GPG
GnuPG(英文:GNU Privacy Guard,简称:GPG)是加密和数字签名的免费工具,大多用于加密信息的传递。除了仅用密码加密外,gpg最大的不同是提供了“公钥/私钥”对。利用“公钥”别人加密信息不再需要告知密码,发送加密信息。加密是单向的,只有“私钥”能解开加密.
创建2个用户 user1和user2 并设置密码
用user1登陆
$ gpg --gen-key
(1)RSA and RSA (default)
(2)DSA and Elgamal
(3)DSA (sign only)
(4)RSA (sign only)
Your selection? 1
What keysize do you want? (2048) 1024
0= key does not expire
<n>= key expires in n days
<n>w= key expires in n weeks
<n>m= key expires in n months
<n>y= key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Real name: user1
Gnugpg文件存放的位置
$ ls .gnupg/
查看已有的公钥
[user1@localhost ~]$ gpg --list-keys
查看已有的私钥
[user1@localhost ~]$ gpg --list-secret-keys
user1将自己的公钥导出
[user1@localhost ~]$ gpg --export --armoruser1 > /tmp/user1.key
[user1@localhost ~]$ cat /tmp/user1.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mI0ETpVd2AEEANKlkhw58iHbFKjSllZth9GJzf3foH8FapZhe+mMbZDuQ0WJCZpP
45B1Po5ZIGrV5UMxyC4LN0WZp9bzW4KNRtQnK1guEw6aaZw+eM+Qy2hAjqX9YeBA
CCmBdwxAkzQDPZ8b9Z1H9z94Hm5ewmSoQ/hajwNGpMYz6yyv7g1QyRQTABEBAAG0
LHVzZXIyIChncGcgdGVzdCB1c2VyMikgPHVzZXIyQHVwbG9va2luZy5jb20+iLgE
EwECACIFAk6VXdgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEEzSXBxr
G2Jhiz0EALmX0Ih5n0BCc3dddY4v8d7treI/xtZrbygYxVuyGyfTZ5/Nwq8Rd54g
XEFxoIttp7ZuFQajGBg9ghc1DQCzsVp3gt5dvb4YLptzoe5629B9AaIdub9bwXxa
lvumuSf7aXWkauukpHq7gH7mDYXNsPRpScOHQ1PwfZPL+Nox7bu7uI0ETpVd2AEE
AOkILZohJwvbPSQClR2lIxlkJXYLssGTUXJGpHUFugSzkJBUweIM/usFYzqNxZ6C
FYCzRtX0yND3r7nR+tobiXNVIZf5mll+mVFZl/pQkvJkyDIFhZdrO8ivjlysczO3
p045lXh/P0mDXOBk9wS6aN82V2KqIWYpZiWR24y3YF4vABEBAAGInwQYAQIACQUC
TpVd2AIbDAAKCRBM0lwcaxtiYeXzA/9toSUJHWk94BWONmhaAFIDMYRq8hcUEcyA
8bB3l1cBccAhGzV9NVBJ/tjm0C9cHk0qAolgZh7fdNhJ1tRqTYdM50IjKf36sVU0
r0aL2JVNL7VAG0N5biLyFLw9EoyFs1CZ8+6OgmxNHsxVo8YjVJ9weTtHDMQZA4z5
RFBwYscP9Q==
=7ZWl
-----END PGP PUBLIC KEY BLOCK-----
user2导入user1 的public key
[user2@localhost ~]$ gpg --import/tmp/user1.key
[user2@localhost ~]$ gpg --list-keys
user2用user1 的public key 加密文件file.gpg。并将加密之后的文件file.gpg.asc通过邮件发送给user1
$vim file.gpg
123
[user2@localhost ~]$ gpg --encrypt --armor--recipient user1 file.gpg
Use this key anyway? (y/N) y
[user2@localhost ~]$ ls
file.gpg.asc file.gpg
[user2@localhost ~]$ mail -s "gpgtest" user1@localhost < file.gpg.asc
user1收到邮件后发现邮件内容是经过加密的。把邮件的内容保存到~/file.gpg,保存后的文件内容也是加密的
[user1@localhost ~]$ mail
& 1
Message 1:
& w ~/file.gpg
& q
[user1@localhost ~]$ cat file.gpg
user1使用gpg解密file.gpg,得到文件file,并能看到里面的内容
[user1@localhost ~]$ gpg file.gpg
[user1@localhost ~]$ ls file*
file file.gpg
[user1@localhost ~]$ cat file
123