GPG
GnuPG(英文:GNU Privacy Guard,簡稱:GPG)是加密和數字簽名的免費工具,大多用于加密資訊的傳遞。除了僅用密碼加密外,gpg最大的不同是提供了“公鑰/私鑰”對。利用“公鑰”别人加密資訊不再需要告知密碼,發送加密資訊。加密是單向的,隻有“私鑰”能解開加密.
建立2個使用者 user1和user2 并設定密碼
用user1登陸
$ gpg --gen-key
(1)RSA and RSA (default)
(2)DSA and Elgamal
(3)DSA (sign only)
(4)RSA (sign only)
Your selection? 1
What keysize do you want? (2048) 1024
0= key does not expire
<n>= key expires in n days
<n>w= key expires in n weeks
<n>m= key expires in n months
<n>y= key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Real name: user1
Gnugpg檔案存放的位置
$ ls .gnupg/
檢視已有的公鑰
[user1@localhost ~]$ gpg --list-keys
檢視已有的私鑰
[user1@localhost ~]$ gpg --list-secret-keys
user1将自己的公鑰導出
[user1@localhost ~]$ gpg --export --armoruser1 > /tmp/user1.key
[user1@localhost ~]$ cat /tmp/user1.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mI0ETpVd2AEEANKlkhw58iHbFKjSllZth9GJzf3foH8FapZhe+mMbZDuQ0WJCZpP
45B1Po5ZIGrV5UMxyC4LN0WZp9bzW4KNRtQnK1guEw6aaZw+eM+Qy2hAjqX9YeBA
CCmBdwxAkzQDPZ8b9Z1H9z94Hm5ewmSoQ/hajwNGpMYz6yyv7g1QyRQTABEBAAG0
LHVzZXIyIChncGcgdGVzdCB1c2VyMikgPHVzZXIyQHVwbG9va2luZy5jb20+iLgE
EwECACIFAk6VXdgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEEzSXBxr
G2Jhiz0EALmX0Ih5n0BCc3dddY4v8d7treI/xtZrbygYxVuyGyfTZ5/Nwq8Rd54g
XEFxoIttp7ZuFQajGBg9ghc1DQCzsVp3gt5dvb4YLptzoe5629B9AaIdub9bwXxa
lvumuSf7aXWkauukpHq7gH7mDYXNsPRpScOHQ1PwfZPL+Nox7bu7uI0ETpVd2AEE
AOkILZohJwvbPSQClR2lIxlkJXYLssGTUXJGpHUFugSzkJBUweIM/usFYzqNxZ6C
FYCzRtX0yND3r7nR+tobiXNVIZf5mll+mVFZl/pQkvJkyDIFhZdrO8ivjlysczO3
p045lXh/P0mDXOBk9wS6aN82V2KqIWYpZiWR24y3YF4vABEBAAGInwQYAQIACQUC
TpVd2AIbDAAKCRBM0lwcaxtiYeXzA/9toSUJHWk94BWONmhaAFIDMYRq8hcUEcyA
8bB3l1cBccAhGzV9NVBJ/tjm0C9cHk0qAolgZh7fdNhJ1tRqTYdM50IjKf36sVU0
r0aL2JVNL7VAG0N5biLyFLw9EoyFs1CZ8+6OgmxNHsxVo8YjVJ9weTtHDMQZA4z5
RFBwYscP9Q==
=7ZWl
-----END PGP PUBLIC KEY BLOCK-----
user2導入user1 的public key
[user2@localhost ~]$ gpg --import/tmp/user1.key
[user2@localhost ~]$ gpg --list-keys
user2用user1 的public key 加密檔案file.gpg。并将加密之後的檔案file.gpg.asc通過郵件發送給user1
$vim file.gpg
123
[user2@localhost ~]$ gpg --encrypt --armor--recipient user1 file.gpg
Use this key anyway? (y/N) y
[user2@localhost ~]$ ls
file.gpg.asc file.gpg
[user2@localhost ~]$ mail -s "gpgtest" user1@localhost < file.gpg.asc
user1收到郵件後發現郵件内容是經過加密的。把郵件的内容儲存到~/file.gpg,儲存後的檔案内容也是加密的
[user1@localhost ~]$ mail
& 1
Message 1:
& w ~/file.gpg
& q
[user1@localhost ~]$ cat file.gpg
user1使用gpg解密file.gpg,得到檔案file,并能看到裡面的内容
[user1@localhost ~]$ gpg file.gpg
[user1@localhost ~]$ ls file*
file file.gpg
[user1@localhost ~]$ cat file
本文轉自潘闊 51CTO部落格,原文連結:http://blog.51cto.com/pankuo/1389346,如需轉載請自行聯系原作者