Linux: GPG encryption and decryption (1)
With the development of network and computer technology, the security of data storage and data exchange has become more and more important. encryption technology has been used for data storage and data exchange for a long time. In order to ensure the correctness of the identity of both parties during network data exchange, the visa system is also mature. GPG is a set of tools used to encrypt data and create certificates. It is a completely free software product with open source code and fully compatible with PGP. As an Open Source Tool for encryption and digital signature, GPG comes with many Linux releases.
Next, let's take a look at how gpg encrypts and decrypts it.
Create a key
Gpg -- gen-key
Enter the content in basic English.
root@g140:~# gpg --gen-keygpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.gpg: directory `/root/.gnupg' createdgpg: new configuration file `/root/.gnupg/gpg.conf' createdgpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this rungpg: keyring `/root/.gnupg/secring.gpg' createdgpg: keyring `/root/.gnupg/pubring.gpg' createdPlease select what kind of key you want:(1) RSA and RSA (default)(2) DSA and Elgamal(3) DSA (sign only)(4) RSA (sign only)Your selection?RSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048)Requested keysize is 2048 bitsPlease specify how long the key should be valid.0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n yearsKey is valid for? (0)Key does not expire at allIs this correct? (y/N) yYou need a user ID to identify your key; the software constructs the user IDfrom the Real Name, Comment and Email Address in this form:"Heinrich Heine (Der Dichter) "Real name: chenshakeEmail address: shake.chen@gmail.comComment:You selected this USER-ID:"chenshake "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? OYou need a Passphrase to protect your secret key.We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.gpg: /root/.gnupg/trustdb.gpg: trustdb createdgpg: key AEAA16F3 marked as ultimately trustedpublic and secret key created and signed.gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1upub 2048R/AEAA16F3 2013-10-21Key fingerprint = B93B 05F8 9D63 5464 6DEE 6A08 EB9E D2BB AEAA 16F3uid chenshake sub 2048R/02B4038D 2013-10-21
This is the process above.
In the process of generating the key, it is very important to generate a random memory number. The command is as follows:
Dd if =/dev/zero of = test. dbf bs = 9000 count = 1000 k. Until the key is generated.