macbook 忘记密码_MacBook上电子邮件的密码学

macbook 忘记密码

While the deprivation of the Fourth Amendment of the Bill of Rights from the Constitution of the United States proceeds relentlessly from within the government of the United States of America, remaining secure in persons, houses, papers, or effects such as email requires more than simply an understanding of “certain inalienable rights” but that of cryptography. Cryptography, which is itself under attack now in the United States of American through legislation designed to undermine the Constitution of the United States of America (i.e., Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (EARN IT)), is an indispensable tool.

虽然从美国政府内部无情地剥夺了《权利法案第四修正案》，但要保持人身，房屋，文件或电子邮件等财物的安全，需要的不仅仅是简单的对“某些不可剥夺的权利”的理解，但对密码学的理解。 密码术本身是必不可少的，它通过旨在破坏美利坚合众国宪法的立法(即，消除2020年滥用和猖R的交互式技术法案(EARN IT))受到攻击，是必不可少的工具。

Screenshot from video by Zane Sparling 视频截屏来自Zane Sparling

If you are in the mainstream of modern technological equipment, then you likely have a MacBook, Apple iPhone, Apple iWatch or AppleTV. While the latter three devices are completely insecure, from a MacBook there may still be a reasonable expectation of privacy after its hardened. MacBooks are susceptible to hardening through their Operating System. The operating system in MacBooks is based on Unix so many of the programs designed from within the Free Open Source Software (FOSS) are available for MacBooks.

如果您是现代技术设备的主流，那么您可能拥有MacBook，Apple iPhone，Apple iWatch或AppleTV。 尽管后三台设备完全不安全，但是从MacBook 加固后，仍然可能会有合理的隐私期望。 MacBook易于通过其操作系统进行加固。 MacBooks中的操作系统基于Unix，因此许多从Free Open Source Software(FOSS)中设计的程序都可用于MacBooks。

One of these programs is GPGTools. GPGTools provides the basic elements of an encryption tool for MacBook. GPG Tools is a package of GPG based software tools. This suite contains four tools to bring encryption in all areas of your MacBook. The package contains an email plugin for Apple Mail, a key manager, a Service to use GPG in almost any application and an engine to use GPG with the command line.

这些程序之一是GPGTools。 GPGTools提供了MacBook加密工具的基本元素。 GPG工具是基于GPG的软件工具包。 该套件包含四个工具，可在MacBook的所有区域进行加密。 该软件包包含一个用于Apple Mail的电子邮件插件，一个密钥管理器，一个在几乎所有应用程序中使用GPG的服务以及一个在命令行中使用GPG的引擎。

GnuPrivacy Guard

Gnu隐私卫士

Based on GnuPG, GPG (i.e., an acronym for GnuPG or Gnu Privacy Guard) is a free-software replacement for Symantec’s PGP cryptographic software suite, and is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. PGP, an encryption program, or, rather a protocol, which is a set of standards, for designing specific software implementations. GPGTools is therefore a specific software implementation for PGP.

GPG(基于GnuPG)(即GnuPG或Gnu Privacy Guard的首字母缩写)是赛门铁克 PGP 加密软件套件的免费软件替代，并符合RFC 4880 ( OpenPGP的IETF标准跟踪规范)。 现代版本的PGP 可与GnuPG和其他符合OpenPGP的系统互操作 。 PGP是用于设计特定软件实现的一种加密程序，或者说是一组标准的协议。 因此，GPGTools是PGP的特定软件实现。

To implement cryptography in emails, the following guide provides a step by step formula. The first step is to install GPGTools. The second step is a generate a key pair. The third step is to obtain a public key. The fourth step is to exploit the implementation in a Simple Mail Transfer Protocol application. With these four steps you can use cryptography to help prevent the malign anti-Constitutional intelligence, law enforcement or police state organizations from access to emails sent or received.

要在电子邮件中实施加密，以下指南提供了逐步的公式。 第一步是安装GPGTools。 第二步是生成密钥对。 第三步是获取公钥。 第四步是利用简单邮件传输协议应用程序中的实现。 通过这四个步骤，您可以使用加密技术来防止恶意的反宪法情报，执法机构或警察国家组织访问已发送或已接收的电子邮件。

安装GPGTools (Installing GPGTools)

GPG Tools is a long-running open source project based on Pretty Good Privacy or PGP. It’s a reliable source, but you can see for yourself by reviewing the code on their GitHub page. Navigate to the GPG Suite online.

GPG Tools是一个长期运行的开源项目，它基于Pretty Good Privacy或PGP。 这是可靠的资源，但是您可以通过查看其GitHub页面上的代码来亲自查看。 在线浏览至GPG套件 。

Although there is no security protocol so foolproof as to be deprived of a percentage for which there is no chance that an unknown vulnerability’s exploitation would never compromise its integrity, there is a reasonable probability that a checksum may provide a modicum of confidence in the download.

尽管没有安全协议能做到万无一失，以至于无法避免某个百分比的未知漏洞的利用永远不会损害其完整性，但是很有可能校验和可以为下载提供一定程度的信心。

1. Download the GPG Suite.
   下载GPG套件。
2. Open the MacBook’s Terminal, which is essentially a Bash (i.e., Bourne Again Shell), to run the following command:
   打开MacBook的终端，它实际上是一个Bash(即Bourne Again Shell)，以运行以下命令：

3. Paste shasum -a 256 into the Terminal.

   将shasum -a 256粘贴到终端中。

4. Press spacebar and drag the download from the GPG Suite website’s into the Terminal
   按空格键并将下载的内容从GPG Suite网站的拖放到终端
5. Press enter.
   按回车。
6. If the resulting SHA256 checksum matches SHA256, the download is secure.
   如果生成的SHA256校验和与SHA256相匹配，则下载是安全的。

If you have ran the checksum test for the download, the download may be considered to have been downloaded more securely than if the test had not been ran but there is no guarantee.

如果您已经运行了下载的校验和测试，则与未运行测试但不能保证的下载相比，下载的下载可能被认为更加安全。

生成密钥对 (Generating a Key Pair)

The NeXTSTEP is to generate a key pair. A key pair is comprised of both a public as well as a private key. The public key is publicly available. People who would like to initiate an exchange of cryptographic letters add the public key. The private key is used to lock (i.e., encrypt) or unlock (i.e., decrypt) cryptographic emails. The private key must therefore be protected.

NeXTSTEP将生成密钥对。 密钥对包括公共密钥和私有密钥。 公钥是公开可用的。 希望发起加密字母交换的人添加了公共密钥。 私钥用于锁定(即加密)或解锁(即解密)加密电子邮件。 因此，必须保护私钥。

1. Open the GPG Keychain App.
   打开GPG钥匙串应用程序。

1. Fill in the prompt.
   填写提示。
2. Chose a password of the highest strength.
   选择强度最高的密码。
3. Generate the key.
   生成密钥。
4. Generate the key pair.
   生成密钥对。

获取公钥 (Obtaining a Public Key)

With the key pair the cryptography process is ready. The NeXTSTEP is to export your public key.

使用密钥对，加密过程已准备就绪。 NeXTSTEP将导出您的公钥。

1. Open the GPG Keychain App.
   打开GPG钥匙串应用程序。
2. Press the Export button next to the Import button.
   按“导入”按钮旁边的“导出”按钮。
3. A file ending in .asc should pop up with a request to download to the desktop.
   以.asc结尾的文件应弹出，并要求下载到桌面。
4. Add that file to your email as an attachment.
   将该文件作为附件添加到您的电子邮件中。

您的邮件应用 (Your Mail App)

A mail app is not necessary, as the encryption / decryption processes may be designated as keyboard shortcuts. However, you can access these basic features through right clicking on a selected plain text. Under the Services tab, there should be several options under OpenGPG for managing the cryptographic services.

邮件应用程序不是必需的，因为可以将加密/解密过程指定为键盘快捷键。 但是，您可以通过右键单击选定的纯文本来访问这些基本功能。 在“服务”选项卡下，“ OpenGPG”下应有多个用于管理加密服务的选项。

最佳实践 (Best Practices)

If you use gmail or any SMTP web app that tracks in real time a number of different biometrics such as stroke, key speed, error rate, or, what is most important, your plain text message, then gmail or your SMTP web app may undermine the security of the cryptography protocol you have implemented. If your SMTP app saves a copy of your plain text prior to encryption, then there is a double danger. The first danger is that the encryption is not necessary for any administrator who has access to any or all carbon copies. The second danger is that a plain text offers insight into the encryption or decryption of cypher texts.

如果您使用gmail或实时跟踪许多不同生物特征(例如笔划，按键速度，错误率，或者最重要的是纯文本消息)的SMTP Web应用程序，则gmail或SMTP Web应用程序可能会破坏您已实现的加密协议的安全性。 如果您的SMTP应用在加密之前保存了纯文本的副本，则存在双重危险。 第一个危险是，对于有权访问任何或所有复本的任何管理员，加密都是不必要的。 第二个危险是纯文本可以深入了解密文的加密或解密。

To avoid these dangers, a best practice may be to use a text editor for drafting, saving, or writing any or all emails subject to cryptography. A malign anti-Constitutional intelligence, law enforcement or police state organization may still access plain text copies but only if the malign agent gains access to your computer (where it may be saved) or flashes the Random Access Memory prior to shutoff upon its seizure or else during processing remotely.

为了避免这些危险，最佳实践可能是使用文本编辑器来起草，保存或编写受密码学保护的任何或所有电子邮件。 恶性反宪法情报机构，执法部门或警察机关仍可访问纯文本副本，但前提是恶性代理获得了对您计算机的访问权限(可能将其保存在其中)或在其被查封或关闭之前关闭了随机存取存储器，否则在远程处理期间。

If you would like to ensure, however, beyond a reasonable doubt that no plain texts may be accessed, then using two laptops, one connected to the Internet for transmission or reception, another disconnected from the Internet for drafting, saving, or writing, might present a reasonably strong barrier to a remote attack aimed at flashing your RAM. The second laptop may be secured further, if a new bootable USB thumb drive or MicroSD card is created anew for any session. Upon an imminent seizure the RAM along with the bootable USB thumb drive or MicroSD card from the disconnected laptop may be destroyed together fairly quickly.

但是，如果您想确保无法访问纯文本，请使用两台笔记本电脑，其中一台连接到Internet进行发送或接收，另一台断开Internet的连接以进行草稿，保存或书写，对旨在刷新您的RAM的远程攻击提出了相当大的障碍。 如果为任何会话重新创建了新的可启动USB拇指驱动器或MicroSD卡，则可以进一步保护第二台笔记本电脑。 即将发作时，断开的笔记本电脑中的RAM以及可启动的USB拇指驱动器或MicroSD卡可能会很快一起损坏。

最佳实践 (Best Practices in the Extreme)

If you suspect that you are under surveillance, then you would need to evaluate your approach to security from the ground up. It would not be sufficient to spoof your Mac Address, establishing a random Internet connection (i.e., such as Starbucks) through a Virtual Private Network (i.e., VPN) that does not store logs. You would need to perform a number of modifications to effectuate a laptop’s security properly. Although the subject of another blog, hardened laptops, however, are hardened to a specific purpose. For what specific purpose your harden a laptop, that determines which specific features for hardening you implement.

如果您怀疑自己受到监视，则需要从头开始评估安全性方法。 欺骗您的Mac地址并通过不存储日志的虚拟专用网络(例如VPN)建立随机Internet连接(例如Starbucks)还不够。 您需要进行一些修改才能正确实现笔记本电脑的安全性。 尽管是另一篇博客的主题，但加固型笔记本电脑却加固了特定的用途。 加固笔记本电脑的具体目的是确定要实施的加固功能。

翻译自: https://medium.com/@unicornmobile/cryptography-for-emails-on-a-macbook-b26753d3846b

macbook 忘记密码