Use GPG to encrypt files

Source: Internet
Author: User
Tags gnupg

1. Generate a key pair: gpg -- gen-key
 
Generate a new key pair for the user. Required: Key type (RSA/RSA by default); key length (in bits); expiration time (to prevent key corruption ); (I usually press enter all the way.) Next, enter the name, email address, and comment to identify the key owner. The password phrase (required. If the private key is stolen, will be unavailable ).
 
2. list public keys: gpg -- list-keys
 
List all public keys: their own public keys and any public keys imported from others who communicate with them.
 
3. export Public key: gpg -- export -- armor key-id-o file. key
 
Export the public key to a file for use by others. The -- armor option displays the output in text format instead of binary format. The key-id is the e-mail address or the eight-digit hexadecimal number listed in the pub row of -- list-keys.
 
4. import Public key: gpg -- import file. key
 
Import the public key of another person from the key file sent to you
 
5. Encrypted file: gpg -- encrypt -- armor-r key-id file
 
Encrypt messages with the key-id public key. If-r key-id is not provided, the command prompts the recipient to enter it. The default output file is file. asc.
 
6. decrypt the file: gpg -- decrypt file
 
Use one of your private keys to decrypt messages encrypted with the public key.
 
 
 
Example:
 
Create your own public/private key pair.
 
[Sjx @ server1 ~] $ Gpg -- gen-key
 
Gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
 
This is free software: you are free to change and redistribute it.
 
There is no warranty, to the extent permitted by law.
 
Please select what kind of key you want:
 
(1) RSA and RSA (default)
 
(2) DSA and Elgamal
 
(3) DSA (sign only)
 
(4) RSA (sign only)
 
Your selection? Enter
 
RSA keys may be between 1024 and 4096 bits long.
 
What keysize do you want? (2048) Enter
 
Requested keysize is 2048 bits
 
Please specify how long the key shocould be valid.
 
0 = key does not expire
 
<N> = key expires in n days
 
<N> w = key expires in n weeks
 
<N> m = key expires in n months
 
<N> y = key expires in n years
 
Key is valid? (0) Enter
 
Key does not expire at all
 
Is this correct? (Y/N) y
 
GnuPG needs to construct a user ID to identify your key.
 
Real name: shangjx
 
Email address: shangjx13@gmail.com
 
Comment: Enter
 
You selected this USER-ID:
 
"Xiyou <sjx@server1.example.com>"
 
Change (N) ame, (C) omment, (E) mail or (O) kay/(Q) uit? O
 
You need a Passphrase to protect your secret key.
 
Can't connect to '/home/wxh/. gnupg/S. gpg-agent': No such file or directory
 
Gpg-agent [2008]: directory '/home/wxh/. gnupg/private-keys-v1.d' created
 
(The graphic application will pop up, enter and verify the key)
 
We need to generate a lot of random bytes. It is a good idea to perform
 
Some other action (type on the keyboard, move the mouse, utilize
 
Disks) during the prime generation; this gives the random number
 
Generator a better chance to gain enough entropy.
 
We need to generate a lot of random bytes. It is a good idea to perform
 
Some other action (type on the keyboard, move the mouse, utilize
 
Disks) during the prime generation; this gives the random number
 
Generator a better chance to gain enough entropy.
 
Gpg: key CA83F5AF marked as ultimately trusted
 
Public and secret key created and signed.
 
Gpg: checking the trustdb
 
Gpg: 3 marginal (s) needed, 1 complete (s) needed, PGP trust model
 
Gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0 m, 0f, 1u
 
Pub 2048R/CA83F5AF 2011-08-15
 
Key fingerprint = F886 17A2 F832 B545 6E27 B424 E539 26BF CA83 F5AF
 
Uid
 
Xiyou <sjx@server1.example.com>
 
Sub 2048R/DB58BFCE 2011-08-15
 
To export the key, search for the key ID in the output above. You can find it after the pub 2048R/output above. In the example
 
The key ID is CA83F5AF. The following example shows the command to use this key ID.
 
● Export your public key and share it with your partners.
 
[Wxh @ server1 ~] $ Gpg-a-o ~ /Pub. key -- export CA83F5AF
 
● Copy the exported Public Key to the partner's server2.
 
[Wxh @ server1 ~] $ Scp pub. key server2.example.com :~
 
● Import the public key of the partner.
 
[Wxh @ server2 ~] $ Gpg -- import pub. key
 
Gpg: directory '/home/wxh/. gnupg' created
 
Gpg: new configuration file '/home/wxh/. gnupg/gpg. conf' created
 
Gpg: WARNING: options in '/home/wxh/. gnupg/gpg. conf' are not yet active during this run
 
Gpg: keyring '/home/wxh/. gnupg/secring. gpg' created
 
Gpg: keyring '/home/wxh/. gnupg/pubring. gpg' created
 
Gpg:/home/wxh/. gnupg/trustdb. gpg: trustdb created
 
Gpg: key CA83F5AF: public key "westoperating <wxh@server1.example.com>" imported
 
Gpg: Total number processed: 1
 
Gpg:
 
Imported: 1 (RSA: 1)
 
● Create a text file containing messages for the partner to read.
 
[Wxh @ server2 ~] $ Echo "xi 'an university of posts and telecommunications"> encrypt.txt
 
● Use the partner's public key to encrypt the file. Www.2cto.com
 
[Wxh @ server2 ~] $ Gpg -- encrypt -- armor-r CA83F5AF encrypt.txt
 
Gpg: CA83F5AF: There is no assurance this key belongs to the named user
 
Pub 2048R/ca83f5af2011-08-15 xiyou <sjx@server1.example.com>
 
Primary key fingerprint: 7F44 7AE0 A7C2 6E89 6C68 6FE2 5572 8249 3F7B CEB5
 
Subkey fingerprint: 8FCB BF3E 2D51 563F 1C3F 2440 FC81 0D73 A353 A3BF
 
It is NOT certain that the key belongs to the person named
 
In the user ID. If you * really * know what you are doing,
 
You may answer the next question with yes.
 
Use this key anyway? (Y/N) y
 
● Copy encrypted files to partners.
 
[Wxh @ server2 ~] $ Scp encrypt.txt. asc server1.example.com :~
 
● Decrypt the encrypted files of the partner and verify that you can view the messages they sent.
 
[Wxh @ server1 ~] $ Gpg -- decrypt encrypt.txt. asc
 
You need a passphrase to unlock the secret key
 
User: "xiyou <sjx @ localhost>"
 
2048-bit RSA key, ID DB58BFCE, created 2011-08-15 (main key ID CA83F5AF)
 
Can't connect to '/home/wxh/. gnupg/S. gpg-agent': No such file or directory
 
Gpg: encrypted with 2048-bit RSA key, ID DB58BFCE, created
 
"Xiyou <sjx@server1.example.com>"
 
Si'an university of posts and telecommunications
 

Author unknow

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.