登录
当前位置: 首页 > 工具软件 > gpg-mailgate > 使用案例 >

gpg 的加密与解密

邢心水
2023-12-01

os: ubuntu 16.04

信息

# which gpg
/usr/bin/gpg

# apt install gnupg gnupg-agent rng-tools
# gpg --version
gpg (GnuPG) 1.4.20
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

# dpkg -l |egrep -Ei "gnupg|gpg"
ii  gnupg                                 1.4.20-1ubuntu3.3                          amd64        GNU privacy guard - a free PGP replacement
ii  gpgv                                  1.4.20-1ubuntu3.3                          amd64        GNU privacy guard - signature verification tool
ii  libgpg-error0:amd64                   1.21-2ubuntu1                              amd64        library for common error values and messages in GnuPG components
ii  ubuntu-cloudimage-keyring             2013.11.11                                 all          GnuPG keys of the Ubuntu Cloud Image builder
ii  ubuntu-keyring                        2012.05.19                                 all          GnuPG keys of the Ubuntu archive

# gpg --list-keys

生成秘钥

# gpg --gen-key 
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: peiyongbin
Email address: ctypyb2002@aliyun.com
Comment: peiyongbin comment
You selected this USER-ID:
    "peiyongbin (peiyongbin comment) <ctypyb2002@aliyun.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
...............+++++
.........+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
..+++++
gpg: key 06130FA3 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/06130FA3 2019-04-22
      Key fingerprint = 66A8 8C04 5585 F315 21EB  D9F0 D8B8 0941 0613 0FA3
uid                  peiyongbin <ctypyb2002@aliyun.com>
sub   2048R/103D988E 2019-04-22

中间会要求输入密码,一定要记住密码.
从最后的结果可以看到,pub,sub 已经生成

如果出现如下错误时,需要执行 apt install rng-tools

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 289 more bytes)

查看

# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/06130FA3 2019-04-22
uid                  peiyongbin <ctypyb2002@aliyun.com>
sub   2048R/103D988E 2019-04-22

删除

# gpg --delete-secret-keys peiyongbin
# gpg --delete-key peiyongbin

导出

# gpg --armor --output /tmp/public-key.txt --export peiyongbin
# gpg --armor --output /tmp/private-key.txt --export-secret-keys

# ls -l |grep -i key
-rw-r--r-- 1 root root     3593 Apr 22 16:45 private-key.txt
-rw-r--r-- 1 root root     1702 Apr 22 16:45 public-key.txt

导入

# gpg --import /tmp/public-key.txt
gpg: key 06130FA3: public key "peiyongbin <ctypyb2002@aliyun.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/06130FA3 2019-04-22
uid                  peiyongbin <ctypyb2002@aliyun.com>
sub   2048R/103D988E 2019-04-22


# gpg --import /tmp/private-key.txt
gpg: key 06130FA3: secret key imported
gpg: key 06130FA3: "peiyongbin <ctypyb2002@aliyun.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/06130FA3 2019-04-22
uid                  peiyongbin <ctypyb2002@aliyun.com>
sub   2048R/103D988E 2019-04-22

一定要保管好私钥和密码,这是解密的关键.

加密

加密使用的是pub

# cd ~/.gnupg/
# ls -l
total 32
-rw------- 1 root root 9398 Apr 22 16:00 gpg.conf
-rw------- 1 root root 1193 Apr 22 16:11 pubring.gpg
-rw------- 1 root root 1193 Apr 22 16:11 pubring.gpg~
-rw------- 1 root root  600 Apr 22 16:11 random_seed
-rw------- 1 root root 2586 Apr 22 16:11 secring.gpg
-rw------- 1 root root 1280 Apr 22 16:11 trustdb.gpg

# gpg -er peiyongbin -o /tmp/postgresql-9.6.8.tar.gz.gpg /tmp/postgresql-9.6.8.tar.gz
# ls -l
total 49972
-rw-r--r-- 1 root root 25580796 Apr 22 16:23 postgresql-9.6.8.tar.gz
-rw-r--r-- 1 root root 25581148 Apr 22 16:24 postgresql-9.6.8.tar.gz.gpg

解密

加密使用的是sub

# mv /tmp/postgresql-9.6.8.tar.gz /tmp/postgresql-9.6.8.tar.gz.bak
# gpg -o /tmp/postgresql-9.6.8.tar.gz -d /tmp/postgresql-9.6.8.tar.gz.gpg

You need a passphrase to unlock the secret key for
user: "peiyongbin <ctypyb2002@aliyun.com>"
2048-bit RSA key, ID 103D988E, created 2019-04-22 (main key ID 06130FA3)

gpg: gpg-agent is not available in this session
gpg: encrypted with 2048-bit RSA key, ID 103D988E, created 2019-04-22
      "peiyongbin <ctypyb2002@aliyun.com>

解密时需要输入gpg密码.

# ls -l /tmp
total 74956
-rw-r--r-- 1 root root 25580796 Apr 22 16:29 postgresql-9.6.8.tar.gz
-rw-r--r-- 1 root root 25580796 Apr 22 16:23 postgresql-9.6.8.tar.gz.bak
-rw-r--r-- 1 root root 25581148 Apr 22 16:24 postgresql-9.6.8.tar.gz.gpg

参考:

 类似资料:

相关阅读

java 数据的加密与解密普遍实例代码php自定义加密与解密程序实例CryptoJS加密Go解密AES加密和解密PHP AES加密/解密

相关文章

Kotlin 数据类与密封类WEP(有线等效加密)简介【华为OD机试2023】字符串解密(Python)SpringBoot 配置文件敏感信息如何加密SpringBoot 配置文件敏感信息如何加密

相关问答

JavaScript加密与PHP解密AES-Java加密与PHP解密C语言中的AES加密与解密Java Android加密与C#Unity解密基于静态秘密的javaaes加密与解密

相关文档

fbreader 和 移动 DM 和 加解密魔方加密帮助手册文档JavaScript 秘密花园Linux 内核揭密数据结构与算法 / leetcode / lintcode 题解
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.