Gpg command encryption and decryption and signature verification instance

Source: Internet
Author: User
Tags gnupg
Gpg command encryption and decryption and signature verification instance-Linux general technology-Linux technology and application information, the following is a detailed description. 1. Explore gpg commands
$ Which gpg
/Usr/bin/gpg
$ Rpm-qf/usr/bin/gpg
Gnupg-1.0.6-5
$ Rpm-ql gnupg
2. To start using GnuPG, you must first generate a new set of key pairs: public and private keys.
. 1. Use normal account permissions to create the./gnupg directory and./gnupg/options file:
$ Gpg -- gen-key
Gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with absolutely no warranty.
This is free software, and you are welcome to redistribute it
Under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? [Enter]
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) [enter]
Requested keysize is 2048 bits
Please specify how long the key shocould be valid.
0 = key does not expire
= Key expires in n days
W = key expires in n weeks
M = key expires in n months
Y = key expires in n years
Key is valid? (0) [enter]
Key does not expire at all
Is this correct? (Y/N) y [enter]

You need a User-ID to identify your key; the software constructs the user id
From Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: hello
Email address: xxxxx@163.com
Comment: no
You selected this USER-ID:
"Hello (no) "
Change (N) ame, (C) omment, (E) mail or (O) kay/(Q) uit? O
You need a Passphrase to protect your secret key.
[Enter the actual user name and e-mail for the communication party, Comment (Comment) is optional]
Enter Password
Enter passphrase: xxxxxxxxxx
Repeat passphrase: xxxxxxxxxx
We need to generate a lot of random bytes. It is a good idea to perform
Some other action (type on the keyboard ,....................
........................................ .........
........................................ .........
++. ++. ++. ++
Public and secret key created and signed.
------------------------------------------------
[If you have changed the input information ~ /. Delete files except options in the gnupg directory, run the gpg -- gen-key command, or use the edit option of gpg.]
Put the key pair in ~ /. Output your key in the gnupg directory:
$ Gpg -- list-keys
-------------------------------
Gpg: Warning: using insecure memory!
/Home/xxxxx/. gnupg/pubring. gpg
------------------------------
Pub 1024D/A2CCCBF3 2005-06-21 hello (no)
Sub 1024g/84F6D7B9 2005-06-21
------------------------------
[Pub (public key) --- public key, ID: A2CCCBF3
Sub (private key) --- secret key or private key, ID: 84F6D7B9]
[Gpg: Warning: using insecure memory! Warning: The Memory Page is not locked. If the root account is used for operation, the error message is not displayed. This error message is usually caused by security issues related to online connection operations! If the problem persists, make the following changes: # chmod 4755/usr/bin/gpg]
# Instance 1: Use the Gnupg key to encrypt and decrypt files .##
$ Cd
$ Vi gpg-test
------------------------
Hello!
Good morning
Viewer
The last viewer checked out of their rooms in the morning.
If you don't get off work, others will cook at home.
------------------------
To Encrypt an ASCII file:
$ Gpg-ea-r hello gpg-test
$ Ls gpg-test *
Gpg-test.asc gpg-test
$ Cat gpg-test.asc
Decrypt the file:
$ Gpg-o gpg-test.file -- decrypt gpg-test.asc
-----------------------------------
Gpg: Warning: using insecure memory!
You need a passphrase to unlock the secret key
User: "hello (no) "
1024-bit ELG-E key, ID 84F6D7B9, created (main key ID A2CCCBF3)
Enter passphrase: [Enter the password xxxxxxxxxx when generating the key pair]
Gpg: encrypted with 1024-bit ELG-E key, ID 84F6D7B9, created
"Hello (no) "
-----------------------------------
[The keys here refer to public keys and private keys. We can see from the above IDCs that files are encrypted with public keys and decrypted with private keys. if you want others to communicate with you through encrypted files, tell them the public key.]
$ Ls gpg-test *
Gpg-test gpg-test.asc gpg-test.file
$ Diff gpg-test gpg-test.file
$ Cat gpg-test.file
[Here, the encryption/decryption method uses the RSA algorithm. The public key and private key are complementary. Theoretically, they cannot be cracked, and no one has tried it.]
# Instance 2: Gnupg verification package ##
To test the installation of a CD, first attach the CD and then copy the software:
$ Cp/mnt/cdrom/RedHat/RPMS/htmlview-2.0.0-1.noarch.rpm/tmp/
$ Cd/tmp
Verify software with rpm (option: -- checksig or-K)
$ Rpm -- checksig htmlview-2.0.0-1.noarch.rpm
Htmlview-2.0.0-1.noarch.rpm: md5 (GPG) not OK (MISSING KEYS: GPG # DB42A60E)
[The key ring does not have the public key of the software package to which htmlview belongs.]
$ Rpm -- checksig -- nogpg htmlview-2.0.0-1.noarch.rpm
Htmlview-2.0.0-1.noarch.rpm: md5 OK
[Md5 OK indicates that the transfer software has not been tampered with.]
Author of the digital signature verification software.
(The digital signature uses the private key to encrypt the software feature value .)
$ Cp/mnt/cdrom/RPM-GPG-KEY ./
$ Less./RPM-GPG-KEY
Import software group public keys:
$ Gpg -- import RPM-GPG-KEY
Gpg: Warning: using insecure memory!
Gpg: key DB42A60E: public key imported
Gpg: Total number processed: 1
Gpg: imported: 1
$ Gpg -- list-keys
Gpg: Warning: using insecure memory!
/Home/ideal/. gnupg/pubring. gpg
------------------------------
Pub 1024D/A2CCCBF3 2005-06-21 hello (no)
Sub 1024g/84F6D7B9 2005-06-21
Pub 1024D/DB42A60E 2012-0-09-23 Red Hat, Inc
Sub 2048g/961630A2
$ Rpm -- checksig htmlv *. rpm
Htmlview-2.0.0-1.noarch.rpm: md5 gpg OK
# Example 3: Verify the separation signature of the Bastille RPM release package :##
Here we only describe how to verify the digital signature. Bastille 1.3.0 does not include the digital signature and has a separate signature package. It is a little different from the above.
Download In http://www.sourcefourge.net/projects/bastille-linux:
Main software: Bastille-1.3.0-1.0mdk.noarch.rpm
Signature package: Bastille-1.3.0-1.0mdk.noarch.rpm.asc
Http://www.bastille-linux.org/key download Bastille Public key: bastille-key
Import public key:
$ Gpg -- import bastille-key
Verify the Bastille digital signature:
$ Gpg -- verify Bastille-1.3.0-1.0mdk.noarch.rpm.asc Bastille-1.3.0-1.0mdk.noarch.rpm
Display: .............. gpg OK
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.