GPG encryption and decryption and practical application

Main content: GPG encryption and decryption of the basic operation and a small number of applications.

• Brief introduction
• Installation
• Generate key Operation procedure
• Some operations on keys
  • View Key
  • Export key
  • Import Key
  • Logout key
  • Delete key
  • Edit key
    • Signature
    • Change Password
    • etc...
• Encrypting files
• Decrypt files
• Some reference

Brief introduction

GPG--GNUPG, is an asymmetric key encryption tool software, mainly used for encryption and decryption, digital signature and so on. GPG can generate asymmetric keys for encryption, decryption, digital signatures, and data fingerprinting.

Installation

Currently Ubuntu has been installed by default GPG, compiled installation can refer to the Chinese version of Howto in the installation section. Note the difference between the international version and the US version.

Generate key Operation procedure

The command to generate the key is Gpg–gen-key, the following is a Gpg–gen-key execution process, which will be mixed with the explanatory text and skip a part of the unimportant information to illustrate the process of key generation:

gpg --gen-key……请选择您要使用的密钥种类：   (1) RSA and RSA (default)   (2) DSA and Elgamal   (3) DSA (仅用于签名)   

You can choose a different encryption algorithm and use it. The previously used default is the DSA algorithm, which has now become RSA. This time choose Default.

The longer the key length/size, the more difficult it is to crack, but also the need for more processing, which may result in slower processing. The default value here is 2048. This value is not the same as in howto, longer, and the length range of the DSA key becomes 1024-3072. This is an "age-leaking problem".

请设定这把密钥的有效期限。 0 = 密钥永不过期      <n>  = 密钥在 n 天后过期      <n>w = 密钥在 n 周后过期      <n>m = 密钥在 n 月后过期      <n>y = 密钥在 n 年后过期……

The key validity period is not explained.

您需要一个用户标识来辨识您的密钥；本软件会用真实姓名、注释和电子邮件地址组合成用户标识，如下所示：    “Heinrich Heine (Der Dichter) <[email protected]>”真实姓名： xxx电子邮件地址： [email protected]

This identity will be used as a flag to maintain the key later, such as query, import and export, destroy, and so on, will be used to retrieve the UID to confirm the operation of only the key.

您需要一个密码来保护您的私钥。

Enter a password so that when you use the key, you will be asked to enter a password, which is correct before you can use the key, which is the second protection. Can not enter the password for some special purposes, but in general, still have it better, just must remember, do not forget.

我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动鼠标、读写硬盘之类的)，这会让随机数字发生器有更好的机会获得足够的熵数。随机字节不够多。请再做一些其他的琐事，以使操作系统能搜集到更多的熵！(还需要177字节)....+++++随机字节不够多。请再做一些其他的琐事，以使操作系统能搜集到更多的熵！(还需要155字节)....................+++++

At this point the system starts generating the key, which requires enough action to generate a random number in memory. So, go do something else until the key is generated, but don't leave the tea.

gpg: 密钥 375B9788 被标记为绝对信任公钥和私钥已经生成并经签名。……sub   4096R/107FE36C 2014-12-13

The key generation is now complete.

Some operations on Keys view keys

$ gpg --list-keys/home/pangyi/.gnupg/pubring.gpg-------------------------------pub   4096R/375B9788 2014-12-13uid                  xxx (xxxxx) <[email protected]>sub   4096R/107FE36C 2014-12-13pub   3072D/9D4F5F01 2014-12-14uid                  uidfile (xxx) <[email protected]>sub   3072g/6D72E230 2014-12-14

You can see the UID of the key.

View key signature information use Gpg–list-sigs to view key fingerprint information using Gpg–fingerprint

To view private key information:

gpg --list-secret-keys/home/pangyi/.gnupg/secring.gpg-------------------------------sec   4096R/375B9788 2014-12-13uid                  xxx (xxxxx) <[email protected]>ssb   4096R/107FE36C 2014-12-13sec   3072D/9D4F5F01 2014-12-14uid                  uidfile (xxx) <[email protected]>ssb   3072g/6D72E230 2014-12-14

Export key

The gpg–export is used to export the key public key. When there are multiple keys, you need to specify the UID or SEC identification, the input UID does not have to be complete, can be uniquely identified to output the key. But with the UID it is possible to output multiple keys at the same time, rather than using the SEC good.

The key is output to standard output and can be redirected to a file save.

Import Key

Not tested, import the public key using Gpg–import [Filename], or import from standard input If you do not specify a file.

Logout key

Not tested, log off with Gpg–gen-revoke, require a key password

Delete key

Not tested, Gpg–delete-key

Edit key

Gpg–edit-key is an instruction to edit a key, which can:

Signature

No imported keys, cannot be tested, locally generated has been checked: Gpg–edit-key UID sign

Change Password

Not tested, Gpg–edit-key UID passwd

etc... Encrypting files

Encrypt a file and use "Gpg-e-r UID file name" to complete. Encryption generates a file with the original file name. gpg.

Decrypt files

The operation to decrypt the file is as follows:

$ gpg -d -r uidfile test.gpggpg: 由 3072 位的 ELG-E 密钥加密，钥匙号为 6D72E230、生成于 2014-12-14      “uidfile (xxx) <[email protected]>”test

In addition to the first two lines of the display content is GPG display to the standard output content. It is the content of the decrypted file. You can redirect it to a makefile to get the decrypted file. As you can see, the contents of the file before encryption are test.

I do not know whether it is because the output content to non-standard output content, although the return result of the process is 0, but in the expect script language, there will be an error, not normal execution.

If a password is set when the key is generated, it is prompted for decryption and cannot be decrypted if the input is not a positive solution.

In an Ubuntu environment, if you enter a password once, then you don't have to enter it again until the system restarts.

Some reference

Because of the application updates and other reasons, the information on the network needs to "understand the spirit", to see the most accurate reference documents, or to see the latest official documents or man help. Here are some reference articles in Chinese:

http://www.linuxfly.org/post/274/

Https://www.gnupg.org/howtos/zh/GPGMiniHowto-1.html<p class= ' post-footer ' > Original link address: http://pangyi.github.io/ blog/20150103/gpgjia-mi-jie-mi-yu-shi-ji-ying-yong/
Written by pangyi?posted at http://pangyi.github.io</p>

GPG encryption and decryption and practical application