1、gpg版本:
[vagrant@vm-node1:~]$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/vagrant/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
2、gpg生成key:
[vagrant@vm-node1:~]$ gpg --full-generate-key --expert
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
(1) Curve 25519
(3) NIST P-256
(4) NIST P-384
(5) NIST P-521
(6) Brainpool P-256
(7) Brainpool P-384
(8) Brainpool P-512
(9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name:
以下开始输入名称和邮箱地址,然后就可以了。
3、导出公钥和私钥:
公钥:
[vagrant@vm-node1:gpg]$ gpg -a --export >v.pub
私钥:
[vagrant@vm-node1:gpg]$ gpg -a --export-secret-keys > v.priv
4、将公钥发送到hkps://keys.openpgp.org
[vagrant@vm-node1:gpg]$ gpg --send-keys USER_ID
5、加密文件
[vagrant@vm-node1:gpg]$ gpg -a --recipient USER_ID --output enc.txt --encrypt source.txt
--recipient:指定用谁的公钥加密
加密前的原始文件: 用--encrypt指定
加密后的文件:用--output指定
如上述命令中:原始文件是source.txt,加密后的文件是:enc.txt
tips: 这个命令很奇怪,必须得先指定--output,然后再指定--encrypt,否则会报错
6、解密文件
[vagrant@vm-node1:gpg]$ gpg -a --output dec.txt --decrypt enc.txt
要对那个文件进行解密:由--decrypt指定
解密后的文件:由--output指定
如上述命令中,对加密文件enc.txt进行解密,解密后写入到dec.txt中
tips: 这个命令存在同样的问题,必须得先指定--output,然后再指定--decrypt,否则会报错
7、将key发送到keyserver,比如发送到:https://keyserver.ubuntu.com
[vagrant@vm-node1:gpg]$ gpg --keyserver https://keyserver.ubuntu.com --send-keys USER_ID
gpg: sending key USER_ID to https://keyserver.ubuntu.com
tips: 这个命令必须先指定--keyserver,然后再指定--send-keys,否则会报错,如下所示:
[vagrant@vm-node1:gpg]$ gpg --send-keys USER_ID --keyserver https://keyserver.ubuntu.com
gpg: Note: '--keyserver' is not considered an option
gpg: "--keyserver" not a key ID: skipping
gpg: "https://keyserver.ubuntu.com" not a key ID: skipping
gpg: sending key USER_ID to hkps://keys.openpgp.org
8、导入公钥文件:
[vagrant@vm-node1:tmp]$ gpg --import key.pub
gpg: key xxxxxxxxx: "yyy (xxx#gmail) <xxx@gmail.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
查看导入结果:
[vagrant@vm-node1:tmp]$ gpg -k
或者:
[vagrant@vm-node1:tmp]$ gpg --list-keys
删除导入到公钥:
如果同时存在着当前公钥的私钥,会提示先删除私钥,如果没有对应私钥,则可以直接删除:
存在当前欲删除的公钥对应的私钥时:
[vagrant@vm-node1:tmp]$ gpg --delete-keys public_key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: there is a secret key for public key "public_key"!
gpg: use option "--delete-secret-keys" to delete it first.
没有对应的私钥时,直接可以删除公钥:
[vagrant@vm-node1:tmp]$ gpg --delete-keys public_key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub public_key 2010-08-20 yyy (xxx#gmail) <xxx@gmail.com>
Delete this key from the keyring? (y/N) y
9、导入私钥文件:
[vagrant@vm-node1:tmp]$ gpg --import key.priv
gpg: key xxxxxxxxx: public key "yyy (xxx#gmail) <xxx@gmail.com>" imported
gpg: key xxxxxxxxx: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
查看导入结果:
[vagrant@vm-node1:tmp]$ gpg -K
或者:
[vagrant@vm-node1:tmp]$ gpg --list-secret-keys
10、使用私钥解密文件: 参看步骤6
[vagrant@vm-node1:tmp]$ gpg -a --output dec.txt --decrypt encrypted.asc
此时输入私钥对应的密码后,就可以生成dec.txt,dec.txt就是解密后的文件
