Ubuntu18.04使用GPG加密工具
程序员文章站
2022-07-14 12:46:50
...
一、简介
在Ubuntu18.04默认自带了GPG加密工具。GPG(即GnuPG)是一种非对称**加密工,主要用于加密解密,进行数字签名等。GPG可以生成用于加密解密、进行数字签名、数据指纹的非对称**。
~$ gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/kyun/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
通过查看gpg的版本信息,我们可知GPG支持的算法有:
- 公钥算法:RSA, ELG, DSA, ECDH, ECDSA, EDDSA
-
密码算法:IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256 - 哈希:SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
- 压缩算法:Uncompressed, ZIP, ZLIB, BZIP2
**的存放目录:/home/kyun/.gnupg
二、生成**
~$ gpg --full-generate-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: wongkyunban
Email address: [email protected].com
Comment: wongkyunban's gpg
You selected this USER-ID:
"wongkyunban (wongkyunban's gpg) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/kyun/.gnupg/trustdb.gpg: trustdb created
gpg: key 460401669FF4DBED marked as ultimately trusted
gpg: directory '/home/kyun/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/kyun/.gnupg/openpgp-revocs.d/D3562273317BBC73F883C762460401669FF4DBED.rev'
public and secret key created and signed.
pub rsa2048 2019-09-03 [SC]
D3562273317BBC73F883C762460401669FF4DBED
uid wongkyunban (wongkyunban's gpg) <[email protected].com>
sub rsa2048 2019-09-03 [E]
Real name: wongkyunban是定义key的名字。
三、查看**
查看公钥:gpg --list-key
~$ gpg --list-key
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/kyun/.gnupg/pubring.kbx
-----------------------------
pub rsa2048 2019-09-03 [SC]
D3562273317BBC73F883C762460401669FF4DBED
uid [ultimate] wongkyunban (wongkyunban's gpg) <[email protected].com>
sub rsa2048 2019-09-03 [E]
查看私钥:gpg --list-secret-keys
~$ gpg --list-secret-keys
/home/kyun/.gnupg/pubring.kbx
-----------------------------
sec rsa2048 2019-09-03 [SC]
D3562273317BBC73F883C762460401669FF4DBED
uid [ultimate] wongkyunban (wongkyunban's gpg) <[email protected].com>
ssb rsa2048 2019-09-03 [E]
四、提取**
提取公钥:
~$ gpg -a --export wongkyunban > wongkyunban_pubkey.asc
提取私钥:
~$ gpg -a --export-secret-keys wongkyunban > wongkyunban_privkey.asc
五、使用公钥加密文件
~$ touch hello.txt
[email protected]-HP-348-G3:~$ echo "hello world" > hello.txt
[email protected]-HP-348-G3:~$ cat hello.txt
hello world
[email protected]-HP-348-G3:~$ gpg -ea -r wongkyunban hello.txt
[email protected]-HP-348-G3:~$ ls
hello.txt hello.txt.asc
~$ cat hello.txt.asc
-----BEGIN PGP MESSAGE-----
hQEMA5wQ77tUIH1yAQgA1ru1OxQz8kInOe+RQxXPmJHq4Wa4B6oGptxdro9JFY3Q
fBWPjOrTbfeBXxIIF/gHUfqmiC/NzElfYWSOEPzz8AEyfNj5QYdYZGoxhN1jLQjC
laWsEZj3zwFEajJEJR4tcgv7OwjMaEkISNtx5nDp25wPdtc5LOagwSTSHOnOGprV
2cNsUqcwtZeeYLECV1SEno9HMAytLKWJdtK7QxachFrNZUIofW/BPC/chHaOVtN+
xsbjiivCc00hNASlCMqmCFPzXq7riOmUqsgsgpAh2O8kZ2/ZlEWQbiSzwgan/XKL
MoG6ZR+vlIy1v3rjAEfzW4m6ypiqadlruXYzEfV7odJNAdlu+zBthmdu75LrF3E0
dPlm7tnNIs54VBzNzXzQnPhL7fJSKB2a3nftBVgW4TKgjfXj6IxeqOFTHmpDFdin
luLzMb4by0WjZYF2Wog=
=sSMe
-----END PGP MESSAGE-----
即会生成hello.txt.asc的加密文件
六、使用私钥解密
~$ gpg -o new_hello.txt -d hello.txt.asc
gpg: encrypted with 2048-bit RSA key, ID 9C10EFBB54207D72, created 2019-09-03
"wongkyunban (wongkyunban's gpg) <[email protected]>"
输入私钥密码,结果如下:
[email protected]-HP-348-G3:~$ ls
hello.txt hello.txt.asc new_hello.txt
wongkyunban_privkey.asc
wongkyunban_pubkey.asc
[email protected]-HP-348-G3:~$ cat new_hello.txt
hello world
即可把hello.txt.asc的加密文件解密成new_hello.txt文件。
七、删除**
要先删除私钥,才能删除公钥。
删除私钥
~$ gpg --delete-secret-keys wongkyunban
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec rsa2048/460401669FF4DBED 2019-09-03 wongkyunban (wongkyunban's gpg) <[email protected].com>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
删除公钥
~$ gpg --delete-key wongkyunban
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa2048/460401669FF4DBED 2019-09-03 wongkyunban (wongkyunban's gpg) <[email protected].com>
Delete this key from the keyring? (y/N) y
八、导入**
导入公钥或私钥:
gpg --import wongkyunban
谢谢阅读