Ubuntu18.04使用GPG加密工具

一、简介

在Ubuntu18.04默认自带了GPG加密工具。GPG(即GnuPG)是一种非对称密钥加密工,主要用于加密解密,进行数字签名等。GPG可以生成用于加密解密、进行数字签名、数据指纹的非对称密钥。

~$ gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/kyun/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

通过查看gpg的版本信息,我们可知GPG支持的算法有:

  • 公钥算法:RSA, ELG, DSA, ECDH, ECDSA, EDDSA
  • 密码算法:IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
  • 哈希:SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  • 压缩算法:Uncompressed, ZIP, ZLIB, BZIP2

密钥的存放目录:/home/kyun/.gnupg

二、生成密钥

~$ gpg --full-generate-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: wongkyunban
Email address: wongkyunban@sina.com
Comment: wongkyunban's gpg
You selected this USER-ID:
    "wongkyunban (wongkyunban's gpg) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/kyun/.gnupg/trustdb.gpg: trustdb created
gpg: key 460401669FF4DBED marked as ultimately trusted
gpg: directory '/home/kyun/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/kyun/.gnupg/openpgp-revocs.d/D3562273317BBC73F883C762460401669FF4DBED.rev'
public and secret key created and signed.

pub   rsa2048 2019-09-03 [SC]
      D3562273317BBC73F883C762460401669FF4DBED
uid                      wongkyunban (wongkyunban's gpg) <wongkyunban@sina.com>
sub   rsa2048 2019-09-03 [E]

Real name: wongkyunban是定义key的名字。

三、查看密钥

查看公钥:gpg --list-key

~$ gpg --list-key
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/kyun/.gnupg/pubring.kbx
-----------------------------
pub   rsa2048 2019-09-03 [SC]
      D3562273317BBC73F883C762460401669FF4DBED
uid           [ultimate] wongkyunban (wongkyunban's gpg) <wongkyunban@sina.com>
sub   rsa2048 2019-09-03 [E]

查看私钥:gpg --list-secret-keys

~$ gpg --list-secret-keys
/home/kyun/.gnupg/pubring.kbx
-----------------------------
sec   rsa2048 2019-09-03 [SC]
      D3562273317BBC73F883C762460401669FF4DBED
uid           [ultimate] wongkyunban (wongkyunban's gpg) <wongkyunban@sina.com>
ssb   rsa2048 2019-09-03 [E]

四、提取密钥

提取公钥:

~$ gpg -a --export wongkyunban > wongkyunban_pubkey.asc

提取私钥:

~$ gpg -a --export-secret-keys wongkyunban > wongkyunban_privkey.asc

五、使用公钥加密文件

~$ touch hello.txt
kyun@kyun-HP-348-G3:~$ echo "hello world" > hello.txt
kyun@kyun-HP-348-G3:~$ cat hello.txt
hello world
kyun@kyun-HP-348-G3:~$ gpg -ea -r wongkyunban hello.txt
kyun@kyun-HP-348-G3:~$ ls
hello.txt  hello.txt.asc   
~$ cat hello.txt.asc
-----BEGIN PGP MESSAGE-----

hQEMA5wQ77tUIH1yAQgA1ru1OxQz8kInOe+RQxXPmJHq4Wa4B6oGptxdro9JFY3Q
fBWPjOrTbfeBXxIIF/gHUfqmiC/NzElfYWSOEPzz8AEyfNj5QYdYZGoxhN1jLQjC
laWsEZj3zwFEajJEJR4tcgv7OwjMaEkISNtx5nDp25wPdtc5LOagwSTSHOnOGprV
2cNsUqcwtZeeYLECV1SEno9HMAytLKWJdtK7QxachFrNZUIofW/BPC/chHaOVtN+
xsbjiivCc00hNASlCMqmCFPzXq7riOmUqsgsgpAh2O8kZ2/ZlEWQbiSzwgan/XKL
MoG6ZR+vlIy1v3rjAEfzW4m6ypiqadlruXYzEfV7odJNAdlu+zBthmdu75LrF3E0
dPlm7tnNIs54VBzNzXzQnPhL7fJSKB2a3nftBVgW4TKgjfXj6IxeqOFTHmpDFdin
luLzMb4by0WjZYF2Wog=
=sSMe
-----END PGP MESSAGE-----

即会生成hello.txt.asc的加密文件

六、使用私钥解密

~$ gpg -o new_hello.txt -d hello.txt.asc
gpg: encrypted with 2048-bit RSA key, ID 9C10EFBB54207D72, created 2019-09-03
      "wongkyunban (wongkyunban's gpg) "

输入私钥密码,结果如下:

kyun@kyun-HP-348-G3:~$ ls
hello.txt hello.txt.asc  new_hello.txt 
wongkyunban_privkey.asc
wongkyunban_pubkey.asc
kyun@kyun-HP-348-G3:~$ cat new_hello.txt
hello world

即可把hello.txt.asc的加密文件解密成new_hello.txt文件。

七、删除密钥

要先删除私钥,才能删除公钥。
删除私钥

~$ gpg --delete-secret-keys wongkyunban
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

sec  rsa2048/460401669FF4DBED 2019-09-03 wongkyunban (wongkyunban's gpg) <wongkyunban@sina.com>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

删除公钥

~$ gpg --delete-key wongkyunban
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa2048/460401669FF4DBED 2019-09-03 wongkyunban (wongkyunban's gpg) <wongkyunban@sina.com>

Delete this key from the keyring? (y/N) y

八、导入密钥

导入公钥或私钥:

gpg --import  wongkyunban

谢谢阅读

你可能感兴趣的:(ubuntu)