PGP(Pretty Good Privacy)ÊÇÒ»¸ö»ùÓÚRSA ¹«Ô¿¼ÓÃÜÌåϵµÄÓʼþ¼ÓÃÜÈí¼þ£¬²»µ«¿ÉÒÔ¶ÔÓû§µÄÊý¾Ý±£ÃÜ£¬ÒÔ·ÀÖ¹·ÇÊÚȨÕßÔĶÁ£¬»¹ÄܸøÓʼþ¼ÓÉÏÊý×ÖÇ©Ãû£¬´Ó¶øʹÊÕÐÅÈËÈ·ÐÅÓʼþÊÇÓÉÄú·¢³öµÄ¡£´Ó¶øÈÃÈËÃÇ¿ÉÒÔ°²È«µØÓë´Óδ¼û¹ýµÄÈËÃÇͨÐÅ£¬¶øÊÂÏȲ»ÐèÒªÈκα£ÃܵÄÇþµÀÓÃÀ´´«µÝÃÜÔ¿¡£
GnuPG ÊÇʵÏÖ°²È«Í¨ÐźÍÊý¾Ý´æ´¢µÄһϵÁй¤¾ß¼¯£¬¿ÉÒÔ×öÊý¾Ý¼ÓÃÜ¡¢Êý×ÖÇ©Ãû¡£
ÔÚ¹¦ÄÜÉÏ£¬ËüºÍPGP ÊÇÒ»ÑùµÄ£¬µ«PGP ʹÓÃÁËIDEAרÀûËã·¨£¬Ê¹ÓÃPGP »áÓÐÐí¿ÉÖ¤µÄÎÊÌ⣻¶øGnuPG ²¢Ã»ÓÐʹÓÃÕâ¸öËã·¨£¬ËùÒÔ¶ÔÓû§À´ËµÊ¹ÓÃÉÏûÓÐÈκÎÏÞÖÆ¡£
GnuPG Ö§³ÖµÄËã·¨ÓÐÈçÏ¡£
¹«Ô¿£ºRSA¡¢RSA-E¡¢RSA-S¡¢ELG-E¡¢DSA
¶Ô³Æ¼ÓÃÜ£º3DES¡¢CAST5¡¢BLOWFISH¡¢AES¡¢AES192¡¢AES256¡¢TWOFISH
É¢ÁУºMD5¡¢SHA1¡¢RIPEMD160¡¢SHA256¡¢SHA384¡¢SHA512
ѹËõ£º²»Ñ¹Ëõ¡¢ZIP¡¢ZLIB¡¢BZIP2
gpg Ö¸Áî [Ñ¡Ïî] [ÎļþÃû]
Ö¸Á
-s, --sign [ÎļþÃû] Éú³ÉÒ»·ÝÇ©×Ö
--clearsign [ÎļþÃû] Éú³ÉÒ»·ÝÃ÷ÎÄÇ©×Ö
-b, --detach-sign Éú³ÉÒ»·Ý·ÖÀëµÄÇ©×Ö
-e, --encrypt ¼ÓÃÜÊý¾Ý
-c, --symmetric ½öʹÓöԳƼÓÃÜ
-d, --decrypt ½âÃÜÊý¾Ý(ĬÈÏ)
--verify Ñé֤ǩ×Ö
--list-keys ÁгöÃÜÔ¿
--list-sigs ÁгöÃÜÔ¿ºÍÇ©×Ö
--check-sigs Áгö²¢¼ì²éÃÜÔ¿Ç©×Ö
--fingerprint ÁгöÃÜÔ¿ºÍÖ¸ÎÆ
-K, --list-secret-keys Áгö˽Կ
--gen-key Éú³ÉÒ»¸±ÐµÄÃÜÔ¿¶Ô
--delete-keys ´Ó¹«Ô¿Ô¿³×»·Àïɾ³ýÃÜÔ¿
--delete-secret-keys ´Ó˽ԿԿ³×»·Àïɾ³ýÃÜÔ¿
--sign-key Ϊij°ÑÃÜÔ¿Ìí¼ÓÇ©×Ö
--lsign-key Ϊij°ÑÃÜÔ¿Ìí¼Ó±¾µØÇ©×Ö
--edit-key ±à¼Ä³°ÑÃÜÔ¿»òΪÆäÌí¼ÓÇ©×Ö
--gen-revoke Éú³ÉÒ»·ÝµõÏúÖ¤Êé
--export µ¼³öÃÜÔ¿
--send-keys °ÑÃÜÔ¿µ¼³öµ½Ä³¸ö¹«Ô¿·þÎñÆ÷ÉÏ
--recv-keys ´Ó¹«Ô¿·þÎñÆ÷Éϵ¼ÈëÃÜÔ¿
--search-keys ÔÚ¹«Ô¿·þÎñÆ÷ÉÏËÑÑ°ÃÜÔ¿
--refresh-keys ´Ó¹«Ô¿·þÎñÆ÷¸üÐÂËùÓеı¾µØÃÜÔ¿
--import µ¼Èë/ºÏ²¢ÃÜÔ¿
--card-status ´òÓ¡¿¨×´Ì¬
--card-edit ¸ü¸Ä¿¨ÉϵÄÊý¾Ý
--change-pin ¸ü¸Ä¿¨µÄ PIN
--update-trustdb ¸üÐÂÐÅÈζÈÊý¾Ý¿â
--print-md Ëã·¨ [Îļþ] ʹÓÃÖ¸¶¨µÄÉ¢ÁÐËã·¨´òÓ¡±¨ÎÄÉ¢ÁÐÖµ
Ñ¡Ï
-a, --armor Êä³ö¾ ASCII ·â×°
-r, --recipient ΪÊÕ¼þÕß¡°Ä³¼×¡±¼ÓÃÜ
-u, --local-user ʹÓÃÕâ¸öÓû§±êʶÀ´Ç©×Ö»ò½âÃÜ
-z N É趨ѹËõµÈ¼¶Îª N (0 ±íʾ²»Ñ¹Ëõ)
--textmode ʹÓñê×¼µÄÎı¾Ä£Ê½
-o, --output Ö¸¶¨Êä³öÎļþ
-v, --verbose Ïêϸģʽ
-n, --dry-run ²»×öÈκθıä
-i, --interactive ¸²¸ÇÇ°ÏÈѯÎÊ
--openpgp ÐÐΪÑϸñ×ñÑ OpenPGP ¶¨Òå
--pgp2 Éú³ÉÓë PGP 2.x ¼æÈݵı¨ÎÄ
ʵÏֶԳƼÓÃÜ
[root@rhel6 ~]# echo "¶Ô³Æ¼ÓÃܲâÊÔ" > test
[root@rhel6 ~]# gpg -c test
[root@rhel6 ~]# rm -rf test
[root@rhel6 ~]# gpg test.gpg
[root@rhel6 ~]# cat test
¶Ô³Æ¼ÓÃܲâÊÔ
ʵÏÖ²»¶Ô³Æ¼ÓÃÜ
1.´´½¨¹«Ë½Ô¿
[root@rhel6 ~]# gpg --list-key
[root@rhel6 ~]# gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
ÇëÑ¡ÔñÄúҪʹÓõÄÃÜÔ¿ÖÖÀࣺ
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (½öÓÃÓÚÇ©Ãû)
(4) RSA (½öÓÃÓÚÇ©Ãû)
ÄúµÄÑ¡Ôñ£¿
RSA ÃÜÔ¿³¤¶ÈÓ¦ÔÚ 1024 λÓë 4096 λ֮¼ä¡£
ÄúÏëÒªÓöà´óµÄÃÜÔ¿³ß´ç£¿(2048)
ÄúËùÒªÇóµÄÃÜÔ¿³ß´çÊÇ 2048 λ
ÇëÉ趨Õâ°ÑÃÜÔ¿µÄÓÐЧÆÚÏÞ¡£
0 = ÃÜÔ¿ÓÀ²»¹ýÆÚ
ÃÜÔ¿µÄÓÐЧÆÚÏÞÊÇ£¿(0)
ÃÜÔ¿ÓÀÔ¶²»»á¹ýÆÚ
ÒÔÉÏÕýÈ·Âð£¿(y/n)y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
ÕæʵÐÕÃû£ºgnupg
µç×ÓÓʼþµØÖ·£ºroot@xfcy.org
×¢ÊÍ£º
ÄúÑ¡¶¨ÁËÕâ¸öÓû§±êʶ£º
¡°gnupg <root@xfcy.org>¡±
¸ü¸ÄÐÕÃû(N)¡¢×¢ÊÍ(C)¡¢µç×ÓÓʼþµØÖ·(E)»òÈ·¶¨(O)/Í˳ö(Q)£¿o
ÄúÐèÒªÒ»¸öÃÜÂëÀ´±£»¤ÄúµÄ˽Կ¡£
ÎÒÃÇÐèÒªÉú³É´óÁ¿µÄËæ»ú×Ö½Ú¡£Õâ¸öʱºòÄú¿ÉÒÔ¶à×öЩËöÊÂ(ÏñÊÇÇôò¼üÅÌ¡¢Òƶ¯
Êó±ê¡¢¶ÁдӲÅÌÖ®ÀàµÄ)£¬Õâ»áÈÃËæ»úÊý×Ö·¢ÉúÆ÷ÓиüºÃµÄ»ú»á»ñµÃ×ã¹»µÄìØÊý¡£
gpg: ÃÜÔ¿ D44CECE9 ±»±ê¼ÇΪ¾ø¶ÔÐÅÈÎ
¹«Ô¿ºÍ˽ԿÒѾÉú³É²¢¾Ç©Ãû¡£
gpg: ÕýÔÚ¼ì²éÐÅÈζÈÊý¾Ý¿â
gpg: ÐèÒª 3 ·ÝÃãÇ¿ÐÅÈÎºÍ 1 ·ÝÍêÈ«ÐÅÈΣ¬PGP ÐÅÈÎÄ£ÐÍ
gpg: Éî¶È£º0 ÓÐЧÐÔ£º 1 ÒÑÇ©Ãû£º 0 ÐÅÈζȣº0-£¬0q£¬0n£¬0m£¬0f£¬1u
pub 2048R/D44CECE9 2013-04-03
ÃÜÔ¿Ö¸ÎÆ = 9F08 B39F 897F C1E8 2321 1766 5E11 0908 D44C ECE9
uid gnupg <root@xfcy.org>
sub 2048R/9EF29EB1 2013-04-03
[root@rhel6 GPG]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/D44CECE9 2013-04-03
uid gnupg <root@xfcy.org>
sub 2048R/9EF29EB1 2013-04-03
2.µ¼³ö¹«(˽)Ô¿
[root@rhel6 GPG]# gpg --export --armor D44CECE9 > pub_file.key
[root@rhel6 GPG]# gpg --export-secret-keys --armor D44CECE9 > priv_file.key
3.·¢²¼¹«Ô¿£º
[root@rhel6 GPG]# cp pub_file.key /var/ftp/pub/
4.µ¼È빫Կ
[root@rhel6-2 ~]# scp rhel6:/root/pub_file.key ./
pub_file.key 100% 1703 1.7KB/s 00:00
[root@rhel6-2 ~]# gpg --list-keys
[root@rhel6-2 ~]# gpg --import pub_file.key
gpg: key D44CECE9: public key "gnupg <root@xfcy.org>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
[root@rhel6-2 ~]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/D44CECE9 2013-04-03
uid gnupg <root@xfcy.org>
sub 2048R/9EF29EB1 2013-04-03
[root@rhel6-2 ~]# echo "secret password" > gpg_test
5.Ô¶³ÌÓû§Í¨¹ý¹«Ô¿¼ÓÃÜÎļþ
[root@rhel6-2 ~]# gpg --encrypt --armor -r D44CECE9 gpg_test
gpg: 9EF29EB1: There is no assurance this key belongs to the named user
pub 2048R/9EF29EB1 2013-04-03 gnupg <root@xfcy.org>
Primary key fingerprint: 9F08 B39F 897F C1E8 2321 1766 5E11 0908 D44C ECE9
Subkey fingerprint: F498 D9D1 4D32 361C 13D6 49FF E9EE 6FD8 9EF2 9EB1
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
6.´«ËͼÓÃÜÎļþ£º
[root@rhel6-2 ~]# scp gpg_test.asc rhel6:/root/
root@rhel6's password:
gpg_test.asc 100% 580 0.6KB/s 00:00
7.½âÃܼÓÃÜÎļþ£º
[root@rhel6 ~]# gpg -o gpg_test --decrypt gpg_test.asc
You need a passphrase to unlock the secret key for
user: "gnupg <root@xfcy.org>"
2048-bit RSA key, ID 9EF29EB1, created 2013-04-03 (main key ID D44CECE9)
[root@rhel6 ~]# cat gpg_test
secret password
8.ÃÜÔ¿µÄ»ØÊÕ£º
µ±ÃÜÔ¿¶ÔÉú³ÉÖ®ºó£¬Ó¦¸ÃÁ¢¼´×öÒ»¸ö¹«Ô¿»ØÊÕÖ¤Ê飬Èç¹ûÍü¼ÇÁË˽ԿµÄ¿ÚÁî»òÕß˽Կ¶ªÊ§/±»µÁÇÔ£¬¿ÉÒÔ·¢²¼Õâ¸öÖ¤ÊéÀ´ÉùÃ÷ÒÔÇ°µÄ¹«Ô¿²»ÔÙÓÐЧ¡£
Ò»µ©»ØÊÕÖ¤Êé±»·¢·Å£¬ÒÔÇ°µÄÖ¤Êé¾Í²»ÄÜÔÙ±»ÆäËûÓû§·ÃÎÊ£¬Òò´ËÒÔÇ°µÄ¹«Ô¿Ò²¾ÍʧЧÁË¡£
[root@rhel6 ~]# gpg --output revoke.asc --gen-revoke D44CECE9
sec 2048R/D44CECE9 2013-04-03 gnupg <root@xfcy.org>
ҪΪÕâ°ÑÃÜÔ¿½¨Á¢Ò»·ÝµõÏúÖ¤ÊéÂð£¿(y/N)y
ÇëÑ¡ÔñµõÏúµÄÔÒò£º
0 = δָ¶¨ÔÒò
1 = ÃÜÔ¿ÒÑй©
2 = ÃÜÔ¿±»Ìæ»»
3 = ÃÜÔ¿²»ÔÙʹÓÃ
Q = È¡Ïû
(Ò²ÐíÄú»áÏëÒªÔÚÕâÀïÑ¡Ôñ 1)
ÄúµÄ¾ö¶¨ÊÇʲô£¿1
ÇëÊäÈëÃèÊö(¿ÉÑ¡)£»ÒÔ¿Õ°×ÐнáÊø£º
>
µõÏúÔÒò£ºÃÜÔ¿ÒÑй©
(²»¸ø¶¨ÃèÊö)
ÕâÑù¿ÉÒÔÂ𣿠(y/N)y
ÄúÐèÒªÊäÈëÃÜÂ룬²ÅÄܽ⿪Õâ¸öÓû§µÄ˽Կ£º¡°gnupg <root@xfcy.org>¡±
2048 λµÄ RSA ÃÜÔ¿£¬Ô¿³×ºÅ D44CECE9£¬½¨Á¢ÓÚ 2013-04-03
ÒÑÇ¿ÐÐʹÓà ASCII ·â×°¹ýµÄÊä³ö¡£
Òѽ¨Á¢µõÏúÖ¤Êé¡£
Çë°ÑÕâ¸öÎļþתÒƵ½Ò»¸ö¿ÉÒþ²ØÆðÀ´µÄ½éÖÊ(ÈçÈíÅÌ)ÉÏ£»Èç¹û»µÈËÄܹ»È¡µÃÕâ
·ÝÖ¤ÊéµÄ»°£¬ÄÇôËû¾ÍÄÜÈÃÄúµÄÃÜÔ¿ÎÞ·¨¼ÌÐøʹÓᣰÑÕâ·Ýƾ֤´òÓ¡³öÀ´ÔÙ²Ø
µ½°²È«µÄµØ·½Ò²ÊǺܺõķ½·¨£¬ÒÔÃâÄúµÄ±£´æýÌåËð»Ù¶øÎÞ·¨¶ÁÈ¡¡£µ«ÊÇǧÍò
СÐÄ£ºÄúµÄ»úÆ÷ÉϵĴòӡϵͳ¿ÉÄÜ»áÔÚ´òÓ¡¹ý³ÌÖаÑÕâЩÊý¾ÝÁÙʱÔÚij¸öÆäËû
ÈËÒ²Äܹ»¿´µÃµ½µÄµØ·½£¡
[root@rhel6 GPG]# gpg --keyserver Server Address --send-keys mykeyID
9.ÃÜÔ¿µÄɾ³ý£º
±ØÐëÏÈɾ³ý˽Կ£¬È»ºó²ÅÄÜɾ³ý¹«Ô¿¡£
[root@rhel6 ~]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/D44CECE9 2013-04-03
uid gnupg <root@xfcy.org>
sub 2048R/9EF29EB1 2013-04-03
[root@rhel6 ~]# gpg --delete-secret-keys D44CECE9
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec 2048R/D44CECE9 2013-04-03 gnupg <root@xfcy.org>
Òª´ÓÔ¿³×»·Àïɾ³ýÕâ°ÑÃÜÔ¿Âð£¿(y/N)y
ÕâÊÇÒ»°Ñ˽Կ£¡----ÕæµÄҪɾ³ýÂð£¿(y/N)y
[root@rhel6 ~]# gpg --delete-keys D44CECE9
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 2048R/D44CECE9 2013-04-03 gnupg <root@xfcy.org>
Òª´ÓÔ¿³×»·Àïɾ³ýÕâ°ÑÃÜÔ¿Âð£¿(y/N)y
[root@rhel6 ~]# gpg --list-keys
×÷Õߣºmissedyou