System Security GunPG User Guide

Article Title: simple guide to System Security GunPG. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, embedded systems and open source, and other basic classification "GunPG is a completely free public key encryption technology software package. In enterprise network applications, using GunPG to digitally sign or encrypt the information transmitted over the public network or LAN helps improve the security of the enterprise network and reduce the security verification cost. "

Download fromOfficial GunPG website. If you are interested in this aspect, you can readOriginalTo participate in relevant surveys.

By Mike Gaul
From: www.bymg.com

GunPG is a completely free public key encryption technology package, which has four meanings:

1. Like all other GUN products, you can get it for free.
2. You can get its source code and install the GUN library. The General Public License (LGPL) stipulates that anyone can modify it and release it again. Unlike the General Public License Agreement (GPL), LGPL also allows commercial vendors to write specialized software products built on GunPG without being forced to publish their source code.
3. This avoids patented algorithms such as IDEA and RSA. Therefore, you do not have to pay a license fee to either party to use it.
4. GnuPG was developed in Germany, so it escaped the export restrictions of the United States.

Before using GunPG, let's talk about the application of the public key encryption technology. The language here is just what I understand and may not be very accurate. If you need an accurate description, view related books.

1. When a "key" is generated, a pair of "key" are generated: public key and private key. Public key, as the name implies, is a public "key", so the private key is the "key" that you keep secretly ".
2. Someone A wants to send you A message, but wants not to let others know. Then, he can use the public key you published to encrypt messages into passwords. If others get the ciphertext, there is no way to decrypt it. If you get the ciphertext, you can use the private key you reserve to decrypt the ciphertext. This process is the process of "encryption and decryption.
3. You send A message to someone A, but A may doubt whether the message is actually sent by you. Then you can use your private key to mark the message. To verify that the message was sent by you, A can use the public key you published for verification. This process of marking a message is "Digital Signature ".
4. There is trust between A and B, and between B and C. So, to establish trust between A and C, you can ......

Note the following:

1. Note that the public key you get is actually from the person you think. If not, all trust will no longer exist.
2. Generally, it is not a good way to save a person's private key in a multi-user system. It may be accessed by other users. You should always save the private key on a floppy disk (for backup) and lock both when not in use.

The actual operation uses the other party's public key to encrypt the information and send the information to the other party.

1. To encrypt information using the peer public key, you must first obtain the peer public key and then use gpg -- import for import.
2. Then, use gpg -- sign-key name to sign the public key to confirm that the public key is correct and valid. If you do not perform this step, the following information appears:
   

   Gpg: BB2CFA5A: There is no indication that this key really belongs to the owner1024g/BB2CFA5A 2003-12-09 "...... (This part is ignored) "Primary key fingerprint :...... (This part is ignored) Subkey fingerprint :...... (This part is ignored) It is NOT certain that the key belongs to the person namedin the user ID. if you * really * know what you are doing, you may answer the next question with yesUse this key anyway? Of course, you can also enter "y. But a prompt is displayed every time.

3. Use the following command to encrypt the file:
   gpg --encrypt --recipient name --armor secret_file
   To encrypt and add a digital signature, you must:
   gpg --recipient user_name --sign --encrypt --armor msg_file

Quick Reference

1. Generate a key pair:
   gpg --export --armor
2. Put forward the public key and display it on the screen:
   gpg --export
3. Extract the public key and only use printable characters (ASCII ):
   gpg --export --armor
4. Import the public key from key. asc:
   gpg --import key.asc
5. List all keys of my public key string
   gpg --list-keys
6. List all keys and signatures (certificates) in a public key string)
   gpg --list-sigs
7. List my private keys (one or more)
   gpg --list-secret-keys
8. Fingerprint of a public key
   gpg --fingerprint [user]
9. Perform operations on user keys
   gpg --edit-key user_name
10. Encrypt the information in the file msg, and only the user can read it.
    gpg --encrypt --armor --recipient user msg_file
11. Decrypts A received message.
    gpg --decrypt msg_file
12. Use my private key to sign a message and print the output
    gpg --sign --armor msg_file
13. Use my private key to transparently sign a message (keep the message readable)
    gpg --clearsign msg_file
14. Check whether a signature message I received comes from a verified user.
    gpg --verify signed_msg_file
15. Sign and encrypt a message and print the output
    gpg --recipient user_name --sign --encrypt --armor msg_file