一、簡介
在Ubuntu18.04預設自帶了GPG加密工具。GPG(即GnuPG)是一種非對稱密鑰加密工,主要用于加密解密,進行數字簽名等。GPG可以生成用于加密解密、進行數字簽名、資料指紋的非對稱密鑰。
~$ gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/kyun/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2 通過檢視gpg的版本資訊,我們可知GPG支援的算法有:
- 公鑰算法:RSA, ELG, DSA, ECDH, ECDSA, EDDSA
-
密碼算法:IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
- 哈希:SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
- 壓縮算法:Uncompressed, ZIP, ZLIB, BZIP2
密鑰的存放目錄:/home/kyun/.gnupg
二、生成密鑰
~$ gpg --full-generate-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: wongkyunban
Email address: [email protected]
Comment: wongkyunban's gpg
You selected this USER-ID:
"wongkyunban (wongkyunban's gpg) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/kyun/.gnupg/trustdb.gpg: trustdb created
gpg: key 460401669FF4DBED marked as ultimately trusted
gpg: directory '/home/kyun/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/kyun/.gnupg/openpgp-revocs.d/D3562273317BBC73F883C762460401669FF4DBED.rev'
public and secret key created and signed.
pub rsa2048 2019-09-03 [SC]
D3562273317BBC73F883C762460401669FF4DBED
uid wongkyunban (wongkyunban's gpg) <[email protected]>
sub rsa2048 2019-09-03 [E] Real name: wongkyunban是定義key的名字。
三、檢視密鑰
檢視公鑰:gpg --list-key
~$ gpg --list-key
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/kyun/.gnupg/pubring.kbx
-----------------------------
pub rsa2048 2019-09-03 [SC]
D3562273317BBC73F883C762460401669FF4DBED
uid [ultimate] wongkyunban (wongkyunban's gpg) <[email protected]>
sub rsa2048 2019-09-03 [E] 檢視私鑰:gpg --list-secret-keys
~$ gpg --list-secret-keys
/home/kyun/.gnupg/pubring.kbx
-----------------------------
sec rsa2048 2019-09-03 [SC]
D3562273317BBC73F883C762460401669FF4DBED
uid [ultimate] wongkyunban (wongkyunban's gpg) <[email protected]>
ssb rsa2048 2019-09-03 [E] 四、提取密鑰
提取公鑰:
~$ gpg -a --export wongkyunban > wongkyunban_pubkey.asc 提取私鑰:
~$ gpg -a --export-secret-keys wongkyunban > wongkyunban_privkey.asc 五、使用公鑰加密檔案
~$ touch hello.txt
kyun@kyun-HP-348-G3:~$ echo "hello world" > hello.txt
kyun@kyun-HP-348-G3:~$ cat hello.txt
hello world
kyun@kyun-HP-348-G3:~$ gpg -ea -r wongkyunban hello.txt
kyun@kyun-HP-348-G3:~$ ls
hello.txt hello.txt.asc ~$ cat hello.txt.asc
-----BEGIN PGP MESSAGE-----
hQEMA5wQ77tUIH1yAQgA1ru1OxQz8kInOe+RQxXPmJHq4Wa4B6oGptxdro9JFY3Q
fBWPjOrTbfeBXxIIF/gHUfqmiC/NzElfYWSOEPzz8AEyfNj5QYdYZGoxhN1jLQjC
laWsEZj3zwFEajJEJR4tcgv7OwjMaEkISNtx5nDp25wPdtc5LOagwSTSHOnOGprV
2cNsUqcwtZeeYLECV1SEno9HMAytLKWJdtK7QxachFrNZUIofW/BPC/chHaOVtN+
xsbjiivCc00hNASlCMqmCFPzXq7riOmUqsgsgpAh2O8kZ2/ZlEWQbiSzwgan/XKL
MoG6ZR+vlIy1v3rjAEfzW4m6ypiqadlruXYzEfV7odJNAdlu+zBthmdu75LrF3E0
dPlm7tnNIs54VBzNzXzQnPhL7fJSKB2a3nftBVgW4TKgjfXj6IxeqOFTHmpDFdin
luLzMb4by0WjZYF2Wog=
=sSMe
-----END PGP MESSAGE----- 即會生成hello.txt.asc的加密檔案
六、使用私鑰解密
~$ gpg -o new_hello.txt -d hello.txt.asc
gpg: encrypted with 2048-bit RSA key, ID 9C10EFBB54207D72, created 2019-09-03
"wongkyunban (wongkyunban's gpg) <[email protected]>" 輸入私鑰密碼,結果如下:
kyun@kyun-HP-348-G3:~$ ls
hello.txt hello.txt.asc new_hello.txt
wongkyunban_privkey.asc
wongkyunban_pubkey.asc
kyun@kyun-HP-348-G3:~$ cat new_hello.txt
hello world 即可把hello.txt.asc的加密檔案解密成new_hello.txt檔案。
七、删除密鑰
要先删除私鑰,才能删除公鑰。
删除私鑰
~$ gpg --delete-secret-keys wongkyunban
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec rsa2048/460401669FF4DBED 2019-09-03 wongkyunban (wongkyunban's gpg) <[email protected]>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) 删除公鑰
~$ gpg --delete-key wongkyunban
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa2048/460401669FF4DBED 2019-09-03 wongkyunban (wongkyunban's gpg) <[email protected]>
Delete this key from the keyring? (y/N) 八、導入密鑰
gpg --import ![JAVA 系列——>開發工具IntelliJ IDEA的安裝以及配置、快捷鍵IDEA 簡介[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)