I. INTRODUCTION we all know that the Internet is insecure, but most of the applications used on it, for example, Web and Email are generally provided only in plaintext transmission mode (with exceptions such as https and smtps ). Therefore, when we need to transmit important files, we should encrypt the information. Asymmetric cryptographic systems are a common encryption method. The reference GnuPG is a free software for asymmetric encryption. First, let's talk about non-symmetric encryption. Traditional encryption methods usually use the same password for encryption and decryption. For example
I. INTRODUCTION
We all know that the Internet is insecure, but most of the applications used on it, such as Web and Email, generally only provide plain text transmission (with exceptions such as https and smtps ). Therefore, when we need to transmit important files, we should encrypt the information. Asymmetric cryptographic systems are a common encryption method.
The reference GnuPG is a free software for asymmetric encryption. First, let's talk about non-symmetric encryption. Traditional encryption methods usually use the same password for encryption and decryption. For example, if the password you use for encryption is "abc", you must use "abc" for decryption. In this way, you cannot send an encrypted message to your friends. Imagine that if you use this encryption method to send information to your friends, your friends must know your password before they can decrypt your information. But how do you ensure that your friends are absolutely reliable? That is to say, if your friend tells someone about your password, your password will no longer be secure.
Asymmetric encryption uses another idea. It will generate two keys, one called the "public key" and the other called the "private key ". The public key can be made public, even though you pass it to others. you must keep the private key so that no one else can know it. When someone gets your public key, they can send you encrypted information. Specifically, he encrypts the information he wants to send you with your public key and then sends it to you. the encrypted information can only be decrypted with your private key. In this way, no one in the world knows your private key, so even if someone else sees the encrypted information sent to you, they cannot decrypt it, or even the sender himself. Because he does not know your private key. To put it simply, the public key is used for encryption and the corresponding private key is used for decryption. To whom to send the encrypted information, you must first obtain its public key.
There are a variety of software that supports asymmetric encryption. The most famous is the American PGP, but it is a commercial software and the price is not cheap. For the encryption software, I am opposed to using the cracking software, because if the information needs to be encrypted, it must be very important information. the cracking software cannot guarantee the security and reliability of the encryption. Therefore, we recommend that you use the free open-source GnuPG software for information encryption and decryption.
II. use
Generally, the Linux release uses GPG for signature. Therefore, the GnuPG package is usually provided directly.
1. generate a key pair
To use GnuPG encryption, you must first create a key pair and execute:
Reference # gpg -- gen-key
Gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with absolutely no warranty.
This is free software, and you are welcome to redistribute it
Under certain conditions. See the file COPYING for details.
Select the key type you want to use:
(1) DSA and ElGamal (default)
(2) DSA (for signature only)
(5) RSA (for signature only)
Your choice? 1. only 1 can be used for encryption, and other types can only be used for signature.
The DSA key pair has 1024 digits.
The length of the ELG-E key should be between 1024 and 4096 bits.
What key size do you want to use? (2048) ← select the number of digits of the password. the larger the number of digits, the safer the password, but the slower the speed.
The size of the key you requested is 2048 bits
Set the validity period of the key.
0 = the key never expires
= The key expires in n days
W = key expired after n weeks
M = key expired after n months
Y = the key expires after n years
What is the key validity period? (0) 0. select the key term based on the actual situation.
The key will never expire
Is the above correct? (Y/n) confirm y Branch
You need a user ID to identify your key. this software uses a combination of real names, comments, and email addresses.
As follows:
"Heinrich Heine (Der Dichter) "
Real name: Please fill in the real name for Hyphen Wang Yu, which will be used later
Email Address: gpgencrypt@linuxfly.org guest mail as one of the tags and cannot be repeated
Note: Use for GPG Encrypt annotations are only annotations.
You have selected this User ID:
"Hyphen Wang (Use for GPG Encrypt) "
Change name (N), comment (C), email address (E) or OK (O)/exit (Q )? Input "O" for confirmation
You need a password to protect your private key. Secret: enter the password used to access the private key twice. Note that the password cannot be disclosed or lost.
We need to generate a large number of random bytes. At this time, you can do more things (such as hitting the keyboard and moving
Mouse, read/write hard disk, and so on. This gives the random number generator a better chance of obtaining enough entropy.
++... ++ .. ++. ++. ++. ++. ++ .. ++. ++. ++. ++ ......... .................. ++
There are not enough random bytes. Please do some other things so that the operating system can collect more entropy!
(274 bytes required) worker runs some programs to obtain more random numbers in the memory.
We need to generate a large number of random bytes. At this time, you can do more things (such as hitting the keyboard and moving
Mouse, read/write hard disk, and so on. This gives the random number generator a better chance of obtaining enough entropy.
++. ++. ++. ++. ++. ++. ++ .. ++. ++. ++. ++. ++. ++. ++. ++. ++> ++. ++> ++ ......> ++ ............... <++. ++ ................................... ........................................ ........................ <++ .. ++ ^
Gpg: Key
A3942296Marked as an absolute trusted secret key ID
The public key and private key have been generated and signed.
Gpg: checking the Trust Database
Gpg: requires three copies of barely trusted and one full copy of fully trusted, PGP trust model
Gpg: Depth: 0 validity: 2 Signed: 0 trust: 0-, 0q, 0n, 0 m, 0f, 2u
Pub 1024D/A3942296 2008-12-19
Key Fingerprint = E95E 1F77 6C4E 33BD 740C 19AB EEF9 A67E A394 2296
Uid Hyphen Wang (Use for GPG Encrypt)
Sub 2048g/911E677B
2. encrypted information
Original Information:
Reference # cat text.txt
Hello World!
Encryption:
Reference # gpg -- encrypt -- recipient "Hyphen Wang" text.txt
# Ll
Total 8
-Rw-r -- 1 root 13 12-19 14:37 text.txt
-Rw-r -- 1 root 611 12-19 14:37 text.txt. gpg
The newly generated text.txt. gpg is the encrypted file. if the content is a pile of garbled characters. You can send or directly save the email.
3. export the public key
If it is not decrypted on the same machine, you need to import public key information. Therefore, you need to export the public key on the local machine:
# Gpg -- export -- armor gpgencrypt@linuxfly.org-a> PGP-PUBLIC-KEY-linuxfly.org.txt
The public key can be stored on a network disk or sent by email.
Without a password, only the public key cannot be decrypted.
4. decryption
On the machine to be decrypted, import the public key:
# Gpg -- import PGP-PUBLIC-KEY-linuxfly.org.txt
Then decrypt:
Reference # gpg -- decrypt text.txt. gpg> text.txt. new
You need to enter a password to unbind the user's private key: "Hyphen Wang (Use for GPG Encrypt) "
2048-bit ELG-E key, key 911E677B, established in (master key A3942296)
Gpg: encrypted by a 2048-bit ELG-E key, key number 911E677B, generated on
"Hyphen Wang (Use for GPG Encrypt) "
# Cat text.txt. new
Hello World!
The GnuPG will prompt you to enter the password, that is, the password set in gpg -- gen-key. After the password is entered, if the pipeline is not used, the GnuPG will immediately display the decrypted content (plaintext) on the screen ). If the encrypted content is not text content, such as an image, it should be redirected to a file.
5. delete keys
Delete a key from the private key ring:
Reference # gpg -- delete-secret-keys hyphenwang@redflag-linux.com
Gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with absolutely no warranty.
This is free software, and you are welcome to redistribute it
Under certain conditions. See the file COPYING for details.
Sec 1024D/A3942296 2008-12-19 Hyphen Wang (Use for GPG Encrypt)
Do you want to delete this key from the key ring? (Y/N) y
This is a private key !?? Are you sure you want to delete it? (Y/N) y
You must delete the private key before deleting the public key.
Delete a key from the public key ring:
Referencing # gpg -- delete-keys hyphenwang@redflag-linux.com
Gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with absolutely no warranty.
This is free software, and you are welcome to redistribute it
Under certain conditions. See the file COPYING for details.
Sec 1024D/A3942296 2008-12-19 Hyphen Wang (Use for GPG Encrypt)
Do you want to delete this key from the key ring? (Y/N) y
