昇腾软件包数字签名验证
ls -lh Ascend-cann-*
-rwxrwxrwx 1 hesy hesy 698M 3月 28 17:23 Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run
-rwxrwxrwx 1 hesy hesy 490 3月 28 17:17 Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.asc
-rwxrwxrwx 1 hesy hesy 8.5K 3月 28 17:17 Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.p7s
-rwxrwxrwx 1 hesy hesy 2.2G 3月 28 17:39 Ascend-cann-toolkit_8.1.RC1.alpha001_linux-aarch64.run
-rwxrwxrwx 1 hesy hesy 490 3月 28 17:17 Ascend-cann-toolkit_8.1.RC1.alpha001_linux-aarch64.run.asc
-rwxrwxrwx 1 hesy hesy 8.5K 3月 28 17:17 Ascend-cann-toolkit_8.1.RC1.alpha001_linux-aarch64.run.p7s
gpg --verify Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.asc
gpg:
假定被签名的数据在‘Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run’
gpg: 签名建立于 2025年03月14日 星期五 18时02分40秒 CST gpg: 使用 RSA 密钥
99AD81DF27A74824 gpg: 无法检查签名:缺少公钥
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 99AD81DF27A74824
gpg: 密钥 99AD81DF27A74824:公钥 “OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>” 已导入
gpg: 处理的总数:1
gpg: 已导入:1
gpg --verify Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.asc
gpg: 假定被签名的数据在‘Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run’
gpg: 签名建立于 2025年03月14日 星期五 18时02分40秒 CST
gpg: 使用 RSA 密钥 99AD81DF27A74824
gpg: 完好的签名,来自于 “OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>” [未知]
gpg: 警告:此密钥未被受信任签名认证!
gpg: 没有证据表明此签名属于其声称的所有者。
主密钥指纹: B100 0AC3 8C41 525A 19BD C087 99AD 81DF 27A7 4824
gpg --verify Ascend-cann-toolkit_8.1.RC1.alpha001_linux-aarch64.run.asc
gpg: 假定被签名的数据在‘Ascend-cann-toolkit_8.1.RC1.alpha001_linux-aarch64.run’
gpg: 签名建立于 2025年03月14日 星期五 18时04分50秒 CST
gpg: 使用 RSA 密钥 99AD81DF27A74824
gpg: 完好的签名,来自于 “OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>” [未知]
gpg: 警告:此密钥未被受信任签名认证!
gpg: 没有证据表明此签名属于其声称的所有者。
主密钥指纹: B100 0AC3 8C41 525A 19BD C087 99AD 81DF 27A7 4824
列出本地的所有 Key
执行 gpg --list-keys 列出本地所有的密钥
gpg --list-keys
/home/hesy/.gnupg/pubring.kbx
pub rsa2048 2013-12-30 [SC]
B1000AC38C41525A19BDC08799AD81DF27A74824uid [ 未知 ] OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>
导出公钥
gpg --output rsa_pub.pgp --armor --export B1000AC38C41525A19BDC08799AD81DF27A74824
armor参数的意思是以ASCII导出,默认是二进制格式导出.
cat rsa_pub.pgp
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFLBPjsBCACtQyXqecsm1a3GvRoPHpfrB9ITrYeN0vfSFlJeL4esOgQuA5l3
ILTS9bdGH9OsLuWnryVcGVRVHrpmjhuqSJycYPn/3VXtUWMm27zVSHrKhOTmm3z2
rIeuOdJzaKpgwtkwRzeuutDPW8GqpwRQaGEOGLNcMv+FRYdjmtVru6SKcC7zjhfY
2/TIj4nGGVCP+ebjQGoLBMjC2o9fJi+UV5IxHnB896YpcRKs+JTaV5KSnQ8fG23D
lDofBgwrl9icaNXm17bPx2WYRutaURS6HKh17Vffv4T4t3BoaKj0xE/cF761FPrD
NIFxSpRqQ3As4kS3UOUFg1/5NUBkev4MI5ifABEBAAG0WU9wZW5QR1Agc2lnbmF0
dXJlIGtleSBmb3IgSHVhd2VpIHNvZnR3YXJlIChjcmVhdGVkIG9uIDMwdGggRGVj
LDIwMTMpIDxzdXBwb3J0QGh1YXdlaS5jb20+iQE3BBMBAgAhBQJSwT47AhsDBgsJ
CAcDAgYVCAIJCgsDFgIBAh4BAheAAAoJEJmtgd8np0gk0GQIAIJKdFLMivJdxlS8
INxZHejGaqToh9GqK1u6HQ3Hp59OKRPINBgd61NFuuOwcO0WqBArXfGLLQpBSWLa
5cIOHrEi+Pq2XkdxL3hZhnw/G/GHIHJTjIHNamTikalCz4B+BcsQ0UnFVKZDTkBA
F9a9Md21dJsgzEaAyqpozd1MKsed4Jcj7gY75L/DSWDdPEfeJCQ1j5RQpxbDn4sg
KiZU314DCz8+Iiz30c3l+WHryYC+g1gMeRWKYlS1waltoqpKJeb5b6VEarJKDJXm
LkV3kCmB8AMq8yS0y92uBR58WNlxw37o01grXaQMvTl7GkBQ20xLFHvIdU9UUzVX
86Xyy7A=
=0zUT
-----END PGP PUBLIC KEY BLOCK-----
普及一个数字签名的基本公式: signature = privkey_encrypt(hash_alg(content))
openssl pkcs7 -inform DER -in Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.p7s -out Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.pkcs7
cat Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.pkcs7
-----BEGIN PKCS7-----
...
-----END PKCS7-----
openssl pkcs7 -print_certs -in Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.pkcs7 -out Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.pkcs7.cert
cat Ascend-cann-kernels-310b_8.1.RC1.alpha001_linux-aarch64.run.pkcs7.cert
subject=C = CN, O = Huawei Technologies, OU = Huawei Trust Service, CN = Huawei Release-Signing Authority 1 - G2
issuer=C = CN, O = Huawei Technologies, OU = Huawei Certification Authority, CN = Huawei Integrity CA 1 - G2
-----BEGIN CERTIFICATE-----
...
本文链接地址:https://const.net.cn/830.html