gpg在xp系统使用,用java调用指令对文件加密解密

由于项目要求,要使用gpg加解密技术,于是下载了gpg4win-2.1.0.exe,可是安装后kleopatra.exe怎么也运行不了,然后在网上查资料,大家都说控制面板修改语言为英语(美国),可是我试过以后依然不行,但还是可以用指令去加解密文件,然后找到了一篇好文章,解决了我的大部分疑惑。

生成密钥:

C:\Documents and Settings\admin>gpg --gen-key   //输入此命令
gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1    //只有1可以用于加密,其它用于签名
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)  // 选择密码的位数,位数越大越安全,但速度慢
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0   //根据实际情况选择密钥时限 0表示永久


Key does not expire at all
Is this correct? (y/N) y //确认

GnuPG needs to construct a user ID to identify your key.

Real name: myname   //请输入真实姓名,以后会用到
Email address: [email protected]  //输入邮箱,不能重复
Comment: comment    //可以为空
You selected this USER-ID:
    "raolin (use for GPG Encrypt) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o //输入o确认
You need a Passphrase to protect your secret key.  //输入两次密码

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: C:/Documents and Settings/raolin/Application Data/gnupg/trustdb.gpg: trustd
b created
gpg: key 8CC6954D marked as ultimately trusted    //密钥ID
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/8CC6954D 2011-08-02
      Key fingerprint = 2D3F A584 6B77 59E6 E937  650E 9867 920D 8CC6 954D
uid                  raolin (use for GPG Encrypt)
sub   2048R/D55E7B91 2011-08-02


========================================
C:\Documents and Settings\admin>gpg --output revoke.asc --gen-revoke 8CC6954D  //密钥回收

sec  2048R/8CC6954D 2011-08-02 raolin (use for GPG Encrypt)
Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 0
Enter an optional description; end it with an empty line:
> revoke file generation
>
Reason for revocation: No reason specified
revoke file generation
Is this okay? (y/N) y

You need a passphrase to unlock the secret key for
user: "raolin (use for GPG Encrypt) "
2048-bit RSA key, ID 8CC6954D, created 2011-08-02

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!

==============================================
C:\Documents and Settings\admin>gpg -o C:\public-gpg -a --export 8CC6954D   //导出密钥公钥


C:\Documents and Settings\admin>gpg -o c:\secret-key -a --export-secret-keys 8CC6954D   //导出密钥私钥




C:\Documents and Settings\admin>gpg --list-sigs    //列出密钥使用 gpg --list-keys

C:/Documents and Settings/admin/Application Data/gnupg/pubring.gpg
-------------------------------------------------------------------
pub   2048R/8CC6954D 2011-08-02
uid                  raolin (use for GPG Encrypt)
sig 3        8CC6954D 2011-08-02  raolin (use for GPG Encrypt) >
sub   2048R/D55E7B91 2011-08-02
sig          8CC6954D 2011-08-02  raolin (use for GPG Encrypt)


>
//列出密钥和签字使用 gpg --list-keys
//列出并检查密钥签字 gpg --check-sigs


C:\Documents and Settings\admin>gpg --check-sigs  
C:/Documents and Settings/admin/Application Data/gnupg/pubring.gpg
-------------------------------------------------------------------
pub   2048R/8CC6954D 2011-08-02
uid                  raolin (use for GPG Encrypt)
sig!3        8CC6954D 2011-08-02  raolin (use for GPG Encrypt) >
sub   2048R/D55E7B91 2011-08-02
sig!         8CC6954D 2011-08-02  raolin (use for GPG Encrypt) >



C:\Documents and Settings\admin>gpg -ear  myname c:/123.txt     //myname 为生成密钥时输入的用户    c:/123.txt  要对那个文件进行加密   加密码后生成的文件为c:/123.txt.asc
-e GPG加密
-a 加成ASCII
-r 指定用户加密码


C:\Documents and Settings\admin>gpg -d c:/123.txt.asc >c:/1233.txt //解密


导入密钥
     导入私钥和公钥都用下面的命令
     gpg –import public-gpg    

 public-gpg是备份密钥的文件

编辑证书
     gpg --edit-key xiaolang
     xiaolang是用户标识
     然后根据提示进行编辑,要帮助输入help

       1)list:列出密钥和用户标识
       2)addkey:添加一个子密钥
       3)delkey:删除选中的子密钥
       4)key N:选中第N个子密钥(基于1),若是0的话清除所有
       5)fpr:显示密钥指纹
       6)uid N:选中第N个用户(基于1),若是0的话清除所有
       7)adduid:添加一个用户标识
       8)deluid: 删除选中的用户标识
       9)passwd: 修改私钥的密码
       10)trust: 修改此密钥的信任度
       11)enable:启用此密钥
       12)disable:禁用此密钥
       13)lsign 为所选用户标识添加本地签名
              lsign -u other   //使用other用户的私钥对所选的用户标识进行签名
                        //此签名可导出,不加-u选项的话使用默认用户进行签名
       14)tsign 为所选用户标识添加信任签名
              tsign -u other   //同上,只不过此签名被标记为不可导出,一般用于本地环境
                        //信任这个用户
       15)check 检测选中用户的签名16)delsig 删除选中的用户的签名
       17)expire 修改私钥的失效时间
       18)save 保存修改

检测公钥环中公钥的签名信息
     gpg --check-sig

查看公钥指纹信息:
     gpg --fingerprint xiaolang

打包方式进行签名与验证
     gpg -s ttt.txt              使用默认的用户对ttt.txt进行打包方式的签名
     gpg -u xiaolang -s ttt.txt 使用指定的用户(xiaolang)对ttt.txt进行签名
     gpg -u xiaolang -o ttt.sig -s ttt.txt
     gpg --verify ttt.gpg        仅仅验证签名
     gpg -o ttt -d ttt.gpg       解包并验证签名,记得一定要加上-o这个选项

分离方式进行签名与验证gpg -sb ttt.txt
     gpg -u xiaolang -sb ttt.txt
     gpg -u xiaolang -o ttt.sig -sb ttt.txt
     gpg --verify ttt.gpg
     gpg --verify ttt.gpg ttt        //若文件已经被改名的话,将要验证的源文件加在
                                           //最后面,比如这里的ttt

签名并加密
     gpg -es -r xiaolang -u other -o ttt.gpg ttt.txt
     使用xiaolang的公钥进行加密,使用other的私钥进行签名,生成的二进制文件是ttt.gpg
     gpg -esa -r xiaolang -u other -o ttt.asc ttt.txt
     同上面一样,只不过输入的结果是以ASCII编码的
     这个不能使用gpg --verify 进行验证,必须在解密的时候才可以看到签名信息
     gpg -o t -d ttt.asc

修改默认的私钥
     gpg --defalut-key 用户标识

java调用gpg4win进行加解密文件,则是调用windows命令行对文件做处理,

使用JAVA 调用些命令:

  1. import java.io.BufferedReader;   
  2. import java.io.IOException;   
  3. import java.io.InputStreamReader;   
  4.   
  5. public class CallCmdInJava {   
  6.   
  7.     /**  
  8.      *   
  9.      * @param command  
  10.      * @return  
  11.      * @throws IOException  
  12.      */  
  13.     public static String callCmd(String command) throws IOException{   
  14.         try{   
  15.         Runtime r = Runtime.getRuntime();    
  16.         Process p = r.exec(command);    
  17.         BufferedReader br = new BufferedReader(new InputStreamReader(p    
  18.         .getInputStream()));    
  19.   
  20.         p.getOutputStream().flush();    
  21.         p.getOutputStream().close();   
  22.          
  23.         String message="";    
  24.         StringBuffer result = new StringBuffer();   
  25.         while((message = br.readLine())!= null){    
  26.               result.append(message).append("\n");    
  27.         
  28.         }    
  29.         return result.toString();   
  30.         } catch (IOException e) {   
  31.                
  32.             return e.getMessage();   
  33.                
  34.         }   
  35.            
  36.     }   
  37.   
  38.     public static void main(String[] args) {   
  39.      try {   
  40.         System.out.println(callCmd("c:\\text.bat"));   
  41.     } catch (IOException e) {   
  42.         // TODO Auto-generated catch block   
  43.         e.printStackTrace();   
  44.     }   
  45.     }   
  46. }  

 

text.bat


set path=%path%;C:\Program Files\GNU\GnuPG\pub  #这是GPG的安装目录,然后输入要执行的cmd 命令 如下
# gpg --list-sigs

#gpg --check-sigs 


 gpg -ear  myname c:/123.txt  #加密123.txt 文件--自动生成123.txt.asc文件
#gpg -d c:/123.txt.asc >c:/1233.txt





 

你可能感兴趣的:(gpg在xp系统使用,用java调用指令对文件加密解密)