GPG基本文件加密不要求 public/private 密钥。但是,为了使一个加密的文件更安全,您可以使用 RSA/DSA 算法。这些算法生成公钥和私钥加密文件。 本文将帮助你做到以下三项工作在Linux中使用GPG密钥对文件加密。
- 创建密钥对
- 加密/解密同一帐户中的本地文件。
- 加密其它用户的文件。
- 解密其他用户的文件。
第1步:创建GPG密钥对
第一步骤是生成密钥对。使用下面的命令来生成GPG密钥对。
# gpg --gen-key
输出:
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: Rahul Kumar
Email address: rahul.kumar1099@gmail.com Comment: Linux System Admin You selected this USER-ID: "Rahul Kumar (Linux System Admin) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++++++++++++..+++++++++++++++.++++++++++++++++++++.+++++.+++++.+++++++++++++++++++++++++.+++++.++++++++++++++++++++++++++++++...+++++>+++++..+++++>+++++..............................................................+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 284 more bytes) We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++..+++++.++++++++++..++++++++++.++++++++++..++++++++++..+++++++++++++++.+++++..+++++.++++++++++.+++++.++++++++++.++++++++++..++++++++++++++++++++++++++++++..+++++>++++++++++.>+++++>+++++.+++++.....................+++++^^^ gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 2AE39E50 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/2AE39E50 2013-03-14 Key fingerprint = 0D89 4697 E22A A6CC 3017 5EA1 0389 ED6D 2AE3 9E50 uid Rahul Kumar (Linux System Admin) sub 2048g/9102AC9C 2013-03-14
第2步:加密/解密文件,当前用户
加密文件只单个用户。没有一个其他可以解密该文件。
# gpg --encrypt --recipient 'Rahul Kumar' youcl.txt
作为密钥生成用于
-recipient名应该是一样的。上面的命令会自动生成一个名为加密文件 youcl.txt.gpg 解密自己的文件youcl.txt.gpg
# gpg --output youcl2.txt --decrypt youcl.txt.gpg
-output 或
-o 用于指定输出文件名 。上面的命令会提示在密钥对使用密码。
第3步:对于其他用户加密文件
使用第1步骤生成加密文件。最后分享您的公共密钥和加密的文件(youcl.txt.gpg)与其他用户。要导出以下命令你的公钥的使用。
# gpg --armor --output pubkey.txt --export 'Rahul Kumar'
检查你的公钥。它应该像下面
# cat pubkey.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQGiBFFBPwsRBADWAxKxCxLsZ1ZJ512auBkEw51HlF5+k18Yp1giOqIYtbRUPVeq
Y5o5knVKjlJDlVA0/rGh18fbKgubjZl1PL1R+tT0bMIDIs5+hg+S60nSlxBGOhYz
8h+nuY4GbOMdG0V4DJwgpOg7Haywljs0epYPtcdroRIrLg8owjcpYtIm1wCgl75F
XP6XU/CPJJoZp7DrC2Ukrg8EALra/Rwk5MXi3G8rT3dq1rX0wMmFPh+A1osnYIlM
RaaNGi28MdTGv/61pMz6ItPgBTglp6hzkRyixIuBXxqkwP8489o2MwzzwVbAUjUb
i8/U4Y3eW1jii8WBZydUn+MaMx4sKSnYXjoIHvRsiDhnIWvVUdbaeet0wOdlLj/X
+xl/BACl0xykv21zpMUXnKIadM2DeD6esMHtijzJYBfg6tgQmwjbFMtLsiPk0GdG
RCYQ0vTiSn0m78dcqsQjvfTSzd0kFnOvSkC3kNf/+cqY9ZHnin4J55LfI1m0yHhB
Ybm2zutx9f6+RB7Ariuhok9BXPVd5cPf5lO6DxmIF2qAjk83nLQ8UmFodWwgS3Vt
YXIgKExpbnV4IFN5c3RlbSBBZG1pbikgPHJhaHVsLmt1bWFyMTA5OUBnbWFpbC5j
b20+iGAEExECACAFAlFBPwsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAD
ie1tKuOeUJUaAJ0TKvkx1qiJxlAssDkzC+1mElhBJQCgg6tm4u5NCUAbuFosG0Ix
Y34YJ1C5Ag0EUUE/EBAIAJfBCnfQI+/Oy2dLt9RdfsarK0FcsFTFRdiAWEsBoI8l
wPDNamXAqAnGqdZwiVzx26SOmLbveooZmzYGZJV8ouXLSTidpNjoFWyO45XH4Ok8
3b+lJy/JcOSRLBQWrAUaLs46KTWkd0AM+ilegfWrNkcjIbgr7WY64jk640NffRBO
bb/fj+ILpM4keV+8EigC5xWerjC2YR8mnI6P8ylGzeuUitNHToBSf6m3RBEpQxvk
AcKat7BpqJ4cz1+4ACT8RxFL7dAAnnhpbjkM4VHqSjQuf483bVa7dVYZdOA/Ys68
1h9LBBRDbpSl7UPy9s+BRpuTUq8lk69yn6tb63TWATcAAwUH/i7wnh4Vx/0HBYWo
8AjY3iqaIjTW63H70PXKwn7yxLJW2xqSQ2Sre9h9J/arZUwerky3tS3xdcEEGTSP
oXgeg2passygEAnlGUEws2BZ+3XVbSVhh+vMmqOMwz1J1GUKTOWH5vVCsfYdMmb/
4GnxV2iAKeskPRwZFHujaHA0tvlGtRXjFXqxiBuSZjgv0W93sbZQamArCYaJtwT0
2ZgrrUAVEs8JMTbSfrQEmXpfhk2mFcrf2ocAC6LwxMYZESDW6YhlY+1utEqpN6al
Mefh1g42JK2g4OV42iP7op0JeQp6emJFywumlTrnihycRXEElxur+23NSLQpeNaw
M6gUQPeISQQYEQIACQUCUUE/EAIbDAAKCRADie1tKuOeUB+VAJ9e8PprKcX3qvnW
rU8MhhXMB/G0PQCfehvC8uWR/TLtHyu5pjzCEtcsX/E=
=k3yQ
-----END PGP PUBLIC KEY BLOCK-----
第4步:解密其他用户文件。
要解密其他用户的文件,它要求用户的公钥。导入公钥到您的帐户使用下面的命令。比如其他用户的公共文件是otherpub.txt
# gpg --import otherpub.txt
确保文件已被使用下面的命令导入成功。
# gpg --list-keys
上面的命令将显示帐户中的所有公共密钥。确保其他用户的公钥也存在那里。 现在,您可以使用下面的命令解密其他用户的文件
# gpg --output otheruserfile.txt otheruserfile.txt.gpg
谢谢阅读这篇文章。 请阅读我们的下一篇文章
用GPG命令行文件加密 。
