The GPG of Linux utilities

Objective:

GPG is the Free Software Foundation developed to replace the commercial encryption software PGP replacement, named GnuPG. GPG has many uses, this article mainly introduces file encryption. Red Hat series Linux packages are GNUPG2

Symmetric encryption Method:

1, practical GPG complete file encryption

How to use:gpg-c file

In the pop-up page enter two times password can encrypt the file, encryption will generate the original file name plus. GPG Encrypted file, note that at this time the unencrypted file still exists, you can delete the original file.

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/08/7F/wKiom1njQ36iC2qMAAAi3Sbthz4854.png "title=" 1.png "alt=" Wkiom1njq36ic2qmaaai3sbthz4854.png "/>

2. Identify encrypted files

How to use:gpg-d encrypted Files

Enter a password to view the file as it appears in the interface

3. Decrypt the encrypted files.

How to use:gpg-o newfilename-d file.gpg

Asymmetric Encryption Method:

First, the secret key generation

1.1 generating a public/private key pair on the Hosta host
GPG--gen-key

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/08/80/wKiom1njS--zRJ9yAADHxZALgjA691.png "title=" 1.png "alt=" Wkiom1njs--zrj9yaadhxzalgja691.png "/>

Choose the encryption algorithm interface, where 1 default encryption and certificates are used by the RSA algorithm.

1.2 Setting the password length

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/A7/34/wKioL1njSc6ha99qAAA25q--90E615.png "title=" 2.png "alt=" Wkiol1njsc6ha99qaaa25q--90e615.png "/>

Enter the secret key length, the longer the more secure. This returns the default 2048 bits directly.

1.3 Set Password expiration date

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/08/80/wKiom1njTejDEfM7AAB3qrf4nVA476.png "title=" 3.png "alt=" Wkiom1njtejdefm7aab3qrf4nva476.png "/>

If you determine the key can be properly managed can choose "0", never expire.

1.4 Enter the name of the mailbox information

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/08/80/wKiom1njUJDg0nmOAADBV6-Ij_Q102.png "title=" Personal information. png "alt=" Wkiom1njujdg0nmoaadbv6-ij_q102.png "/>

1.5 Enter the encrypted private key password in the popup box

1.6 The system starts generating the key

Doing more chores (like tapping the keyboard, moving the mouse, reading and writing hard drives, etc.) will give the random digital generator a better chance of getting enough entropy.

1.7 Generate key success

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/08/82/wKiom1njVhySkb4bAAAucysv-Ho652.png "title=" 1.png "alt=" Wkiom1njvhyskb4baaaucysv-ho652.png "/>

The string "eddd6d76", which is the "User ID" hash string, can be used instead of "User ID".

Second, the secret Key management

2.1 Viewing Secret keys

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/08/82/wKiom1njWJ7SRDydAABvw37A-lU943.png "title=" Ck.png "alt=" Wkiom1njwj7srdydaabvw37a-lu943.png "/>

2.2 Deleting keys and revoking certificates

#删除列表中某公钥gpg--delete-keys [user ID] #用户名ID可以为hash码或邮箱, user name # Delete a private key in the list GPG--delete-secret-keys [user ID] #撤销证书gpg--gen-revoke [User ID]

2.3 Uploading the public key to the server

GPG--send-keys [user ID]--keyserver hkp://subkeys.pgp.net

Because the public key server does not have a check mechanism, anyone can upload the public key in your name, so there is no way to guarantee the reliability of the public key on the server. In general, you can publish a public key fingerprint on your website to let others check to see if the public key you downloaded is true. The fingerprint parameter generates a public key fingerprint.

GPG--fingerprint [user ID]

Third, the realization of public key encryption transmission

3.1 in HostA on the host, export the public key to Wang.pubkey

Gpg-a--export-o Wang.pubkey

from HostA Copy the public key file on the host to the encrypted B on the host

SCP Wang.pubkey HostB:

3.2 If you want to encrypt the data HostB generate public key on host / private Key Pair

GPG--LIST-KEYSGPG--gen-key

in the HostB import public key on host

GPG--import WANG.PUBKEYGPG--list-keys

3.3 use from HostA host-Imported public key, encryption HostB hosts ' files file, Build

FILE.GPGGPG-E-R Wangxiaochun filefile FILE.GPG

Copy encrypted files to HostA Host

SCP FSTAB.GPG HostA:

3.4 in HostA Host decryption file

gpg-d File.gpggpg-o file-d FILE.GPG

Iv. Signature & Verification Signature

4.1 Signing the file

Do not encrypt the file, only need to sign the file, indicating that this file is actually issued by me. The sign parameter is used for signing.

GPG--sign Demo.txt

After running the above command, the current directory generates the DEMO.TXT.GPG file, which is the signature file. This file is stored by default in binary,

4.2 You can use the ClearSign parameter if you want to generate a signed file of ASCII code.

GPG--clearsign Demo.txt

After running the above command, the current directory generates the Demo.txt.asc file, and the suffix ASC indicates that the file is in ASCII form.

4.3 You can use the Detach-sign parameter if you want to generate a separate signature file that is stored separately from the contents of the file.

GPG--detach-sign Demo.txt

After running the above command, a separate signature file Demo.txt.sig is generated under the current directory. The file is in binary form, and armor parameters are added if you want to use the ASCII code form.

GPG--armor--detach-sign Demo.txt

4.4 Verifying signatures

When you receive a file signed by someone else, you need to verify that the signature is true with the other's public key. The verify parameter is used to verify.

GPG--verify DEMO.TXT.ASC Demo.txt

This article is from the Linux OPS blog, so be sure to keep this source http://arm2012.blog.51cto.com/2418467/1972546

The GPG of Linux utilities