-im-spiegel -u --keyid 3b460ba9a59048c9
</span></span><span class="line"><span class="cl">Public-Key Packet (tag 6) (51 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Public key creation time: 2020-10-27T06:20:19Z
</span></span><span class="line"><span class="cl"> Public-key Algorithm: EdDSA (pub 22)
</span></span><span class="line"><span class="cl"> ECC Curve OID: ed25519 (256bits key size)
</span></span><span class="line"><span class="cl"> 2b 06 01 04 01 da 47 0f 01
</span></span><span class="line"><span class="cl"> EdDSA EC point (Native point format of the curve follows) (263 bits)
</span></span><span class="line"><span class="cl">...
</span></span></code></pre></div><p>などとすればよい。</p>
<p><code>--raw</code> オプションを使うとダンプ表示はせず, <a href="https://github.com/" title="GitHub">GitHub</a> から取得したデータ(ASCII armor テキスト)をそのまま表示する。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump github spiegel-im-spiegel --keyid 3b460ba9a59048c9 --raw
</span></span><span class="line"><span class="cl">-----BEGIN PGP PUBLIC KEY BLOCK-----
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">mDMEX5e8IxYJKwYBBAHaRw8BAQdAsbKSTsqzMQSUdWv/UQBfYf+HD9/+dzCT+zVN
</span></span><span class="line"><span class="cl">IvZRQ/e0L1NwaWVnZWwgKGdpdGh1YikgPHNwaWVnZWwuaW0uc3BpZWdlbEBnbWFp
</span></span><span class="line"><span class="cl">bC5jb20+iJAEExYIADgWIQRK8EwUs6FchRaOGmc7RguppZBIyQUCX5e8IwIbAwUL
</span></span><span class="line"><span class="cl">CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA7RguppZBIyVTWAPoChzM/FBkpqBVl
</span></span><span class="line"><span class="cl">Uv2v3cE3UIfPENm5qWegUmmBg3yTLgD+MXyI6zter+DDUT9e0UWeaOZrsJvCpBUh
</span></span><span class="line"><span class="cl">9eLxUMpiKg64OARfl7wjEgorBgEEAZdVAQUBAQdALSF4rszFFAhisXD/7ZKytW1M
</span></span><span class="line"><span class="cl">LSWGPxW4sLNezkhKfX0DAQgHiHgEGBYIACAWIQRK8EwUs6FchRaOGmc7RguppZBI
</span></span><span class="line"><span class="cl">yQUCX5e8IwIbDAAKCRA7RguppZBIyUzLAQCDNMwKtq1zR2KHm9F0Fvp66vv2grX1
</span></span><span class="line"><span class="cl">j0TRb5sEayG9YQEA5ap7JltKc4iVThzu7bY1D+sZ3KbXetecf+QQv6YrwAE=
</span></span><span class="line"><span class="cl">=n3Jr
</span></span><span class="line"><span class="cl">-----END PGP PUBLIC KEY BLOCK-----
</span></span></code></pre></div><h2>任意の URL を指定して Web 上にある OpenPGP パケット・データを検証する</h2>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump fetch -h
</span></span><span class="line"><span class="cl">Dumps OpenPGP packets form the Web.
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Usage:
</span></span><span class="line"><span class="cl"> gpgpdump fetch [flags] URL
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Aliases:
</span></span><span class="line"><span class="cl"> fetch, fch, f
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Flags:
</span></span><span class="line"><span class="cl"> -h, --help help for fetch
</span></span><span class="line"><span class="cl"> --raw output raw data
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">Global Flags:
</span></span><span class="line"><span class="cl"> -a, --armor accepts ASCII armor text only
</span></span><span class="line"><span class="cl"> -c, --cert dumps attested certification in signature packets (tag 2)
</span></span><span class="line"><span class="cl"> --debug for debug
</span></span><span class="line"><span class="cl"> --indent int indent size for output text
</span></span><span class="line"><span class="cl"> -i, --int dumps multi-precision integers
</span></span><span class="line"><span class="cl"> -j, --json output with JSON format
</span></span><span class="line"><span class="cl"> -l, --literal dumps literal packets (tag 11)
</span></span><span class="line"><span class="cl"> -m, --marker dumps marker packets (tag 10)
</span></span><span class="line"><span class="cl"> -p, --private dumps private packets (tag 60-63)
</span></span><span class="line"><span class="cl"> -u, --utc output with UTC time
</span></span></code></pre></div><p><code>fetch</code> サブコマンドで Web 上にある OpenPGP パケット・データ(公開鍵や電子署名など)を直接取得して中身を検証することができる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump fetch https://github.com/spiegel-im-spiegel.gpg -u
</span></span><span class="line"><span class="cl">Public-Key Packet (tag 6) (1198 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Public key creation time: 2013-04-28T10:29:43Z
</span></span><span class="line"><span class="cl"> Public-key Algorithm: DSA (Digital Signature Algorithm) (pub 17)
</span></span><span class="line"><span class="cl"> DSA p (3072 bits)
</span></span><span class="line"><span class="cl"> DSA q (q is a prime divisor of p-1) (256 bits)
</span></span><span class="line"><span class="cl"> DSA g (3070 bits)
</span></span><span class="line"><span class="cl"> DSA y (= g^x mod p where x is secret) (3067 bits)
</span></span><span class="line"><span class="cl">...
</span></span></code></pre></div><p><code>--raw</code> オプションを使うとダンプ表示はせず, 取得したデータをそのまま標準出力に出力する。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump fetch https://github.com/spiegel-im-spiegel.gpg --raw
</span></span></code></pre></div><p>中身がテキストとは限らないのでご注意を。</p>
<h2><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> を <a href="https://go.dev/">Go</a> パッケージとして使う</h2>
<p>使いどころが思い浮かばないのだが,一応 <a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> は <a href="https://golang.org/" title="The Go Programming Language">Go 言語</a>用のパッケージまたはモジュールとして組み込むことができる。</p>
<p>たとえばこんな感じ。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="kn">package</span> <span class="nx">main</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="s">"fmt"</span>
</span></span><span class="line"><span class="cl"> <span class="s">"os"</span>
</span></span><span class="line"><span class="cl"> <span class="s">"strings"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="s">"github.com/goark/gpgpdump/parse"</span>
</span></span><span class="line"><span class="cl"> <span class="s">"github.com/goark/gpgpdump/parse/context"</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">const</span> <span class="nx">openpgpStr</span> <span class="p">=</span> <span class="s">`
</span></span></span><span class="line"><span class="cl"><span class="s">-----BEGIN PGP SIGNATURE-----
</span></span></span><span class="line"><span class="cl"><span class="s">Version: GnuPG v2
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s">iF4EARMIAAYFAlTDCN8ACgkQMfv9qV+7+hg2HwEA6h2iFFuCBv3VrsSf2BREQaT1
</span></span></span><span class="line"><span class="cl"><span class="s">T1ZprZqwRPOjiLJg9AwA/ArTwCPz7c2vmxlv7sRlRLUI6CdsOqhuO1KfYXrq7idI
</span></span></span><span class="line"><span class="cl"><span class="s">=ZOTN
</span></span></span><span class="line"><span class="cl"><span class="s">-----END PGP SIGNATURE-----
</span></span></span><span class="line"><span class="cl"><span class="s">`</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">p</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">parse</span><span class="p">.</span><span class="nf">New</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="nx">context</span><span class="p">.</span><span class="nf">New</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="nx">context</span><span class="p">.</span><span class="nf">Set</span><span class="p">(</span><span class="nx">context</span><span class="p">.</span><span class="nx">ARMOR</span><span class="p">,</span> <span class="kc">true</span><span class="p">),</span>
</span></span><span class="line"><span class="cl"> <span class="nx">context</span><span class="p">.</span><span class="nf">Set</span><span class="p">(</span><span class="nx">context</span><span class="p">.</span><span class="nx">UTC</span><span class="p">,</span> <span class="kc">true</span><span class="p">),</span>
</span></span><span class="line"><span class="cl"> <span class="p">),</span>
</span></span><span class="line"><span class="cl"> <span class="nx">strings</span><span class="p">.</span><span class="nf">NewReader</span><span class="p">(</span><span class="nx">openpgpStr</span><span class="p">),</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">fmt</span><span class="p">.</span><span class="nf">Fprintf</span><span class="p">(</span><span class="nx">os</span><span class="p">.</span><span class="nx">Stderr</span><span class="p">,</span> <span class="s">"%+v"</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="nx">res</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">p</span><span class="p">.</span><span class="nf">Parse</span><span class="p">()</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">fmt</span><span class="p">.</span><span class="nf">Fprintf</span><span class="p">(</span><span class="nx">os</span><span class="p">.</span><span class="nx">Stderr</span><span class="p">,</span> <span class="s">"%+v"</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="nx">fmt</span><span class="p">.</span><span class="nf">Println</span><span class="p">(</span><span class="nx">res</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div><p>これを実行すると以下のような出力を得られる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ go run sample.go
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (94 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Signature of a canonical text document (0x01)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: ECDSA public key algorithm (pub 19)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-256 (hash 8)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (6 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2015-01-24T02:52:15Z
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0x31fbfda95fbbfa18
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> 36 1f
</span></span><span class="line"><span class="cl"> ECDSA value r (256 bits)
</span></span><span class="line"><span class="cl"> ECDSA value s (252 bits)
</span></span></code></pre></div><p><code>context.New()</code> 関数で CLI 版と同等のオプションを設定できる。
<code>context.New()</code> 関数の引数として <code>context.Set()</code> 関数を0個以上複数指定できる。
指定可能なオプションは以下の通り。</p>
<table>
<thead>
<tr>
<th>オプション</th>
<th style="text-align:center">既定値</th>
<th>対応する CLI オプション</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>context.ARMOR</code></td>
<td style="text-align:center">false</td>
<td><code>armor</code></td>
</tr>
<tr>
<td><code>context.CERT</code></td>
<td style="text-align:center">false</td>
<td><code>cert</code></td>
</tr>
<tr>
<td><code>context.INTEGER</code></td>
<td style="text-align:center">false</td>
<td><code>int</code></td>
</tr>
<tr>
<td><code>context.LITERAL</code></td>
<td style="text-align:center">false</td>
<td><code>literal</code></td>
</tr>
<tr>
<td><code>context.MARKER</code></td>
<td style="text-align:center">false</td>
<td><code>marker</code></td>
</tr>
<tr>
<td><code>context.PRIVATE</code></td>
<td style="text-align:center">false</td>
<td><code>private</code></td>
</tr>
<tr>
<td><code>context.UTC</code></td>
<td style="text-align:center">false</td>
<td><code>utc</code></td>
</tr>
<tr>
<td><code>context.DEBUG</code></td>
<td style="text-align:center">false</td>
<td><code>debug</code></td>
</tr>
</tbody>
</table>
<p>詳しくはコードを見てね♡ ってことで(笑)</p>
<h2>【おまけ】 各 Shell 用の自動補完スクリプトを生成する</h2>
<p><a href="https://github.com/goark/gpgpdump" title="goark/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> では bash などの shell 用の自動補完スクリプトを生成できる。
対応している shell は bash, zsh, fish, PowerShell の4つ。
自動補完の設定方法は</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump completion -h
</span></span></code></pre></div><p>で表示されるヘルプを見ていただくとして,ここでは Linux の bash について紹介する。</p>
<p>Bash 用の自動補完スクリプト自体は以下のコマンドで標準出力に出力される。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump completion bash
</span></span></code></pre></div><p>ユーザごとに仕込むのであれば</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ source <(gpgpdump completion bash)
</span></span></code></pre></div><p>でOK。</p>
<p>システム全体として設定するのであれば以下のディレクトリのいずれかにスクリプトを放りこむ(後者がオススメ)。</p>
<ul>
<li><code>/etc/bash_completion.d/</code></li>
<li><code>/usr/share/bash-completion/completions/</code></li>
</ul>
<p>コマンドラインで書くとこんな感じ。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">sudo sh -c "gpgpdump completion bash > /usr/share/bash-completion/completions/gpgpdump"
</span></span></code></pre></div><p>これでログインし直せば有効になっているはずである。
たとえば</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump
</span></span></code></pre></div><p>の状態で [<code>TAB</code>] キーを2回押下すれば</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump [TAB][TAB]
</span></span><span class="line"><span class="cl">completion fetch github help hkp version
</span></span></code></pre></div><p>と利用可能なサブコマンドを列挙してくれる。
また</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump -
</span></span></code></pre></div><p>とハイフンのみ入力した状態で [<code>TAB</code>] キーを2回押下すれば</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump -[TAB][TAB]
</span></span><span class="line"><span class="cl">--armor --file= --literal -a -l
</span></span><span class="line"><span class="cl">--cert --indent --marker -c -m
</span></span><span class="line"><span class="cl">--clipboard --indent= --private -f -p
</span></span><span class="line"><span class="cl">--debug --int --utc -i -u
</span></span><span class="line"><span class="cl">--file --json --version -j -v
</span></span></code></pre></div><p>てな感じに使えるオプションを表示してくれる。
便利!</p>
<h2>ブックマーク</h2>
<ul>
<li><a href="https://text.baldanders.info/openpgp/">OpenPGP の実装</a></li>
<li><a href="https://zenn.dev/spiegel/articles/20201014-openpgp-pubkey-in-github">GitHub に登録した OpenPGP 公開鍵を取り出す</a></li>
</ul>
<h2>参考図書</h2>
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51ZRZ62WKCL._SL160_.jpg" width="108" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号化 プライバシーを救った反乱者たち</a></dt>
<dd>スティーブン・レビー (著), 斉藤 隆央 (翻訳)</dd>
<dd>紀伊國屋書店 2002-02-16</dd>
<dd>単行本</dd>
<dd>4314009071 (ASIN), 9784314009072 (EAN), 4314009071 (ISBN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">20世紀末,暗号技術の世界で何があったのか。知りたかったらこちらを読むべし!</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-03-09">2015-03-09</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号化 プライバシーを救った反乱者たち -->
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51t6yHHVwEL._SL160_.jpg" width="113" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号技術入門 第3版 秘密の国のアリス</a></dt>
<dd>結城 浩 (著)</dd>
<dd>SBクリエイティブ 2015-08-25 (Release 2015-09-17)</dd>
<dd>Kindle版</dd>
<dd>B015643CPE (ASIN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">SHA-3 や Bitcoin/Blockchain など新しい知見や技術要素を大幅追加。暗号技術を使うだけならこれ1冊でとりあえず無問題。</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-09-20">2015-09-20</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号技術入門 第3版 -->
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/B099928SJD?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/416Stewy0NS._SL160_.jpg" width="123" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/B099928SJD?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">プログラミング言語Go</a></dt>
<dd>アラン・ドノバン (著), ブライアン・カーニハン (著), 柴田芳樹 (著)</dd>
<dd>丸善出版 2016-06-20 (Release 2021-07-13)</dd>
<dd>Kindle版</dd>
<dd>B099928SJD (ASIN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">Kindle 版出た! 一部内容が古びてしまったが,この本は Go 言語の教科書と言ってもいいだろう。感想は<a href="https://text.baldanders.info/remark/2016/07/go-programming-language/" >こちら</a>。</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2021-05-22">2021-05-22</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- プログラミング言語Go -->
<div class="footnotes" role="doc-endnotes">
<hr>
<ol>
<li id="fn:1">
<p><a href="https://stedolan.github.io/jq/">jq</a> は JSON 整形コマンドで,データ構造の一部を抽出することもできる。 <a href="#fnref:1" class="footnote-backref" role="doc-backlink">↩︎</a></p>
</li>
</ol>
</div>
OpenPGP 公開鍵サーバにおける公開鍵の汚染問題
tag:text.Baldanders.info,2019-07-05:/remark/2019/07/openpgp-certificate-flooding/
2019-07-05T14:46:33+00:00
2020-11-29T04:13:22+00:00
新しい OpenPGP 公開鍵サーバや Autocrypt について調査したほうがいいかしらん。
Spiegel
https://baldanders.info/profile/
<p>7pay のセキュリティ事故があまりにバカすぎるのでブログネタにしてやろうかと思っていたが,個人的にもっと重大な案件が出てきたので,先にこちらの話を書くことにする。</p>
<ul>
<li><a href="https://japan.zdnet.com/article/35139514/">PGPのSKSキーサーバーネットワークへの証明書ポイズニング–攻撃を受け開発者らが警鐘 - ZDNet Japan</a></li>
</ul>
<p>かなりヤバいというか「ついにやっちゃったか」って感じの話なのだが,記事の後半に書かれている</p>
<figure>
<blockquote>
<q>キーサーバーはPGPと、PGPプロトコルにおけるユーザー認証の要となるコンポーネントだ</q>
</blockquote>
<figcaption><div><q><a href="https://japan.zdnet.com/article/35139514/">PGPのSKSキーサーバーネットワークへの証明書ポイズニング--攻撃を受け開発者らが警鐘</a></q>より</div></figcaption>
</figure>
<p>というのはかなり言い過ぎである。</p>
<p>というのも,そもそも <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> の元祖である <a href="https://tools.ietf.org/html/rfc1991" title="RFC 1991 - PGP Message Exchange Formats">PGP</a> は必ずしも公開鍵サーバを要件としていたわけではなく(<a href="https://www.amazon.co.jp/exec/obidos/ASIN/4900900028/baldandersinf-22/">PGP 本</a>を読めば分かるが,当時はフロッピー運用とか当たり前の時代だった),後継である <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> においてもそのコンセプトが踏襲されているからだ。
<a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> の信用モデル(web of trust; 信用の輪)については拙文ながら以下を参考にしてほしい。</p>
<ul>
<li><a href="https://text.baldanders.info/openpgp/openpgp-key-management/">OpenPGP 鍵管理に関する考察</a></li>
</ul>
<p>この信用モデルの下では</p>
<ul>
<li>多くの電子署名が集まっていること</li>
<li>同じ鍵が永続的に使われ続けていること</li>
</ul>
<p>が鍵の信用を高める条件となっている<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>。
<a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバにおいて鍵や署名の追記しかできないのにはちゃんと理由があるのだ。</p>
<p>とは言え <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバが鍵運用において大きなウエイトを占めているのは間違いないことで,鍵の所有者が(電子署名や鍵そのものの削除を含めて)制御できないというのはちょっと,いやだいぶ困った事態となっているのも確かである。</p>
<p>たとえば APT などのパッケージ管理ツールでは,パッケージへの電子署名に <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵を使うが,鍵のインポートの際に公開鍵サーバを利用するようだ。</p>
<p>この前紹介した <a href="https://text.baldanders.info/remark/2019/04/mono-in-ubuntu/" title="Ubuntu に Mono を導入する
">Mono のインストール</a>でも</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
</span></span></code></pre></div><p>といった感じで鍵サーバから公開鍵をインポートしている<sup id="fnref:2"><a href="#fn:2" class="footnote-ref" role="doc-noteref">2</a></sup>。</p>
<p>なので,鍵サーバに登録されている公開鍵が汚染されている(可能性がある)というのは拙いのである。</p>
<h2>回避策1: <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバを使わない</h2>
<p>今回のリスクを確実に回避したいのであれば <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバを使わないのが手っ取り早い。
以下のように,いったんテキストデータとして吐き出して</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpg -a --export alice@example.com
</span></span><span class="line"><span class="cl">-----BEGIN PGP PUBLIC KEY BLOCK-----
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">mQENBFofiskBCADjUvPHA3PNscg0K74/Uwxj46+oLsyIy7fYIp/4C4dHejcbbPjx
</span></span><span class="line"><span class="cl">VFeic9wQ4aQFp3VKjYgONgQrRo/9p40Ei1+PtMAV7D6Oy6dxlV8zyCJcSf74ahpB
</span></span><span class="line"><span class="cl">B15GyA7v4uvTf0Py+Ujyt241ik0fXeLEuwt7p4SIbgJnQs1Fb+61wo8UcCFOLJO5
</span></span><span class="line"><span class="cl">An6HjXNgNs6fFoiTad+T4PfaTbRHLfFPkoqmDUKWy40hjWl+Ui0QborXH+PUeUm9
</span></span><span class="line"><span class="cl">vgHbqZzS0QRDGI7rO9AeJ6LweBkP1A2qbDLyexS/F+WUEcY0b76IQM5XH0txwnnl
</span></span><span class="line"><span class="cl">uCPYcQfIGWce3US1GWJhChF9s/bMGVXOEJbvABEBAAG0GUFsaWNlIDxhbGljZUBl
</span></span><span class="line"><span class="cl">eGFtcGxlLmNvbT6JAVQEEwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AW
</span></span><span class="line"><span class="cl">IQR5/SuZ88YtLTuFC7yTs1CUdYINXQUCWh+LMAUJA8JnZwAKCRCTs1CUdYINXcKT
</span></span><span class="line"><span class="cl">B/4tLFaPRe289GcX91yLJ/yPS0JvvJKyZzjpNqLbKHuQHPEqGromMGlP4LcaGdFL
</span></span><span class="line"><span class="cl">rVZ36W3kVk+75q8JFkld0eRS22vftjz6lA9lyb3W9lU1CayF5s3IsC/Ehj55uaHc
</span></span><span class="line"><span class="cl">OHnp6rl7zEeIdvca6yV0gwySs3j9VPHy58zNrpN/clHoB4Zozy6vCXFMShyLc/wF
</span></span><span class="line"><span class="cl">brPySf/5LP/642Uro92M2lbkIvZpDhZCVG7s7Ilz3BzsTTNMPkPd5yvdGa5lHQzK
</span></span><span class="line"><span class="cl">OmXHaxydOYbEWBgqRGqzEIIoLbEd8KHxJVIVDfcAQCjSWRUjAUSDLpBokGsKoQfp
</span></span><span class="line"><span class="cl">41NjWwjkIsfyJ2tDUeRPGYRbuQENBFofiskBCACzyYfIB+/ZwJBJXw7WMDlEKdnz
</span></span><span class="line"><span class="cl">L4abwVpw9rBGAWGXjaC/cu7l0svNilXyTgZNq4uKddJ6aYjs7of0SaBl20I8aj5G
</span></span><span class="line"><span class="cl">nbw0pG+KkoYhfpZaAZc+bcb+6SprSbAsRhrZ810XNIBUMa8XWsUDn1uv70vGBWBv
</span></span><span class="line"><span class="cl">keKZZ7FJ4kuQe0nTONmvQ4EwFekV+IXT5LwdgmPWF0QR7cO8jqeb6psHYauktuzZ
</span></span><span class="line"><span class="cl">2ul4nMLmLLf/m4DwiCAbEdToBXqRA30KshtgBYYQwL1YkWYgknnAdhHyeu6ybJvv
</span></span><span class="line"><span class="cl">Y57JYzotjFOlnFhtcGITESEWv+pnj0RJUUrlVwLkJhUOKMwL+sbhw0s5+m27ABEB
</span></span><span class="line"><span class="cl">AAGJATwEGAEIACYCGwwWIQR5/SuZ88YtLTuFC7yTs1CUdYINXQUCWh+LhAUJA8Jn
</span></span><span class="line"><span class="cl">uwAKCRCTs1CUdYINXXuvB/9IKK3SLgJ6lOc2Vq73rGYsrDqfjYt5rCDXhjIaFRE7
</span></span><span class="line"><span class="cl">LYmFJcGL5CHJTae438XtAixa+mu6PYG28eknjZs58Cx/bSj9uS6NiLAPCgyTAtvg
</span></span><span class="line"><span class="cl">ao6usECOm9Y0xf2+ZcZ9Uji+wsCAFmxRC9je0yUErVyuyQRqzNtdqytnszoTzvb9
</span></span><span class="line"><span class="cl">iOP8sX/YNrjC83BtZ4Vg3fzAu8qvwbObgSbws5M8TBwIKd4WFTjOtSU6F8aioJ1g
</span></span><span class="line"><span class="cl">mpfd8KGljHkzC0oG8l8fZiTNYqkIMbfyfPpVwsSqsysLKofifFT+mNs79DJdqNFO
</span></span><span class="line"><span class="cl">HA2W4WzekYmWWmgK7J8kXHYkxUJA6VpSmNAKwUKqXbNV
</span></span><span class="line"><span class="cl">=hneF
</span></span><span class="line"><span class="cl">-----END PGP PUBLIC KEY BLOCK-----
</span></span></code></pre></div><p>このテキストデータで運用すればいいのだ。</p>
<p>たとえば私の公開鍵は<a href="https://baldanders.info/pubkeys/" title="OpenPGP 公開鍵リスト | Baldanders.info">本家サイトで公開している</a>が</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpg --fetch-keys https://baldanders.info/pubkeys/spiegel.asc
</span></span></code></pre></div><p>とすれば簡単に鍵束にインポートできる。</p>
<!--
メールの暗号化や署名検証については [Autocrypt] のような仕組みを使えば鍵サーバを経由せずに鍵のやりとりができるらしい(実はよく知らない)。
ちなみに Thunderbird の [Enigmail] は [Autocrypt] に対応している。
[Autocrypt] についてはちゃんと調べていつか記事にする予定である。
-->
<h2>回避策2: <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバ上の公開鍵をいきなりインポートしない</h2>
<p>APT のように <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバを使った鍵運用が必須の場合でも,いきなり鍵束にインポートするのではなく,事前に公開鍵をチェックして問題がないか調べたほうがよさそうである。</p>
<p>公開鍵をチェックするのであれば <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> か(手前味噌でナニだが)その <a href="https://golang.org/" title="The Go Programming Language">Go 言語</a>版である <a href="https://github.com/spiegel-im-spiegel/gpgpdump" title="spiegel-im-spiegel/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> を使うことをオススメする。</p>
<p>先ほどの</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
</span></span></code></pre></div><p>であれば</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ wget -O - "http://keyserver.ubuntu.com/pks/lookup?search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF&op=get"
</span></span></code></pre></div><p>などとすればとすれば Armor テキストでダウンロードできる。
汚染されている公開鍵であればかなり巨大になっているだろうから,ある程度の判断はできそうである。</p>
<h3>【追記 2019-07-06】 <a href="https://github.com/spiegel-im-spiegel/gpgpdump" title="spiegel-im-spiegel/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> に HKP アクセスモードを追加した</h3>
<p><a href="https://github.com/spiegel-im-spiegel/gpgpdump" title="spiegel-im-spiegel/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> の v0.6.0 をリリースしたが,このバージョンから HKP アクセスモードを追加した。</p>
<ul>
<li><a href="https://text.baldanders.info/release/2019/07/gpgpdump-v0_6_0-is-released/">gpgpdump v0.6.0 をリリースした</a></li>
</ul>
<p>この機能を使えば</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ gpgpdump hkp --keyserver keyserver.ubuntu.com --port 80 0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF -u
</span></span><span class="line"><span class="cl">Public-Key Packet (tag 6) (269 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Public key creation time: 2014-08-04T15:35:03Z
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> RSA public modulus n (2048 bits)
</span></span><span class="line"><span class="cl"> RSA public encryption exponent e (17 bits)
</span></span><span class="line"><span class="cl">User ID Packet (tag 13) (58 bytes)
</span></span><span class="line"><span class="cl"> User ID: Xamarin Public Jenkins (auto-signing) <releng@xamarin.com>
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (312 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Positive certification of a User ID and Public-Key packet (0x13)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA-1 (hash 2)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (34 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2014-08-04T15:35:03Z
</span></span><span class="line"><span class="cl"> Key Flags (sub 27) (1 bytes)
</span></span><span class="line"><span class="cl"> Flag: This key may be used to certify other keys.
</span></span><span class="line"><span class="cl"> Flag: This key may be used to sign data.
</span></span><span class="line"><span class="cl"> Preferred Symmetric Algorithms (sub 11) (5 bytes)
</span></span><span class="line"><span class="cl"> Symmetric Algorithm: AES with 256-bit key (sym 9)
</span></span><span class="line"><span class="cl"> Symmetric Algorithm: AES with 192-bit key (sym 8)
</span></span><span class="line"><span class="cl"> Symmetric Algorithm: AES with 128-bit key (sym 7)
</span></span><span class="line"><span class="cl"> Symmetric Algorithm: CAST5 (128 bit key, as per) (sym 3)
</span></span><span class="line"><span class="cl"> Symmetric Algorithm: TripleDES (168 bit key derived from 192) (sym 2)
</span></span><span class="line"><span class="cl"> Preferred Hash Algorithms (sub 21) (5 bytes)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-256 (hash 8)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA-1 (hash 2)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-384 (hash 9)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-512 (hash 10)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-224 (hash 11)
</span></span><span class="line"><span class="cl"> Preferred Compression Algorithms (sub 22) (3 bytes)
</span></span><span class="line"><span class="cl"> Compression Algorithm: ZLIB <RFC1950> (comp 2)
</span></span><span class="line"><span class="cl"> Compression Algorithm: BZip2 (comp 3)
</span></span><span class="line"><span class="cl"> Compression Algorithm: ZIP <RFC1951> (comp 1)
</span></span><span class="line"><span class="cl"> Features (sub 30) (1 bytes)
</span></span><span class="line"><span class="cl"> Flag: Modification Detection (packets 18 and 19)
</span></span><span class="line"><span class="cl"> Key Server Preferences (sub 23) (1 bytes)
</span></span><span class="line"><span class="cl"> Flag: No-modify
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0xa6a19b38d3d831ef
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> 90 e8
</span></span><span class="line"><span class="cl"> RSA signature value m^d mod n (2047 bits)
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (284 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Generic certification of a User ID and Public-Key packet (0x10)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA-1 (hash 2)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (6 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2014-09-04T15:26:28Z
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0xc90f9cb90e1fad0c
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> 9c d7
</span></span><span class="line"><span class="cl"> RSA signature value m^d mod n (2046 bits)
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (284 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Generic certification of a User ID and Public-Key packet (0x10)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA2-256 (hash 8)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (6 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2016-12-11T01:14:48Z
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0x01150a655bbd8102
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> 7f cf
</span></span><span class="line"><span class="cl"> RSA signature value m^d mod n (2048 bits)
</span></span><span class="line"><span class="cl">Public-Subkey Packet (tag 14) (269 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Public key creation time: 2014-08-04T15:35:03Z
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> RSA public modulus n (2048 bits)
</span></span><span class="line"><span class="cl"> RSA public encryption exponent e (17 bits)
</span></span><span class="line"><span class="cl">Signature Packet (tag 2) (287 bytes)
</span></span><span class="line"><span class="cl"> Version: 4 (current)
</span></span><span class="line"><span class="cl"> Signiture Type: Subkey Binding Signature (0x18)
</span></span><span class="line"><span class="cl"> Public-key Algorithm: RSA (Encrypt or Sign) (pub 1)
</span></span><span class="line"><span class="cl"> Hash Algorithm: SHA-1 (hash 2)
</span></span><span class="line"><span class="cl"> Hashed Subpacket (9 bytes)
</span></span><span class="line"><span class="cl"> Signature Creation Time (sub 2): 2014-08-04T15:35:03Z
</span></span><span class="line"><span class="cl"> Key Flags (sub 27) (1 bytes)
</span></span><span class="line"><span class="cl"> Flag: This key may be used to encrypt communications.
</span></span><span class="line"><span class="cl"> Flag: This key may be used to encrypt storage.
</span></span><span class="line"><span class="cl"> Unhashed Subpacket (10 bytes)
</span></span><span class="line"><span class="cl"> Issuer (sub 16): 0xa6a19b38d3d831ef
</span></span><span class="line"><span class="cl"> Hash left 2 bytes
</span></span><span class="line"><span class="cl"> ac 35
</span></span><span class="line"><span class="cl"> RSA signature value m^d mod n (2048 bits)
</span></span></code></pre></div><p>といった感じに <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバ上の公開鍵を直接検査できる。
これなら最悪でも <a href="https://github.com/spiegel-im-spiegel/gpgpdump" title="spiegel-im-spiegel/gpgpdump: OpenPGP packet visualizer">gpgpdump</a> がコケるだけなので <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> の鍵束にはダメージがいかないだろう。</p>
<h2>回避策3: <a href="https://gnupg.org/" title="The GNU Privacy Guard">GnuPG</a> 2.2.17 以降を使って電子署名のインポートを拒否する(2019-07-10 追記)</h2>
<p><a href="https://gnupg.org/" title="The GNU Privacy Guard">GnuPG</a> 2.2.17 から公開鍵サーバ上の公開鍵について付帯する電子署名を(自己署名を除いて)捨てることにしたようだ。</p>
<ul>
<li><a href="https://text.baldanders.info/release/2019/07/gnupg-2_2_17-is-released/">GnuPG 2.2.17 リリース: 公開鍵サーバ・アクセスに関する過激な変更あり</a></li>
</ul>
<p>これなら最悪は免れるかな。
公開鍵の管理の仕方が大幅に変わるかもしれないけど。</p>
<h2>新しい keys.openpgp.org を使う</h2>
<p>今後の話になるだろうが,新しい <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵サーバが登場したので,公開鍵の運用をそちらに移行する手もある。</p>
<ul>
<li><a href="https://text.baldanders.info/remark/2019/06/launching-a-new-openpgp-key-server/">新しい OpenPGP 鍵サーバが Launch したらしい</a></li>
</ul>
<p>「まだベータ運用だし,しばらくは様子見かなぁ」と思っていたが,ちょっと前倒しして調査したほうがいいかしらん。</p>
<!-- 先ほどの [Autocrypt] の調査も併せて色々調べてみるつもりである。 -->
<h2>ブックマーク</h2>
<ul>
<li>
<p><a href="https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem">Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem - VICE</a></p>
</li>
<li>
<p><a href="https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f">SKS Keyserver Network Under Attack · GitHub</a></p>
</li>
<li>
<p><a href="https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html">dkg’s blog - OpenPGP Certificate Flooding</a></p>
</li>
<li>
<p><a href="https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html">Impact of SKS keyserver poisoning on Gentoo – Gentoo Linux</a></p>
</li>
<li>
<p><a href="https://text.baldanders.info/openpgp/gnupg-cheat-sheet/">GnuPG チートシート(鍵作成から失効まで)</a></p>
</li>
</ul>
<h2>参考図書</h2>
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/4900900028?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/5132396FFQL._SL160_.jpg" width="124" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/4900900028?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">PGP―暗号メールと電子署名</a></dt>
<dd>シムソン ガーフィンケル (著), Garfinkel,Simson (原著), ユニテック (翻訳)</dd>
<dd>オライリー・ジャパン 1996-04-01</dd>
<dd>単行本</dd>
<dd>4900900028 (ASIN), 9784900900028 (EAN), 4900900028 (ISBN)</dd>
<dd>評価<abbr class="rating fa-sm" title="3"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="far fa-star"></i> <i class="far fa-star"></i></abbr></dd>
</dl>
<p class="description">良書なのだが,残念ながら内容が古すぎた。 PGP の歴史資料として読むならいいかもしれない。</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2014-10-16">2014-10-16</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- PGP―暗号メールと電子署名 -->
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51t6yHHVwEL._SL160_.jpg" width="113" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/B015643CPE?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号技術入門 第3版 秘密の国のアリス</a></dt>
<dd>結城 浩 (著)</dd>
<dd>SBクリエイティブ 2015-08-25 (Release 2015-09-17)</dd>
<dd>Kindle版</dd>
<dd>B015643CPE (ASIN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">SHA-3 や Bitcoin/Blockchain など新しい知見や技術要素を大幅追加。暗号技術を使うだけならこれ1冊でとりあえず無問題。</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-09-20">2015-09-20</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号技術入門 第3版 -->
<div class="hreview">
<div class="photo"><a href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1"><img src="https://m.media-amazon.com/images/I/51ZRZ62WKCL._SL160_.jpg" width="108" alt="photo"></a></div>
<dl>
<dt class="item"><a class="fn url" href="https://www.amazon.co.jp/dp/4314009071?tag=baldandersinf-22&linkCode=ogi&th=1&psc=1">暗号化 プライバシーを救った反乱者たち</a></dt>
<dd>スティーブン・レビー (著), 斉藤 隆央 (翻訳)</dd>
<dd>紀伊國屋書店 2002-02-16</dd>
<dd>単行本</dd>
<dd>4314009071 (ASIN), 9784314009072 (EAN), 4314009071 (ISBN)</dd>
<dd>評価<abbr class="rating fa-sm" title="5"> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i> <i class="fas fa-star"></i></abbr></dd>
</dl>
<p class="description">20世紀末,暗号技術の世界で何があったのか。知りたかったらこちらを読むべし!</p>
<p class="powered-by">reviewed by <a href='#maker' class='reviewer'>Spiegel</a> on <abbr class="dtreviewed" title="2015-03-09">2015-03-09</abbr> (powered by <a href="https://affiliate.amazon.co.jp/assoc_credentials/home">PA-APIv5</a>)</p>
</div> <!-- 暗号化 プライバシーを救った反乱者たち -->
<div class="footnotes" role="doc-endnotes">
<hr>
<ol>
<li id="fn:1">
<p>そういう意味で <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> 公開鍵への電子署名は厳密な「証明(certification)」というよりは小切手の裏書きのようなものを連想してもらうのがいいだろう。つまり今回の「公開鍵の汚染問題」は「裏書き spam」と考えると分かりやすい。 <a href="#fnref:1" class="footnote-backref" role="doc-backlink">↩︎</a></p>
</li>
<li id="fn:2">
<p>ちなみに <code>--keyserver</code> とか <code>--recv-keys</code> とかは <a href="https://gnupg.org/" title="The GNU Privacy Guard">GnuPG</a> のオプションである。おそらくこれらのオプションをそのまま <a href="https://gnupg.org/" title="The GNU Privacy Guard">GnuPG</a> に引き渡しているのだろう。 <a href="#fnref:2" class="footnote-backref" role="doc-backlink">↩︎</a></p>
</li>
</ol>
</div>
pgpdump 0.33 がリリース
tag:text.Baldanders.info,2018-05-07:/release/2018/05/pgpdump-v0.33-is-released/
2018-05-07T13:49:18+00:00
2021-12-11T12:51:08+00:00
例によってソースコードのみのリリースだが Windows 用にコンパイルしたものを用意した。
Spiegel
https://baldanders.info/profile/
<p><a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> は山本和彦さんによる <a href="http://openpgp.org/">OpenPGP</a> パケットの<a href="http://www.mew.org/~kazu/proj/pgpdump/ja/">視覚化ツール</a>である。</p>
<p>v0.33 での変更点を <a href="https://text.baldanders.info/remark/2018/03/git-log/" title="バージョン間のコミット・ログを取得する">git のログからさらう</a>とこんな感じ。</p>
<ul>
<li>Make the haskell test driver use UTC. 6118d4a</li>
<li>Convert tests to UTC so they work in not-JST locales. c03c140</li>
<li>Add simple shell test harness without massive haskell dependencies. 2acddc6</li>
<li>Updated public key algorithms 66ee31c</li>
</ul>
<p>楕円曲線暗号に一部対応しているようだ。
あとはテスト周りかな。</p>
<p>例によってソースコードのみのリリースだが,こちらで Windows 用にコンパイルしたものを置いている。</p>
<ul>
<li><a href="https://baldanders.info/spiegel/pgpdump/">pgpdump (patched version) — Baldanders.info</a></li>
</ul>
<p>とりあえず暗号アルゴリズムの名前だけ表示できるようにしたって感じだが,作者の方は既に Haskell の人なので積極的にメンテナンスする気はないんだろうな。</p>
<h2>ブックマーク</h2>
<ul>
<li><a href="https://text.baldanders.info/remark/2016/03/gcc-msys2-3/">MSYS2 による gcc 開発環境の構築 ― pgpdump をビルドする</a></li>
<li><a href="https://text.baldanders.info/remark/2017/11/gpgpdump-0_3_0-released/">gpgpdump 0.3.0 をリリースした</a></li>
</ul>
MSYS2 による gcc 開発環境の構築 ― pgpdump をビルドする
tag:text.Baldanders.info,2016-03-01:/remark/2016/03/gcc-msys2-3/
2016-03-01T13:02:47+00:00
2019-07-01T13:48:09+00:00
前回で gcc を導入できたので,実際にビルドを試してみる。今回はターゲットとして pgpdump を用いる。
Spiegel
https://baldanders.info/profile/
<ol>
<li><a href="https://text.baldanders.info/remark/2016/03/gcc-msys2-1/">MSYS2 のインストールから初期化処理まで</a></li>
<li><a href="https://text.baldanders.info/remark/2016/03/gcc-msys2-2/">gcc パッケージ群の導入</a></li>
<li><a href="https://text.baldanders.info/remark/2016/03/gcc-msys2-3/">pgpdump をビルドする</a> (← イマココ)</li>
</ol>
<p><a href="https://text.baldanders.info/remark/2016/03/gcc-msys2-2/" title="MSYS2 による gcc 開発環境の構築 ― gcc パッケージ群の導入">前回</a>で gcc を導入できたので,実際にビルドを試してみる。
今回はターゲットとして <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> を用いる。</p>
<h2>pgpdump</h2>
<p><a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> は山本和彦さんによる <a href="http://tools.ietf.org/html/rfc4880" title="RFC 4880 - OpenPGP Message Format">OpenPGP</a> パケットの<a href="http://www.mew.org/~kazu/proj/pgpdump/ja/">視覚化ツール</a>。
ソースコードは <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">GitHub で公開</a>されているが, UNIX 系のプラットフォームを前提に作られているため <a href="http://msys2.github.io/" title="MSYS2 installer">MSYS2</a> 上でビルドを行う。</p>
<p>まずは <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> のソースコードをダウンロードする。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ git clone https://github.com/kazu-yamamoto/pgpdump.git
</span></span><span class="line"><span class="cl">Cloning into 'pgpdump'...
</span></span><span class="line"><span class="cl">remote: Counting objects: 492, done.
</span></span><span class="line"><span class="cl">Receiving objects: 59% (291remote: Total 492 (delta 0), reused 0 (delta 0), pack-reused 492 92
</span></span><span class="line"><span class="cl">Receiving objects: 100% (492/492), 180.29 KiB | 0 bytes/s, done.
</span></span><span class="line"><span class="cl">Resolving deltas: 100% (320/320), done.
</span></span><span class="line"><span class="cl">Checking connectivity... done.
</span></span></code></pre></div><h2>32bit 版のビルド</h2>
<p><a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> のビルド手順は <code>configure</code> を実行した後 make を実行する<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>。
まずは何も考えずに <code>configure</code> の実行してみる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ cd pgpdump/
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ ./configure
</span></span><span class="line"><span class="cl">checking for gcc... gcc
</span></span><span class="line"><span class="cl">checking whether the C compiler works... yes
</span></span><span class="line"><span class="cl">checking for C compiler default output file name... a.exe
</span></span><span class="line"><span class="cl">checking for suffix of executables... .exe
</span></span><span class="line"><span class="cl">checking whether we are cross compiling... no
</span></span><span class="line"><span class="cl">checking for suffix of object files... o
</span></span><span class="line"><span class="cl">checking whether we are using the GNU C compiler... yes
</span></span><span class="line"><span class="cl">checking whether gcc accepts -g... yes
</span></span><span class="line"><span class="cl">checking for gcc option to accept ISO C89... none needed
</span></span><span class="line"><span class="cl">checking for inflate in -lz... yes
</span></span><span class="line"><span class="cl">checking for BZ2_bzBuffToBuffDecompress in -lbz2... yes
</span></span><span class="line"><span class="cl">checking how to run the C preprocessor... gcc -E
</span></span><span class="line"><span class="cl">checking for grep that handles long lines and -e... /usr/bin/grep
</span></span><span class="line"><span class="cl">checking for egrep... /usr/bin/grep -E
</span></span><span class="line"><span class="cl">checking for ANSI C header files... yes
</span></span><span class="line"><span class="cl">checking for sys/types.h... yes
</span></span><span class="line"><span class="cl">checking for sys/stat.h... yes
</span></span><span class="line"><span class="cl">checking for stdlib.h... yes
</span></span><span class="line"><span class="cl">checking for string.h... yes
</span></span><span class="line"><span class="cl">checking for memory.h... yes
</span></span><span class="line"><span class="cl">checking for strings.h... yes
</span></span><span class="line"><span class="cl">checking for inttypes.h... yes
</span></span><span class="line"><span class="cl">checking for stdint.h... yes
</span></span><span class="line"><span class="cl">checking for unistd.h... yes
</span></span><span class="line"><span class="cl">checking for unistd.h... (cached) yes
</span></span><span class="line"><span class="cl">checking sys/time.h usability... yes
</span></span><span class="line"><span class="cl">checking sys/time.h presence... yes
</span></span><span class="line"><span class="cl">checking for sys/time.h... yes
</span></span><span class="line"><span class="cl">checking unixlib/local.h usability... no
</span></span><span class="line"><span class="cl">checking unixlib/local.h presence... no
</span></span><span class="line"><span class="cl">checking for unixlib/local.h... no
</span></span><span class="line"><span class="cl">checking whether time.h and sys/time.h may both be included... yes
</span></span><span class="line"><span class="cl">checking whether struct tm is in sys/time.h or time.h... time.h
</span></span><span class="line"><span class="cl">checking for struct tm.tm_zone... no
</span></span><span class="line"><span class="cl">checking whether tzname is declared... yes
</span></span><span class="line"><span class="cl">checking for tzname... yes
</span></span><span class="line"><span class="cl">configure: creating ./config.status
</span></span><span class="line"><span class="cl">config.status: creating Makefile
</span></span><span class="line"><span class="cl">config.status: WARNING: 'Makefile.in' seems to ignore the --datarootdir setting
</span></span><span class="line"><span class="cl">config.status: creating config.h
</span></span></code></pre></div><p><a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> ではパケット内の圧縮データを扱うため <code>libz</code> および <code>libbz2</code> が必要となるが,ちゃんと認識しているようだ。
これによって作成された <code>Makefile</code> がこれ。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-makefile" data-lang="makefile"><span class="line"><span class="cl"><span class="nv">prefix</span> <span class="o">=</span> /usr/local
</span></span><span class="line"><span class="cl"><span class="nv">exec_prefix</span> <span class="o">=</span> <span class="si">${</span><span class="nv">prefix</span><span class="si">}</span>
</span></span><span class="line"><span class="cl"><span class="nv">bindir</span> <span class="o">=</span> <span class="si">${</span><span class="nv">exec_prefix</span><span class="si">}</span>/bin
</span></span><span class="line"><span class="cl"><span class="nv">mandir</span> <span class="o">=</span> <span class="si">${</span><span class="nv">prefix</span><span class="si">}</span>/share/man
</span></span><span class="line"><span class="cl"><span class="nv">LIBS</span> <span class="o">=</span> -lbz2 -lz
</span></span><span class="line"><span class="cl"><span class="nv">CFLAGS</span> <span class="o">=</span> -g -O2 -O -Wall
</span></span><span class="line"><span class="cl"><span class="nv">LDFLAGS</span> <span class="o">=</span>
</span></span><span class="line"><span class="cl"><span class="nv">VERSION</span> <span class="o">=</span> <span class="sb">`</span>git tag <span class="p">|</span> tail -1 <span class="p">|</span> sed -e <span class="s1">'s/v//'</span><span class="sb">`</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">RM</span> <span class="o">=</span> rm -f
</span></span><span class="line"><span class="cl"><span class="nv">INSTALL</span> <span class="o">=</span> install
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">INCS</span> <span class="o">=</span> pgpdump.h
</span></span><span class="line"><span class="cl"><span class="nv">SRCS</span> <span class="o">=</span> pgpdump.c types.c tagfuncs.c packet.c subfunc.c signature.c keys.c <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> buffer.c uatfunc.c
</span></span><span class="line"><span class="cl"><span class="nv">OBJS</span> <span class="o">=</span> pgpdump.o types.o tagfuncs.o packet.o subfunc.o signature.o keys.o <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> buffer.o uatfunc.o
</span></span><span class="line"><span class="cl"><span class="nv">PROG</span> <span class="o">=</span> pgpdump
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">MAN</span> <span class="o">=</span> pgpdump.1
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">CNF</span> <span class="o">=</span> config.h config.status config.cache config.log
</span></span><span class="line"><span class="cl"><span class="nv">MKF</span> <span class="o">=</span> Makefile
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">.c.o</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>CC<span class="k">)</span> -c <span class="k">$(</span>CFLAGS<span class="k">)</span> $<
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">all</span><span class="o">:</span> <span class="k">$(</span><span class="nv">PROG</span><span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">$(PROG)</span><span class="o">:</span> <span class="k">$(</span><span class="nv">OBJS</span><span class="k">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>CC<span class="k">)</span> <span class="k">$(</span>CFLAGS<span class="k">)</span> -o <span class="k">$(</span>PROG<span class="k">)</span> <span class="k">$(</span>OBJS<span class="k">)</span> <span class="k">$(</span>LIBS<span class="k">)</span> <span class="k">$(</span>LDFLAGS<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">clean</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>RM<span class="k">)</span> <span class="k">$(</span>OBJS<span class="k">)</span> <span class="k">$(</span>PROG<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">distclean</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>RM<span class="k">)</span> <span class="k">$(</span>OBJS<span class="k">)</span> <span class="k">$(</span>PROG<span class="k">)</span> <span class="k">$(</span>CNF<span class="k">)</span> <span class="k">$(</span>MKF<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">install</span><span class="o">:</span> <span class="n">all</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -d <span class="k">$(</span>DESTDIR<span class="k">)$(</span>bindir<span class="k">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -cp -pm755 <span class="k">$(</span>PROG<span class="k">)</span> <span class="k">$(</span>DESTDIR<span class="k">)$(</span>bindir<span class="k">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -d <span class="k">$(</span>DESTDIR<span class="k">)$(</span>mandir<span class="k">)</span>/man1
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -cp -pm644 <span class="k">$(</span>MAN<span class="k">)</span> <span class="k">$(</span>DESTDIR<span class="k">)$(</span>mandir<span class="k">)</span>/man1
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">archive</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> git archive master -o ~/pgpdump-<span class="k">$(</span>VERSION<span class="k">)</span>.tar --prefix<span class="o">=</span>pgpdump-<span class="k">$(</span>VERSION<span class="k">)</span>/
</span></span><span class="line"><span class="cl"> gzip ~/pgpdump-<span class="k">$(</span>VERSION<span class="k">)</span>.tar
</span></span></code></pre></div><p>この時点での問題は以下のとおり。</p>
<ol>
<li><code>prefix</code> が <code>/usr/local</code> になっている。このままでもエラーにはならないが,今回は 32bit 版と 64bit 版を分けたいので <code>/mingw32</code> としたい</li>
<li>リンク時のオプション(<code>LDFLAGS</code>)に <code>-static</code> がないため,このままビルドすると DLL に依存する構成になってしまう</li>
</ol>
<p>これらについては <code>configure</code> に情報を渡せばよい。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ ./configure --prefix=/mingw32 LDFLAGS=-static
</span></span></code></pre></div><p>これで <code>Makefile</code> は以下のようになる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-makefile" data-lang="makefile"><span class="line"><span class="cl"><span class="nv">prefix</span> <span class="o">=</span> /mingw32
</span></span><span class="line"><span class="cl"><span class="nv">exec_prefix</span> <span class="o">=</span> <span class="si">${</span><span class="nv">prefix</span><span class="si">}</span>
</span></span><span class="line"><span class="cl"><span class="nv">bindir</span> <span class="o">=</span> <span class="si">${</span><span class="nv">exec_prefix</span><span class="si">}</span>/bin
</span></span><span class="line"><span class="cl"><span class="nv">mandir</span> <span class="o">=</span> <span class="si">${</span><span class="nv">prefix</span><span class="si">}</span>/share/man
</span></span><span class="line"><span class="cl"><span class="nv">LIBS</span> <span class="o">=</span> -lbz2 -lz
</span></span><span class="line"><span class="cl"><span class="nv">CFLAGS</span> <span class="o">=</span> -g -O2 -O -Wall
</span></span><span class="line"><span class="cl"><span class="nv">LDFLAGS</span> <span class="o">=</span> -static
</span></span><span class="line"><span class="cl"><span class="nv">VERSION</span> <span class="o">=</span> <span class="sb">`</span>git tag <span class="p">|</span> tail -1 <span class="p">|</span> sed -e <span class="s1">'s/v//'</span><span class="sb">`</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">RM</span> <span class="o">=</span> rm -f
</span></span><span class="line"><span class="cl"><span class="nv">INSTALL</span> <span class="o">=</span> install
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">INCS</span> <span class="o">=</span> pgpdump.h
</span></span><span class="line"><span class="cl"><span class="nv">SRCS</span> <span class="o">=</span> pgpdump.c types.c tagfuncs.c packet.c subfunc.c signature.c keys.c <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> buffer.c uatfunc.c
</span></span><span class="line"><span class="cl"><span class="nv">OBJS</span> <span class="o">=</span> pgpdump.o types.o tagfuncs.o packet.o subfunc.o signature.o keys.o <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> buffer.o uatfunc.o
</span></span><span class="line"><span class="cl"><span class="nv">PROG</span> <span class="o">=</span> pgpdump
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">MAN</span> <span class="o">=</span> pgpdump.1
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nv">CNF</span> <span class="o">=</span> config.h config.status config.cache config.log
</span></span><span class="line"><span class="cl"><span class="nv">MKF</span> <span class="o">=</span> Makefile
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">.c.o</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>CC<span class="k">)</span> -c <span class="k">$(</span>CFLAGS<span class="k">)</span> $<
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">all</span><span class="o">:</span> <span class="k">$(</span><span class="nv">PROG</span><span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">$(PROG)</span><span class="o">:</span> <span class="k">$(</span><span class="nv">OBJS</span><span class="k">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>CC<span class="k">)</span> <span class="k">$(</span>CFLAGS<span class="k">)</span> -o <span class="k">$(</span>PROG<span class="k">)</span> <span class="k">$(</span>OBJS<span class="k">)</span> <span class="k">$(</span>LIBS<span class="k">)</span> <span class="k">$(</span>LDFLAGS<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">clean</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>RM<span class="k">)</span> <span class="k">$(</span>OBJS<span class="k">)</span> <span class="k">$(</span>PROG<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">distclean</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>RM<span class="k">)</span> <span class="k">$(</span>OBJS<span class="k">)</span> <span class="k">$(</span>PROG<span class="k">)</span> <span class="k">$(</span>CNF<span class="k">)</span> <span class="k">$(</span>MKF<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">install</span><span class="o">:</span> <span class="n">all</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -d <span class="k">$(</span>DESTDIR<span class="k">)$(</span>bindir<span class="k">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -cp -pm755 <span class="k">$(</span>PROG<span class="k">)</span> <span class="k">$(</span>DESTDIR<span class="k">)$(</span>bindir<span class="k">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -d <span class="k">$(</span>DESTDIR<span class="k">)$(</span>mandir<span class="k">)</span>/man1
</span></span><span class="line"><span class="cl"> <span class="k">$(</span>INSTALL<span class="k">)</span> -cp -pm644 <span class="k">$(</span>MAN<span class="k">)</span> <span class="k">$(</span>DESTDIR<span class="k">)$(</span>mandir<span class="k">)</span>/man1
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nf">archive</span><span class="o">:</span>
</span></span><span class="line"><span class="cl"> git archive master -o ~/pgpdump-<span class="k">$(</span>VERSION<span class="k">)</span>.tar --prefix<span class="o">=</span>pgpdump-<span class="k">$(</span>VERSION<span class="k">)</span>/
</span></span><span class="line"><span class="cl"> gzip ~/pgpdump-<span class="k">$(</span>VERSION<span class="k">)</span>.tar
</span></span></code></pre></div><p>では make を実行しよう。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ make
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall pgpdump.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall types.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall tagfuncs.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall packet.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall subfunc.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall signature.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall keys.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall buffer.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall uatfunc.c
</span></span><span class="line"><span class="cl">cc -g -O2 -O -Wall -o pgpdump pgpdump.o types.o tagfuncs.o packet.o subfunc.o signature.o keys.o buffer.o uatfunc.o -lbz2 -lz -static
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ strip pgpdump.exe
</span></span></code></pre></div><p>できた実行ファイルをコマンドプロンプトから起動してみる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">C:>pgpdump.exe -v
</span></span><span class="line"><span class="cl">pgpdump.exe version 0.29, Copyright (C) 1998-2014 Kazu Yamamoto
</span></span></code></pre></div><p>うまくいったようである。</p>
<h2>64bit 版のビルド</h2>
<p>32bit 版で要領は分かったので一気に終わらせてしまおう。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">$ git clone https://github.com/kazu-yamamoto/pgpdump.git
</span></span><span class="line"><span class="cl">Cloning into 'pgpdump'...
</span></span><span class="line"><span class="cl">remote: Counting objects: 492, done.
</span></span><span class="line"><span class="cl">Receiving objects: 62% (306remote: Total 492 (delta 0), reused 0 (delta 0), pack-reused 492/92
</span></span><span class="line"><span class="cl">Receiving objects: 100% (492/492), 180.29 KiB | 0 bytes/s, done.
</span></span><span class="line"><span class="cl">Resolving deltas: 100% (320/320), done.
</span></span><span class="line"><span class="cl">Checking connectivity... done.
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ cd pgpdump/
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ ./configure --prefix=/mingw64 LDFLAGS=-static
</span></span><span class="line"><span class="cl">checking for gcc... gcc
</span></span><span class="line"><span class="cl">checking whether the C compiler works... yes
</span></span><span class="line"><span class="cl">checking for C compiler default output file name... a.exe
</span></span><span class="line"><span class="cl">checking for suffix of executables... .exe
</span></span><span class="line"><span class="cl">checking whether we are cross compiling... no
</span></span><span class="line"><span class="cl">checking for suffix of object files... o
</span></span><span class="line"><span class="cl">checking whether we are using the GNU C compiler... yes
</span></span><span class="line"><span class="cl">checking whether gcc accepts -g... yes
</span></span><span class="line"><span class="cl">checking for gcc option to accept ISO C89... none needed
</span></span><span class="line"><span class="cl">checking for inflate in -lz... yes
</span></span><span class="line"><span class="cl">checking for BZ2_bzBuffToBuffDecompress in -lbz2... yes
</span></span><span class="line"><span class="cl">checking how to run the C preprocessor... gcc -E
</span></span><span class="line"><span class="cl">checking for grep that handles long lines and -e... /usr/bin/grep
</span></span><span class="line"><span class="cl">checking for egrep... /usr/bin/grep -E
</span></span><span class="line"><span class="cl">checking for ANSI C header files... yes
</span></span><span class="line"><span class="cl">checking for sys/types.h... yes
</span></span><span class="line"><span class="cl">checking for sys/stat.h... yes
</span></span><span class="line"><span class="cl">checking for stdlib.h... yes
</span></span><span class="line"><span class="cl">checking for string.h... yes
</span></span><span class="line"><span class="cl">checking for memory.h... yes
</span></span><span class="line"><span class="cl">checking for strings.h... yes
</span></span><span class="line"><span class="cl">checking for inttypes.h... yes
</span></span><span class="line"><span class="cl">checking for stdint.h... yes
</span></span><span class="line"><span class="cl">checking for unistd.h... yes
</span></span><span class="line"><span class="cl">checking for unistd.h... (cached) yes
</span></span><span class="line"><span class="cl">checking sys/time.h usability... yes
</span></span><span class="line"><span class="cl">checking sys/time.h presence... yes
</span></span><span class="line"><span class="cl">checking for sys/time.h... yes
</span></span><span class="line"><span class="cl">checking unixlib/local.h usability... no
</span></span><span class="line"><span class="cl">checking unixlib/local.h presence... no
</span></span><span class="line"><span class="cl">checking for unixlib/local.h... no
</span></span><span class="line"><span class="cl">checking whether time.h and sys/time.h may both be included... yes
</span></span><span class="line"><span class="cl">checking whether struct tm is in sys/time.h or time.h... time.h
</span></span><span class="line"><span class="cl">checking for struct tm.tm_zone... no
</span></span><span class="line"><span class="cl">checking whether tzname is declared... yes
</span></span><span class="line"><span class="cl">checking for tzname... yes
</span></span><span class="line"><span class="cl">configure: creating ./config.status
</span></span><span class="line"><span class="cl">config.status: creating Makefile
</span></span><span class="line"><span class="cl">config.status: WARNING: 'Makefile.in' seems to ignore the --datarootdir setting
</span></span><span class="line"><span class="cl">config.status: creating config.h
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ make
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall pgpdump.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall types.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall tagfuncs.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall packet.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall subfunc.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall signature.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall keys.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall buffer.c
</span></span><span class="line"><span class="cl">cc -c -g -O2 -O -Wall uatfunc.c
</span></span><span class="line"><span class="cl">cc -g -O2 -O -Wall -o pgpdump pgpdump.o types.o tagfuncs.o packet.o subfunc.o signature.o keys.o buffer.o uatfunc.o -lbz2 -lz -static
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">$ strip pgpdump.exe
</span></span></code></pre></div><p>これもコマンドプロンプト上で起動してみる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">C:>pgpdump.exe -v
</span></span><span class="line"><span class="cl">pgpdump.exe version 0.29, Copyright (C) 1998-2014 Kazu Yamamoto
</span></span></code></pre></div><p>問題なし。</p>
<h2>動作確認</h2>
<p>実際にちゃんと動くかどうか <a href="https://www.jpcert.or.jp/jpcert-pgp.html" title="JPCERT コーディネーションセンター PGP公開鍵">JPCERT/CC の公開鍵</a>をを使って確認してみる。</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">C:>pgpdump.exe info-0x69ECE048.asc
</span></span><span class="line"><span class="cl">Old: Public Key Packet(tag 6)(269 bytes)
</span></span><span class="line"><span class="cl"> Ver 4 - new
</span></span><span class="line"><span class="cl"> Public key creation time - Tue Jun 02 14:43:57 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> RSA n(2048 bits) - ...
</span></span><span class="line"><span class="cl"> RSA e(17 bits) - ...
</span></span><span class="line"><span class="cl">Old: User ID Packet(tag 13)(29 bytes)
</span></span><span class="line"><span class="cl"> User ID - JPCERT/CC <info@jpcert.or.jp>
</span></span><span class="line"><span class="cl">Old: Signature Packet(tag 2)(316 bytes)
</span></span><span class="line"><span class="cl"> Ver 4 - new
</span></span><span class="line"><span class="cl"> Sig type - Generic certification of a User ID and Public Key packet(0x10).
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> Hash alg - SHA1(hash 2)
</span></span><span class="line"><span class="cl"> Hashed Sub: preferred symmetric algorithms(sub 11)(3 bytes)
</span></span><span class="line"><span class="cl"> Sym alg - AES with 256-bit key(sym 9)
</span></span><span class="line"><span class="cl"> Sym alg - CAST5(sym 3)
</span></span><span class="line"><span class="cl"> Sym alg - Triple-DES(sym 2)
</span></span><span class="line"><span class="cl"> Hashed Sub: key server preferences(sub 23)(4 bytes)
</span></span><span class="line"><span class="cl"> Flag - No-modify
</span></span><span class="line"><span class="cl"> Hashed Sub: key flags(sub 27)(4 bytes)
</span></span><span class="line"><span class="cl"> Flag - This key may be used to certify other keys
</span></span><span class="line"><span class="cl"> Flag - This key may be used to sign data
</span></span><span class="line"><span class="cl"> Flag - This key may be used to encrypt communications
</span></span><span class="line"><span class="cl"> Flag - This key may be used to encrypt storage
</span></span><span class="line"><span class="cl"> Flag - The private component of this key may be in the possession of more than one person
</span></span><span class="line"><span class="cl"> Hashed Sub: preferred compression algorithms(sub 22)(2 bytes)
</span></span><span class="line"><span class="cl"> Comp alg - ZLIB <RFC1950>(comp 2)
</span></span><span class="line"><span class="cl"> Comp alg - ZIP <RFC1951>(comp 1)
</span></span><span class="line"><span class="cl"> Hashed Sub: features(sub 30)(4 bytes)
</span></span><span class="line"><span class="cl"> Flag - Modification detection (packets 18 and 19)
</span></span><span class="line"><span class="cl"> Hashed Sub: preferred hash algorithms(sub 21)(3 bytes)
</span></span><span class="line"><span class="cl"> Hash alg - SHA256(hash 8)
</span></span><span class="line"><span class="cl"> Hash alg - SHA384(hash 9)
</span></span><span class="line"><span class="cl"> Hash alg - SHA512(hash 10)
</span></span><span class="line"><span class="cl"> Hashed Sub: signature creation time(sub 2)(4 bytes)
</span></span><span class="line"><span class="cl"> Time - Tue Jun 16 12:51:22 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Sub: issuer key ID(sub 16)(8 bytes)
</span></span><span class="line"><span class="cl"> Key ID - 0x317D97A469ECE048
</span></span><span class="line"><span class="cl"> Hash left 2 bytes - cd 79
</span></span><span class="line"><span class="cl"> RSA m^d mod n(2047 bits) - ...
</span></span><span class="line"><span class="cl"> -> PKCS-1
</span></span><span class="line"><span class="cl">Old: Signature Packet(tag 2)(277 bytes)
</span></span><span class="line"><span class="cl"> Ver 3 - old
</span></span><span class="line"><span class="cl"> Hash material(5 bytes):
</span></span><span class="line"><span class="cl"> Sig type - Generic certification of a User ID and Public Key packet(0x10).
</span></span><span class="line"><span class="cl"> Creation time - Tue Jun 02 14:43:57 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Key ID - 0xE7734FA60C7BDE12
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> Hash alg - SHA1(hash 2)
</span></span><span class="line"><span class="cl"> Hash left 2 bytes - e9 53
</span></span><span class="line"><span class="cl"> RSA m^d mod n(2047 bits) - ...
</span></span><span class="line"><span class="cl"> -> PKCS-1
</span></span><span class="line"><span class="cl">Old: Signature Packet(tag 2)(156 bytes)
</span></span><span class="line"><span class="cl"> Ver 4 - new
</span></span><span class="line"><span class="cl"> Sig type - Generic certification of a User ID and Public Key packet(0x10).
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> Hash alg - SHA1(hash 2)
</span></span><span class="line"><span class="cl"> Hashed Sub: signature creation time(sub 2)(4 bytes)
</span></span><span class="line"><span class="cl"> Time - Mon Jun 15 14:51:27 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Sub: issuer key ID(sub 16)(8 bytes)
</span></span><span class="line"><span class="cl"> Key ID - 0x8C756B2E2C94D4ED
</span></span><span class="line"><span class="cl"> Hash left 2 bytes - 35 fd
</span></span><span class="line"><span class="cl"> RSA m^d mod n(1022 bits) - ...
</span></span><span class="line"><span class="cl"> -> PKCS-1
</span></span><span class="line"><span class="cl">Old: Public Subkey Packet(tag 14)(269 bytes)
</span></span><span class="line"><span class="cl"> Ver 4 - new
</span></span><span class="line"><span class="cl"> Public key creation time - Tue Jun 02 14:43:57 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> RSA n(2048 bits) - ...
</span></span><span class="line"><span class="cl"> RSA e(17 bits) - ...
</span></span><span class="line"><span class="cl">Old: Signature Packet(tag 2)(577 bytes)
</span></span><span class="line"><span class="cl"> Ver 4 - new
</span></span><span class="line"><span class="cl"> Sig type - Subkey Binding Signature(0x18).
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> Hash alg - SHA1(hash 2)
</span></span><span class="line"><span class="cl"> Hashed Sub: signature creation time(sub 2)(4 bytes)
</span></span><span class="line"><span class="cl"> Time - Tue Jun 02 14:43:58 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Hashed Sub: key flags(sub 27)(4 bytes)
</span></span><span class="line"><span class="cl"> Flag - This key may be used to encrypt communications
</span></span><span class="line"><span class="cl"> Flag - This key may be used to encrypt storage
</span></span><span class="line"><span class="cl"> Hashed Sub: embedded signature(sub 32)(284 bytes)
</span></span><span class="line"><span class="cl"> Ver 4 - new
</span></span><span class="line"><span class="cl"> Sig type - Primary Key Binding Signature(0x19).
</span></span><span class="line"><span class="cl"> Pub alg - RSA Encrypt or Sign(pub 1)
</span></span><span class="line"><span class="cl"> Hash alg - SHA256(hash 8)
</span></span><span class="line"><span class="cl"> Hashed Sub: signature creation time(sub 2)(4 bytes)
</span></span><span class="line"><span class="cl"> Time - Tue Jun 02 14:43:57 東京 (標準時) 2009
</span></span><span class="line"><span class="cl"> Sub: issuer key ID(sub 16)(8 bytes)
</span></span><span class="line"><span class="cl"> Key ID - 0x09D704B753BA1622
</span></span><span class="line"><span class="cl"> Hash left 2 bytes - 71 2d
</span></span><span class="line"><span class="cl"> RSA m^d mod n(2048 bits) - ...
</span></span><span class="line"><span class="cl"> -> PKCS-1
</span></span><span class="line"><span class="cl"> Sub: issuer key ID(sub 16)(8 bytes)
</span></span><span class="line"><span class="cl"> Key ID - 0x317D97A469ECE048
</span></span><span class="line"><span class="cl"> Hash left 2 bytes - 1d e2
</span></span><span class="line"><span class="cl"> RSA m^d mod n(2046 bits) - ...
</span></span><span class="line"><span class="cl"> -> PKCS-1
</span></span></code></pre></div><p>うむ,問題ないようだな。
ちなみに Windows バイナリは<a href="https://baldanders.info/spiegel/pgpdump/">うちのサイトでも公開</a>しているのでご自由にどうぞ。</p>
<div class="footnotes" role="doc-endnotes">
<hr>
<ol>
<li id="fn:1">
<p><a href="https://text.baldanders.info/remark/2016/03/gcc-msys2-2/" title="MSYS2 による gcc 開発環境の構築 ― gcc パッケージ群の導入">前回</a>インストールした <code>base-devel</code> パッケージグループは今回の <a href="https://github.com/kazu-yamamoto/pgpdump" title="kazu-yamamoto/pgpdump: A PGP packet visualizer">pgpdump</a> ビルドには必要なく,インストールしなくても問題ない。まぁ今回は単純なビルドだし。 <a href="#fnref:1" class="footnote-backref" role="doc-backlink">↩︎</a></p>
</li>
</ol>
</div>