GnuPG
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了GnuPG相关的知识,希望对你有一定的参考价值。
GNUPG
一GUNPG简介
GnuPG(GNU Privacy Guard或GPG)是一个以GNU通用公共许可证释出的开放源码用于加密或签名的软件,可用来取代PGP。
非对称加密方式,简单理解就是用公钥加密文件,用私钥解密文件。如果你需要发送加密信息,首先获取接收者的公钥,然后利用该公钥加密后传递,对方利用对应的私钥就可解密。也就是说,公钥是锁,私钥是钥匙。非对称加密方式很好地解决了传递机密信息的问题。
GPG,又称为 GnuPG,全称是 Gnu Private Guard,即 GNU 隐私卫士。GPG 是以 PGP 算法为核心的强大的加密软件。但 GPG 项目是一套命令行程序,而且是为 Linux 等开源操作系统设计的。好在开发者为 GPG 开发了许多图形前端并将其迁移到 Windows 平台,Gpg4win 就是 Windows 平台 GPG 及图形前端的集合安装包。
二、建立key以及导出导入公钥
2.1生产key pair以及导出公钥文件
以*.*.234.114为例生成key pair
C:\Program Files (x86)\GNU\GnuPG>gpg2 --gen-key
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: henry
Email address: [email protected]
Comment: test
You selected this USER-ID:
"henry (test) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 7923A419 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/7923A419 2017-08-23
Key fingerprint = F6FF E02B 6B8F FA05 B1EC C548 EFAF 5514 7923 A419
uid [ultimate] henry (test) <[email protected]>
sub 2048R/364826EB 2017-08-23
现在,我们用gpg --list-keys,就可以看到刚才产生的公钥了,查看私钥用gpg -K
C:\Program Files (x86)\GNU\GnuPG>gpg2 --list-keys
C:/Users/Administrator/AppData/Roaming/gnupg/pubring.gpg
--------------------------------------------------------
pub 2048R/7923A419 2017-08-23
uid [ultimate] henry (test) <[email protected]>
sub 2048R/364826EB 2017-08-23
C:\Program Files (x86)\GNU\GnuPG>gpg2 -K
C:/Users/Administrator/AppData/Roaming/gnupg/secring.gpg
--------------------------------------------------------
sec 2048R/7923A419 2017-08-23
uid henry (test) <[email protected]>
ssb 2048R/364826EB 2017-08-23
在gpg4win的UI上也可以查看如下图
现在,我们就可以导出公钥,发布给需要把信息加密给我们的人。
C:\Program Files (x86)\GNU\GnuPG>gpg2 -a --export -o henry.pub [email protected]
2.2导入公钥文件
假如另外一台电脑上的人要导入这个pub钥,将公钥拷贝到*.*.238.154的C盘根目录,并导入
C:\Program Files (x86)\GNU\GnuPG>gpg2 --import c:\henry.pub
gpg: key 7923A419: public key "henry (test) <[email protected]>" import
ed
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
C:\Program Files (x86)\GNU\GnuPG>gpg2 --list-keys
C:/Users/sysadmin/AppData/Roaming/gnupg/pubring.gpg
---------------------------------------------------
pub 2048R/7923A419 2017-08-23
uid [ unknown] henry (test) <[email protected]>
sub 2048R/364826EB 2017-08-23
三、使用公钥加密文件,私钥解密文件
可以使用gpg4win的图形界面加密解密文件,这里只记录使用命令行
3.1使用命令加密文件,生成的加密文件在同目录
C:\Program Files (x86)\GNU\GnuPG>gpg2 -r [email protected] --encrypt F:\1.
txt
gpg: 364826EB: There is no assurance this key belongs to the named user
sub 2048R/364826EB 2017-08-23 henry (test) <[email protected]>
Primary key fingerprint: F6FF E02B 6B8F FA05 B1EC C548 EFAF 5514 7923 A419
Subkey fingerprint: 12EF CDF3 EA88 5B23 3FEF A621 7AA6 8A46 3648 26EB
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
3.2使用命令解密文件
C:\Program Files (x86)\GNU\GnuPG>gpg2 E:\1.txt.gpg--解密后的文件在加密文件的同目录下
You need a passphrase to unlock the secret key for
user: "henry (test) <[email protected]>"
2048-bit RSA key, ID 364826EB, created 2017-08-23 (main key ID 7923A419)
gpg: encrypted with 2048-bit RSA key, ID 364826EB, created 2017-08-23
"henry (test) <[email protected]>"
四使用gpg4win加密解密剪切板内容
4.1、加密一段文本内容。
1、用快捷键“Ctrl+C”把待加密的某段文本进行拷贝。如上所述,此时,这段文本实际上会被拷贝到Windows系统的“剪贴板”(Clipboard)中去。
2、右键点击托盘区中钥匙状的“WinPT”图标,在弹出的菜单中依次选择“Clipboard”——“Encrypt”。
3、系统会出现“Encryption”窗口,里面是现有的电子邮件地址,实际上就是一个个公钥,因为电子邮件地址和公钥是对应的。
4、选择某个电子邮件地址,实际上就是选择对应的公钥,点击窗口下方的“OK”。
5、加密完成后,会提示“GnuPG Status:Finished”。
6、用快捷键“Ctrl+V”把位于剪贴板中已经被加密的内容拷贝到你想要的某个地方:邮件正文处,某个文本编辑器等。
7、加密操作完成。
4.2、解密一段文本内容。
1、用快捷键“Ctrl+C”把待解密的某段文本进行拷贝。再次提醒,此时,这段文本实际上会被拷贝到Windows系统的“剪贴板”(Clipboard)中去。
2、右键点击托盘区中钥匙状的“WinPT”图标,在弹出的菜单中依次选择“Clipboard”——“Decrypt/Verify”。
注意:只有复制戴解密的文本后,在弹出的菜单中“Clipboard”——“Decrypt/Verify”的选项才会变成可用项,否则只能对复制的文件进行Encrypt操作。
3、系统会出现“Decryption”窗口,上方显示加密此段文本所用的公钥。在下方输入私钥解密所需要的“passphrase”即密码,点击窗口下方的“OK”。
4、解密完成后,会提示“GnuPG Status:Finished”。
5、用快捷键“Ctrl+V”把位于剪贴板中已经被解密的内容拷贝到你想要的某个地方:邮件正文处,某个文本编辑器等。
6、解密操作完成。
以上是关于GnuPG的主要内容,如果未能解决你的问题,请参考以下文章