gpg

                                       GPG

GnuPG（英文：GNU Privacy Guard，简称：GPG）是加密和数字签名的免费工具，大多用于加密信息的传递。除了仅用密码加密外，gpg最大的不同是提供了“公钥/私钥”对。利用“公钥”别人加密信息不再需要告知密码，发送加密信息。加密是单向的，只有“私钥”能解开加密.

创建2个用户 user1和user2  并设置密码

用user1登陆

$ gpg --gen-key

      (1)RSA and RSA (default)

      (2)DSA and Elgamal

      (3)DSA (sign only)

      (4)RSA (sign only)

Your selection? 1

What keysize do you want? (2048) 1024

      0= key does not expire

      <n>= key expires in n days

      <n>w= key expires in n weeks

      <n>m= key expires in n months

      <n>y= key expires in n years

Key is valid for? (0)

Key does not expire at all

Is this correct? (y/N) y

Real name: user1

Gnugpg文件存放的位置

$ ls .gnupg/

查看已有的公钥

[user1@localhost ~]$ gpg --list-keys

查看已有的私钥

[user1@localhost ~]$ gpg --list-secret-keys

user1将自己的公钥导出

[user1@localhost ~]$ gpg --export --armoruser1 > /tmp/user1.key

[user1@localhost ~]$ cat /tmp/user1.key

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v2.0.14 (GNU/Linux)

mI0ETpVd2AEEANKlkhw58iHbFKjSllZth9GJzf3foH8FapZhe+mMbZDuQ0WJCZpP

45B1Po5ZIGrV5UMxyC4LN0WZp9bzW4KNRtQnK1guEw6aaZw+eM+Qy2hAjqX9YeBA

CCmBdwxAkzQDPZ8b9Z1H9z94Hm5ewmSoQ/hajwNGpMYz6yyv7g1QyRQTABEBAAG0

LHVzZXIyIChncGcgdGVzdCB1c2VyMikgPHVzZXIyQHVwbG9va2luZy5jb20+iLgE

EwECACIFAk6VXdgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEEzSXBxr

G2Jhiz0EALmX0Ih5n0BCc3dddY4v8d7treI/xtZrbygYxVuyGyfTZ5/Nwq8Rd54g

XEFxoIttp7ZuFQajGBg9ghc1DQCzsVp3gt5dvb4YLptzoe5629B9AaIdub9bwXxa

lvumuSf7aXWkauukpHq7gH7mDYXNsPRpScOHQ1PwfZPL+Nox7bu7uI0ETpVd2AEE

AOkILZohJwvbPSQClR2lIxlkJXYLssGTUXJGpHUFugSzkJBUweIM/usFYzqNxZ6C

FYCzRtX0yND3r7nR+tobiXNVIZf5mll+mVFZl/pQkvJkyDIFhZdrO8ivjlysczO3

p045lXh/P0mDXOBk9wS6aN82V2KqIWYpZiWR24y3YF4vABEBAAGInwQYAQIACQUC

TpVd2AIbDAAKCRBM0lwcaxtiYeXzA/9toSUJHWk94BWONmhaAFIDMYRq8hcUEcyA

8bB3l1cBccAhGzV9NVBJ/tjm0C9cHk0qAolgZh7fdNhJ1tRqTYdM50IjKf36sVU0

r0aL2JVNL7VAG0N5biLyFLw9EoyFs1CZ8+6OgmxNHsxVo8YjVJ9weTtHDMQZA4z5

RFBwYscP9Q==

=7ZWl

-----END PGP PUBLIC KEY BLOCK-----

user2导入user1 的public key

[user2@localhost ~]$ gpg --import/tmp/user1.key

[user2@localhost ~]$ gpg --list-keys

user2用user1 的public key 加密文件file.gpg。并将加密之后的文件file.gpg.asc通过邮件发送给user1

$vim file.gpg

123

[user2@localhost ~]$ gpg --encrypt --armor--recipient user1 file.gpg

Use this key anyway? (y/N) y

[user2@localhost ~]$ ls

file.gpg.asc file.gpg

[user2@localhost ~]$ mail -s "gpgtest" user1@localhost < file.gpg.asc

user1收到邮件后发现邮件内容是经过加密的。把邮件的内容保存到~/file.gpg,保存后的文件内容也是加密的

[user1@localhost ~]$ mail

& 1

Message 1:

& w ~/file.gpg

& q

[user1@localhost ~]$ cat file.gpg

user1使用gpg解密file.gpg，得到文件file，并能看到里面的内容

[user1@localhost ~]$ gpg file.gpg

[user1@localhost ~]$ ls file*

file file.gpg

[user1@localhost ~]$ cat file

123