GPG, the GNU Privacy Guard, is a non-commercial version of cryptographic tool PGP (pretty), which is used to encrypt and authenticate emails, files, and other data to ensure the reliability and authenticity of communication data. This article will introduce the GPG technology and related tools, designed to help online surfers "sincere" communication. First, PGP overview before introducing GPG, let's take a look at the basic principles and application rules of PGP. Like many cryptographic methods, PGP uses a double key to encrypt data. Each person who uses PGP encryption will create a pair of keys, one called a public key and the other a private key. Public keys can be widely disseminated and even stored in public key databases to be consulted by other Internet users. Private keys belong to personal information and should never be leaked to others. The public key and the private key interact to encrypt and decrypt the data. The data encrypted by the public key can only be decrypted by the private key, and the data encrypted by the private key can only be decrypted by a public key. This enables dual authentication. The user first encrypts the information using the user's public key before sending the key message to the specified person. Since only the user's private key can be used to decrypt the sent message, it is guaranteed that others without the private key will not decrypt the information. In addition, users can use his private key to encrypt information and then send it to many people. Because only the sender's public key can be used to decrypt the received information, the receiver can be assured that the information is indeed from someone. Ii. Acquisition and Installation GPG we mentioned earlier that GPG is a non-commercial version of PGP, a free version. Therefore, understanding and mastering GPG Technology has great practical value and popularization effect. GPG's download address is Http://www.gnupg.org/download.htmlGPG's current version is 1.0.6, plus a security patch. Also download the 2 files gnupg-1.0.6.tar.gz and gnupg-1.0.5-1.0.6.diff.gz, unzip them, install patches, and run configure scripts to configure them. Note that the configuration options are available to most users after the default installation. Then, run make and make install install the GPG binaries and other components. Related commands are as follows: $ tar-xzf gnupg-1.0.4.tar.gz$ CD gnupg-1.0.4$ PATCH-P1 /gnupg-1.0.4.security-patch1.diffpatching file g10/mainproc.cpatching file g10/plaintext.cpatching file g10/ openfile.c$./Configure ... [Output of Configure]...$ make ... [Output of Make]...$ supassword:# make install ... [Output of Make install]...# exit$ Three, create a public key and a private key before sending or receiving encrypted data, you first need to create a pair of keys, that is, the public key and the private key. We can do this by using the following command: $ GPG--gen-key If you are using GPG,GPG for the first time, create a directory $home/.gnupg. Then we have to run this command again and then answer the list of issues that are listed in the PGP sequence. For these problems, simply select the default value. The following is a related command execution: $ GPG--gen-keyplease Select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection? 1DSA KeyPair'll have 1024 bits. About to generate a new elg-e keypair. Minimum keysize is 768 bits default KeySize are 1024 bits highest suggested keysize is 2048 bitswhat does you keysize? (1024) 1024Requested keysize is 1024 bitsplease specify "How long" the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n Yearskey is valid for? (0) 0Key does not expire to Allis this correct (y)? Yyou need a User-id to identify your key; The SoftwarecOnstructs the user ID from real Name, Comment andemail address in this Form:heinrich Heine (Der dichter) Real Name:joe U Seremail ADDRESS:JOE@MYNET.NETCOMMENT:PGP rules! Selected this User-id:joe USER (PGP rules!) Change (N) AME, (C) omment, (E) mail or (O) kay/(Q) uit? Oyou need a passphrase to protect your key. Enter Passphrase:repeat Passphrase: Please note that when you enter the passphrase at the end, do not set it randomly. It is recommended that you set the passphrase according to the general rules for setting passwords. To get here, GPG will start creating the key. But you may see the following message: Not enough random bytes available. Please don't some otherwork to give the OS a chance to collect more entropy! This is because, before creating the key, the GPG also needs some small but stable random number information. In Linux, typically, GPG gets these random numbers from the/dev/random device and is best in the current state of the system's operation. We can do the random number creation work by moving the mouse or tapping several shift and CTRL keys. Eventually, you will receive the information GPG successfully created the key: public and secret key created and signed. Four, the operation of key issues related to key operations include: Key list, key import, key export, key signature and user trust, described below. 1, Key list key list is very important to get the key list and its owner's name, email address commands and implementation of the following: $ GPG--list-keys/home/joe/.gnupg/pubring.gpgpub 1024d/d9bac463 2001-01-03 Joe User (PGP rules!) Sub 1024g/5ee5d252 2001-01-03pub 1024d/4f03bd39 2001-01-Mike Socks (I ' m WIRED) sub 1024g/fdbb477d 2001-01-15$ the output of each row contains a public key information for encrypting the file and an email address to which the encrypted data can be sent. 2, key Import and export key import and export operations in the PGP world is almost commonplace, because in order to secure the exchange of data, the sender and receiver must first have mutual spoons, and to achieve this goal requires the import and export of keys. First look at how to export the key. Suppose the user is Mike, the specific command is: $ GPG--export mike@mynet.net >mike.gpg So, For mike@mynet.net the public key information is saved to the MIKE.GPG file, then Mike can be used to spread MYKEY.GPG to friends, partners, to achieve secure communication. But this mike.gpg is a file in an unreadable format, meaning that its contents look cluttered. Can I generate an export key file in standard ASCII format? Of course, add a "-a" parameter, and the command is as follows: $ gpg-a--export mike@mynet.net >MIKE.GPG The new mike.gpg has a good format and contains the same public key information as well as a regular authentication string. Then look at how to import the key, which is similar to the export key, assuming that the user is God, and that the command is: $ GPG--import mike.gpg so that God can receive email messages from Mike, with the public key from Mike. 3, key signature and user trust although in theory, with a public key and private key can achieve secure information communication, but in practical applications, but also the public key must be validated. Because there is a real possibility of forging public key information. Thus, a complex trust system is introduced into the GPG to help us distinguish which keys are true and which are false. This trust system is based on the key, including key signature. When you receive a public key from an acquaintance and gpg that there is no entity-trusted information attached to the public key, the first thing is to "fingerprint" the key (fingerprint). For example, when we import the public key from Mike and GPG tells us that there is no additional trusted information for the key, the first thing we need to do is "fingerprint" the new key, and the relevant commands and execution are as follows: $ GPG--fingerprint Mike@hairnet.orgpub 1024d/4f03bd39 2001-01-15 Mike Socks (I ' m WIRED) Key fingerprint = B121 5431 8de4 e3a8 4aa7 737D 20BE 0db8 4f03 bd39sub 1024g/fdbb477d This is how the fingerprint information from the key data is generated. and should be unique. Then we call Mike and confirm two things. First of all, whether he sent us a secret key, and secondly, what his public key fingerprint information was. If Mike confirms these two things, we can be sure that the key is legal. Next, we sign the key to indicate that the key comes from Mike and we trust the key, and the relevant commands and implementation are as follows: $ GPG--sign-key mike@hairnet.orgpub 1024d/4f03bd39 created: 2001-01-15 expires:neversub 1024g/fdbb477d created:2001-01-15 expires:never (1) Mike Socks (I ' m WIRED) pub 1024d/4f03bd3 9 created:2001-01-15 expires:neverfingerprint = B121 5431 8de4 e3a8 4aa7 737D 20BE 0db8 4f03 bd39mike Socks (I ' m WIRED) Are you really throaty so you want to sign this keywith your User (I ' m Key:ima ME) ethically really? Yyou need a passphrase to unlock the secret key Foruser:ima User (I ' m ethically ME) 1024-bit DSA key, ID d9bac463, created 200 1-01-03enter passphrase:$ executes this and uses our private key to sign up to Mike's public key, and anyone holding our public key can verify that the signature really belongs to us. The signature information attached to Mike's public key will travel around the internet world, and we use our personal credit, our own private key, to ensure that the key is really Mike. What a touching and honest story,:-) Should real-world people reflect on this rigorous technical standard? Still isback here. The command to obtain a list of signed information attached to a public key is: GPG--check-sigs mike@hairnet.org The longer the signature list, the greater the credibility of the key. In fact, it is the signature system itself provides the key verification function. Let's say we've received a key that's signed as Mike, and we've trusted the key with Mike's public key, and we've verified that the signature belongs to Mike. By extension, we can trust any key that Mike signed. To be more secure, GPG also introduces another additional feature: the trusted level. With it, we can specify the trust level for the owner of any key we have. For example, even though we know that Mike's public key is trustworthy, we can't actually trust Mike's judgment on the other keys, and we'll think that Mike may have signed only a few of the keys, but didn't check them properly. The command to set the trust level and its implementation are as follows: $ GPG--edit-key mike@hairnet.orgpub 1024d/4f03bd39 created:2001-01-15 expires:never:-/fsub 102 4g/fdbb477d created:2001-01-15 expires:never (1) Mike Socks (i ' m WIRED) command> Trust 1 = Don ' t know 2 = I does not Tru St 3 = I trust marginally 4 = I trust fully s = Please show me more information m = back to the main menuyour decision? 2command> quit$ executes trust in the command-editing environment and then chooses Level 2 (I does not) so that we cut any chain of trusts so that each key must go through Mike's signature. V. Use GPG to send and receive data below we begin to discuss how to use GPG to send and receive data, this is day by day work, must understand and skilled. In the PGP overview that began in this article, we mentioned two ways of data interchange, which we now conceptualize: Data signature Transmission (signed): The sender uses the private key to encrypt the data, and the receiver uses the public key to decrypt the data. Data encryption Transmission (Encrypted): The sender uses the public key to encrypt the data, and the receiver uses the private key to decrypt the data. The following details are described separately. 1. Data signatureThe sender uses the private key to sign the data, the receiver has the sender's public key, trusts it, and uses it to verify the integrity of the received data. The easiest way to sign data is to use the ClearSign command, which will allow GPG to create an easy to read signature that is good for sending emails. The specific orders and implementation are as follows: $ GPG--clearsign mymessage.txtyou need a passphrase to unlock the secret key Foruser:ima User (I ' m ethically ME) 1024-bit DSA Key, ID d9bac463, created 2001-01-15enter passphrase:$ input passphrase, A new file with the. asc extension will be generated, and this is MYMESSAGE.TXT.ASC. This file contains the original contents of the Mymessage.txt file and a signature message as follows:-----BEGIN PGP SIGNATURE-----version:gnupg v1.0.1 (GNU) comment:for Info-http://www.gnupg.orgiD8DBQE6YouhU87DFNm6xGMRAiwqAJ4mnviKz5wA9HFhCW9PG6zl7A2LPACgk0SBn+ ywict4sctvkssgezgkiuk==wnx/-----End PGP SIGNATURE-----When the recipient receives the information or file containing the above signature, he can use the sender's public key to verify the integrity of the information, and the specific commands and implementation are as follows: $ GPG- -verify Message.txt.ascgpg:Signature made Sat 22:33:21 2001 MST using DSA key D9bac463gpg:good Signature from Ima User (I ' m ethically ME) $2, data encryption transmission The 2nd way is to allow individuals to see the sending of information, the so-called "letter" has a single clock. The sender uses its public key to encrypt the file or data, and the receiver decrypts the received data using the sender's private key. The encryption command contains two parts, one part specifies the recipient's email, and the other part specifies the file to encrypt. The specific order is as follows: $ gpg-r mike@hairnet.org-a--encrypt MessageThe output of. txt is MESSAGE.TXT.ASC file, similar to the following:-----BEGIN PGP Message-----version:gnupg v1.0.1 (GNU) comment:for Info http://www.gnupg.orghQEOA/Yj7lT9u0d9EAQAhE+KaGfMzvRfCdrfW2EYzuu+YeaKdoJksHB16CO7RsZCDkllV/uma/ rmj5pidzfov8pgjqdq9m+n9yxovnug3xitwhuvffqm1kwxk9e0udos7tb2cm+k8uk18hbi/eanrv+a3a5yqr6nvy0ocxheohg3+ 9ursfc8uobqma64/vud/io0eqiixemery2usn7e+ob1/ w4fucrt7ffwctvmgduuqpy8ukesth7u43nlpsf56uppjatxcojjqocf17xnfxqjpm9c0uypdjljxymp74xrot+ lhvgcakk56t0aggvoi5nmflxocia2n/kdalztjy7cizlnueyvu4nrbt7pv4ttyelxyb70mw94wlr5blljs+fyuer31i790qo+265is4qpa+ zxxit5kcf8tt1gvpazojxmo0wrkuooyrcd7lqdoz3exhcgekkjfzrwjtqvl/ qvamfjwsyhaiutla60ihyxiqazlwloyoxs9oois49ghlyg6hsemjew+ftx8xipoofdxzhrjjue897igew62mf6hlr4anb1kwrlh7d7xdr829+ sckzlsrtbvl3/dsw5fcrcfybs51ahstdywyvnu4rqsoljv5c6dxew9gre+wps5s7k0kotlk4vozji2bybtzxgjqnr7ytpu1qmn2+ 10tphx6mlkufv/bjzbatj3c0vaus4xskoslzgbux/8veqhx4gc0lsrlqn14m9cp/tzzn0dizstbm2aq58zk0wzzvbtmb06hdyvklrclkmynbt3 /puldiidexnckqn5bjgd/elttkammhn9oiidhwa9olrtcxoljpf4kgg1q6y6pgy2sklyQhi8a4q8voqnjdzf/sbkvlngji5hyf6rvkdcf0m/l0heqemn4ayfbj7lzt2zh4i3jswyv4ff+twjd09xanziki791fasbvmxspht4sdw+r75jr /fv0irpmsy8kdjw/+kejqwcmrqdbm3ehoescoouxsl8jb39vx+1h32p1bedvyqihza+tomhsp/y3i+ex52mc8+ 8xmcukhft0dcvcnfk2h0hkvfuebkw8y2jgdfjzb+cdx33aapr6fw9cixvi+1nfoz+ciwvziyyecnuze4l3jikjw3ry2to4e/wuymn+ Zksmb6xlhmsora9qhwy+s/pp9d8qiqweolg4cncjzbzwvomf4dmcdwnjsw3mxggyvmpf52wxvvftp1yjnbhbu+is8/zr1p04efd+ kog1wtwpfrdhkq1o1fn/ oxyx1op7pvr5bk05haqymi0vlwkcv59ryeyqqoqoiefl0hewdgy1gdj0r0ehyuzlnblfbshj2otrpcqhuxb27eu3c4or/n++7exhg/ mnb8wpfb82cbip8xdf9q+3b73b7mytnjpayj4p2ocv9zf1dh9hhat7byd37hvjllnxe07kyolmwb9+48meo/o+ YJN5OEJ60WIPRDCIP4TUOAWC9EDFED64QLXST9MBYCLRC5DWIMYZFDYAUIHU3MNHUFERXVARJ/5LJTJUGHA/P/OUQBSCLEHQ==2SGQ-----End PGP Message-----Note that information that is encrypted by the above method can also be signed by adding a-s parameter to the above command. To decrypt the encrypted data above, the receiver can use the-decrypt command and specify the location of the output redirection. The specific orders and implementation are as follows: $ GPG--decrypt message.txt.asc > Message.txtyou need a passphrase to unlock the secret key Foruser:pipi Socks (I ' m WIRED) 1024-bit elg-e key, ID fdbb477d, createdAfter the 2001-01-15enter passphrase:$ recipient enters passphrase, the encrypted information is decrypted and then imported into the file message.txt. Six, the conclusion above introduced the Free encryption tool GPG the concept, the principle and the use method, can see, the entire operation flow is very easy to understand and the operation. I believe that you have mastered the Internet and friends in a safe way of communication, then, let us flexible and skilled use of this method, the Internet more real life! To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title of the party (0 Votes) passed (0 Votes) Original: With free GPG encrypted send and receive email back to the network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.