1.加密
使用其他人的公鑰加密方式,首先需要先匯入對方的key
gpg --import key.asc
接著查看現在public key,key store的狀態
========================================================
查看本機金鑰狀態
gpg --list-keys #列出public key的狀態
pub 2048R/B3399DFB 2014-04-08
uid twnic (twnic) //我自己的key
sub 2048R/6C1C9FD9 2014-04-08
pub 2048R/81A4B423 2014-04-08
uid twnic2 (twnic2) //其他人的key
sub 2048R/D2295BA2 2014-04-08
列出自己的private key
gpg --list-secret-keys #列出private key的狀態
------------------------
sec 1024R/CE627B2B 2014-04-03 [expires: 2014-04-17]
uid tszheng (twnic)
ssb 1024R/D5685EE9 2014-04-03
sec 2048R/B3399DFB 2014-04-08
uid twnic (twnic)
ssb 2048R/6C1C9FD9 2014-04-08
========================================================
匯出金鑰
匯出自己的private key
gpg -o filename --export-secret-keys TWNIC #匯出binary檔
gpg -a -o filename --export-secret-keys TWNIC #匯出文字檔
匯出自己private key簽署出來的public key
gpg --export --armor twnic > public_twnic.asc
========================================================
匯入金鑰
gpg --import pub_twnic.asc
========================================================
加密
用別人的key進行加密
gpg --trust-mode always -o sample.gpg --encrypt --recipient twnic2 sample.txt
再將加密後的檔案sample.gpg使用自己的key加密成gpg2
gpg --trust-mode always -o sample.gpg2 --encrypt --recipient twnic sample.gpg
========================================================
產生簽章
gpg --output sample.sig -u 'key' --detach-sig sample.gpg2
同時用對方的public key加密與用自己的private key簽章
gpg --local-user 'private key' --trust-mode always -o sample.gpg --encrypt --recipient 'public key' sample.txt
========================================================
驗證簽章
gpg --verify sample.sig sample.gpg
如果簽章與加密檔是同一個檔案,則需要先分離簽章
gpg --detach-sign sample.gpg
這時候應該會產生一個sample.gpg.sig檔,再用這個簽章檔做驗證
gpg --verify sample.gpg.sig sample.gpg
========================================================
解密
2.解密
首先一樣須匯入對方的key
接著連續解密兩次(key store需要有對方的public key)
gpg -o sample.gpg --decrypt sample.gpg2
gpg -o sample.txt --decrypt sample.gpg
即可得到原始檔案sample.txt
更詳細可參考http://vnimos.blog.51cto.com/2014866/1175889
使用其他人的公鑰加密方式,首先需要先匯入對方的key
gpg --import key.asc
接著查看現在public key,key store的狀態
========================================================
查看本機金鑰狀態
gpg --list-keys #列出public key的狀態
pub 2048R/B3399DFB 2014-04-08
uid twnic (twnic)
sub 2048R/6C1C9FD9 2014-04-08
pub 2048R/81A4B423 2014-04-08
uid twnic2 (twnic2)
sub 2048R/D2295BA2 2014-04-08
列出自己的private key
gpg --list-secret-keys #列出private key的狀態
------------------------
sec 1024R/CE627B2B 2014-04-03 [expires: 2014-04-17]
uid tszheng (twnic)
ssb 1024R/D5685EE9 2014-04-03
sec 2048R/B3399DFB 2014-04-08
uid twnic (twnic)
ssb 2048R/6C1C9FD9 2014-04-08
========================================================
匯出金鑰
匯出自己的private key
gpg -o filename --export-secret-keys TWNIC #匯出binary檔
gpg -a -o filename --export-secret-keys TWNIC #匯出文字檔
匯出自己private key簽署出來的public key
gpg --export --armor twnic > public_twnic.asc
========================================================
匯入金鑰
gpg --import pub_twnic.asc
========================================================
加密
用別人的key進行加密
gpg --trust-mode always -o sample.gpg --encrypt --recipient twnic2 sample.txt
再將加密後的檔案sample.gpg使用自己的key加密成gpg2
gpg --trust-mode always -o sample.gpg2 --encrypt --recipient twnic sample.gpg
========================================================
產生簽章
gpg --output sample.sig -u 'key' --detach-sig sample.gpg2
同時用對方的public key加密與用自己的private key簽章
gpg --local-user 'private key' --trust-mode always -o sample.gpg --encrypt --recipient 'public key' sample.txt
========================================================
驗證簽章
gpg --verify sample.sig sample.gpg
如果簽章與加密檔是同一個檔案,則需要先分離簽章
gpg --detach-sign sample.gpg
這時候應該會產生一個sample.gpg.sig檔,再用這個簽章檔做驗證
gpg --verify sample.gpg.sig sample.gpg
========================================================
解密
2.解密
首先一樣須匯入對方的key
接著連續解密兩次(key store需要有對方的public key)
gpg -o sample.gpg --decrypt sample.gpg2
gpg -o sample.txt --decrypt sample.gpg
即可得到原始檔案sample.txt
更詳細可參考http://vnimos.blog.51cto.com/2014866/1175889