GNU Privacy Guard encryption Guide

Source: Internet
Author: User
Tags sha1 hash strong password

Encryption technology can ensure that your files are stored in encrypted form, whether you want to disclose them to the Internet, back up them to the server, use a USB flash drive, or store them in a notebook. Encryption of your data means that no one else can read your data unless it is the recipient you acknowledge. This prevents information leakage.

GPG (GNU Privacy Guard)


GPG is short for GNU Privacy Guard. It is a key-based encryption method that uses a pair of keys to encrypt and decrypt messages to ensure secure transmission of messages. At first, the user generates a pair of public and private keys through the digital certificate authentication software. Any other user who wants to send an encrypted message to the user must first obtain the recipient's public key from the public directory of the Certificate Authority, then encrypt the information with the public key, and then send it to the recipient. After receiving the encrypted message, the recipient can use his/her own private key for decryption, which should not be obtained by others.

GPG uses the public key and Private Key

The public key is a public key shared by you. It can be sent to anyone who wants to receive the encrypted information. They can use your public key to encrypt the information. The Public Key itself cannot be used to decrypt the encrypted information. Only you-the person with the corresponding private key-can decrypt the information. The private key is your own private password, which can be used to decrypt the Information encrypted with your public key. If you leak the private key to someone else, you can decrypt it and view the Information encrypted with your public key.


Use GPG in the terminal

Most Linux distributions now include GPG by default. If you want to check, open the terminal and enter:
1. $ gpg -- version

Then you should see the version. If so, you don't need to do anything else. Otherwise, you need to install GPG from your release software repository.

Generate key

To use GPG to encrypt your communication, you must first create a pair of passwords. First, open the terminal and run the following command:
1. $ gpg -- gen-key

The following message is displayed:
1. Pleaseselect what kind of key you want:
2. (1) DSA andElgamal (default)
3. (2) DSA (sign only)
4. (5) RSA (sign only)
5. Your selection?

Select number 1, because it can be used for encryption and decryption. The second and third options only allow you to sign the information. Press the number 1 and press Enter.

The following message is displayed:
1.1 DSA key-pair will have 1024 bits.
2.2 ELG-E keys may be between 1024and4096 bits long.
3.3 What key-size do you want? (2048)

Enter "2048", as recommended by GPG. If you do not want your key to expire (select 0 in the prompt below ). If you are prompted whether the information is correct, answer Yes and enter your real name, email address, and description (optional ). If everything goes well, press "oh" (corresponding to OK) and then press Enter.

After that, you will be prompted to enter a password, which will be required to be entered again. Generally, use a strong password that is difficult to crack, rather than the name, address, birthday, or word.

After the password is lost, follow the prompts in the terminal: We need to generate a large number of random numbers. We recommend that you do these actions during the process of generating prime numbers (by hitting the keyboard, move the mouse to read and write the hard disk). This gives the random number generator a chance to obtain a larger entropy.

After the key is generated, you will see a similar message: gpg: key 083C39A4 marked as ultimately trusted. public and secret key created and signed


Key Server

The key server is used to publish your public key and distribute it to other people's servers, so that other users can easily follow the name (or e-mail address) in your database) to obtain your public key and send you encrypted information. In this way, you can avoid copying the Public Key directly to your friends, and let others find you directly through the online database.

Upload your public key to the Key Server:

  1. $ Gpg -- send-keys -- keyserver [] [yourpublicid]

You need to replace with the server you selected (or use to synchronize with other servers), you also needYourpublicidReplace it with yours. The final command will look like the following:

  1. $ Gpg -- send-keys -- keyserver hkp: // 083C39A4
Encrypted File

If you want to send a file encrypted with its public key to your friend, run the following command:

  1. $ Gpg-o encrypted_file.gpg -- encrypt-r key-id original. file

Command explanation:

  1. -O encrypted_file.gpg = Specify the output file
  2. -- Encrypt = encrypt
  3. -R = the receiver's KEY-ID. For example, enter your friend's KEY-ID here.
  4. Original. file = specifies the file to be encrypted
Decrypt a file

If someone sends you a file encrypted with your public key, you can decrypt it as follows:

  1. $ Gpg -- decrypt filename. gpg
Symmetric encryption

You can also use GPG for symmetric encryption to add a password to the file. This is different from public key encryption. In symmetric encryption, the same key is used for encryption and decryption. This method is simple when processing information, but the confidentiality is not so good, because the password needs to be told to the recipient. The following is a command to encrypt a file with a password:

  1. $ Gpg-c filename.txt

To decrypt the file, run the following command:

  1. $ Gpg filename.txt

Then, you will be prompted to enter the password, and then the file will be decrypted.

Document Digital Signature

A digital signature is very similar to signing your name at the end of a letter or an important file. It indicates that this file was indeed issued by you. By digital signature, it calculates the SHA1 hash value of the entire file content, and then attaches this value to the end of the signature. If the file content is tampered with, the signature verification fails and can be used to identify forgery. If you edit the file after signing the file, the signature verification fails because the SHA1 hash value of the file is different from that of the previous signature.

Sign a file and run the following command:

  1. $ Gpg -- clearsign filename.txt
Generate destruction key

You can revoke your public key when your private key is leaked or suspected to be leaked. Use the following command to create a destroy key:

  1. $ Gpg -- output revoke. asc -- gen-revoke keyid

Save the destroy key to a safe place. Anyone can use it to invalidate your key. (You can use symmetric encryption to encrypt your destruction key file .)

Tips for using GPG on a terminal

Run the following command to view the imported GPG key:

  1. $ Gpg -- list-keys

The list of keys registered with your email will be listed later (because there is only one key, it only lists your own keys). Then, you can view your KEY-ID and submit it to the KEY server using the commands described above.

The private key and public key in your key chain are displayed.

  1. $ Gpg -- list-public-keys # The public Key is listed.
  2. $ Gpg -- list-secret-keys # the private key is listed.
Import key
  1. $ Gpg -- import KEYFILE

The KEYFILE in the command should be the public key file name to be imported. (If the file is not in the main directory, use the cd command to switch to the directory of the file, and then execute the above command)

Export the public key to a file

Use the following command to export your public key to ASCII format:

  1. $ Gpg -- export-a> publickey. asc


About Richard White

Richard is a technology enthusiast and is known as a geek on more than one occasion. He is also the author of three books. The latest book "privacy in the Digital Age" will be published in July. He is also the editor and driver of websites in the digital age. The purpose of the digital age is to provide resources and tools to achieve and maintain anonymity, security, and privacy. Ricard often writes privacy-related articles and is busy writing "CLI art" recently to collect open-source command line software. For more information about GNU Privacy Guard and how to use the graphical interface tool of GPG, visit the White digital age website.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.