This article consists of Ilanniweb provide friendship sponsorship, starting in the mud row of the world
To get more articles, you can follow my ilanniweb.
Why study GPG? Because you want to encrypt the password of a mailbox under Linux, do not let others see the real password of the mailbox.
In order not to let others see the real mailbox password, we need to encrypt it.
Encryption is done by first writing the password to a file a, and then encrypting the file a with the associated encryption software to generate a new file B. At this point, delete file a again.
When other programs call the mailbox password, only the encrypted file B is called, and file B is decrypted.
Encryption we are using the GPG tool, below we introduce the next GPGP.
I. What is GPG?
GPG is the abbreviation for GNU Privacy Guard or GnuPG, which is a cryptographic software for encryption, digital signatures, and asymmetric key pair generation.
GPG uses an asymmetric encryption algorithm with a high degree of security. The so-called asymmetric encryption algorithm is that each user has a pair of keys: the public key and the private key. Where the private key is saved by the user, the public key is distributed to others as much as possible so that other people can communicate with the user.
ii. installation of GPG
The installation of GPG is very simple, and here we take Ubuntu 14.04 server as an example. As follows:
sudo apt-get-y install GnuPG gnupg-agent rng-tools
CENTOS6 has been installed by default GPG, we also need to install rng-tools can be used normally. As follows:
Yum-y Install Rng-tools
Once the GPG installation is complete, we can use the GPG--help command to see how GPG is used. As follows:
GPG--help
Through, we can see that GPG has many options. Here we do not introduce each, the following article will introduce a few more commonly used commands.
third, the creation of GPG key pair
In the first chapter, we have introduced GPG using asymmetric encryption algorithms. Asymmetric encryption algorithms require a pair of key pairs: a public key, a private key.
Now we're going to create this pair of keys, using the GPG--gen-key command. As follows:
GPG--gen-key
In this diagram above, we must select the first item because only the first item is used for encryption, and several other items are used for signing.
In this diagram above, we select the validity period of the key according to the actual situation. This default is used permanently and never expires.
In this diagram above, the encryption length of the configuration key is configured. The default is 2048bit, the longer the key length, the slower the encryption. Here we are using the default configuration.
This information about the user who filled in the key.
, there are two places to keep in mind. The first is the private key password that is set, and the second is the key ID that generates the key.
The private key password is required for decryption. The key ID is required to encrypt the file.
Iv. Encrypting Files
Once the key pair has been created, we will now use the key to encrypt a file a.
4.1 Create file Filea
First create the file Filea, the content is Ilannipassword. As follows:
VI Filea
Ilannipassword
4.2 Encrypting Files Filea
Once the file Filea is created, we will now use GPG to encrypt the file Filea. Use the Gpg–e command. As follows:
GPG-E-R Ilanni Filea
This command means that the file Filea is encrypted using the Ilanni user's key.
Through, we can clearly see GPG has the file Filea encrypted into a new file FILEA.GPG.
Now let's look at the encrypted file Filea.gpg, as follows:
Cat FILEA.GPG
Through, we can clearly see FILEA.GPG file is a bunch of garbled. This achieves the effect of encryption.
Five, decrypt the file
File Filea is encrypted to form a new file filea.gpg, if we want to know the contents of the Filea file before encrypting, then we need to decrypt the filea.gpg file.
To decrypt a GPG encrypted file, we need to use the Ilanni user's public and private key.
In this case, we are decrypting on machine a ilanni this user key generation. If you decrypt the FILEA.GPG file on another machine B, you will need to import the Ilanni user's private key and public key on the B machine. Otherwise, the decryption of the FILEA.GPG file cannot be completed.
To decrypt the FILEA.GPG, just use the gpg–d command. However, given that our program does not require human interaction, we have used the following commands.
GPG--no-use-agent--passphrase=ilanni-q--no-tty-d filea.gpg
Through, we can obviously see that the FILEA.GPG file has been successfully decrypted.
Vi. parameter introduction of GPG
GPG parameters are more, the following is a little introduction, often used to several parameters.
--gen-key: Generate a new pair of keys
--fingerprint: Show fingerprint
--send-keys: Export the key to a public key server
--recv-keys: Importing keys from a public key server
-A,--armor: output is ASCII encapsulated
-R,--recipient User-id: Encryption for recipient "XXX"
-E,--encrypt: Encrypt data
-D,--decrypt: Decrypting data
-O,--output file: Specify Output file
--list-keys: Show All public keys
--list-secret-key: Show all private keys
--delete-keys: Deleting the public key
--delete-secret-keys: Delete private key
--delete-secret-and-public-keys: Deleting public and private keys
--import: Importing public and private keys
--no-use-agent: Do not use user agents
--passphrase: Private Key password
--no-tty: Terminal does not display information when GPG is executed
--quiet: Use Quiet mode
Vii. Other methods of use of GPG
Below are the following examples of the use of GPG parameters, as follows.
7.1 gpg View all public keys
GPG--list-key
7.2 GPG View all private keys
GPG--list-secret-key
7.3 GPG Delete key
GPG--delete-secret-keys 01ba7978 Remove the private key first
GPG--delete-keys 73391fb6 Remove the public key again
You can also delete all of them using one command, as follows:
GPG--delete-secret-and-public-keys bfa7ff09
7.4 gpg Export Public Key
Gpg-a-o duanzhanling.asc--export bfa7ff09
7.5 GPG Export Private Key
Gpg-a-o duanzhanling-sec.asc--export-secret-key 0b7f4055
7.6 gpg Import Key
Import both the private and public keys with the following command GPG--import
GPG--import DUANZHANLING.ASC Import Public key
GPG--import DUANZHANLING-SEC.ASC Import private key
Slime: GPG plus decryption software learning