1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
| $ gpg --gen-key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory '/root/.gnupg' created gpg: new configuration file '/root/.gnupg/gpg.conf' created gpg: WARNING: options in '/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring '/root/.gnupg/secring.gpg' created gpg: keyring '/root/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only)
Your selection? 1 RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years
Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: usera Email address: usera@a.com Comment: You selected this USER-ID: "usera <usera@a.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 918DDD78 marked as ultimately trusted public and secret key created and signed.
gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/918DDD78 2021-03-24 Key fingerprint = 04F7 AC2E 9044 7279 E2A7 E024 E084 A914 918D DD78 uid usera <usera@a.com> sub 2048R/7E1EDB8D 2021-03-24
$ ll ~/.gnupg/ -rw------- 1 root root 7680 Mar 24 22:09 gpg.conf drwx------ 2 root root 6 Mar 24 22:09 private-keys-v1.d/ -rw------- 1 root root 1179 Mar 24 22:09 pubring.gpg -rw------- 1 root root 1179 Mar 24 22:09 pubring.gpg~ -rw------- 1 root root 600 Mar 24 22:09 random_seed -rw------- 1 root root 2557 Mar 24 22:09 secring.gpg srwxr-xr-x 1 root root 0 Mar 24 22:09 S.gpg-agent -rw------- 1 root root 1280 Mar 24 22:09 trustdb.gpg
$ gpg --list-keys /root/.gnupg/pubring.gpg ------------------------ pub 2048R/918DDD78 2021-03-24 uid usera <usera@a.com> sub 2048R/7E1EDB8D 2021-03-24
$ gpg --delete-key [用户ID]
$ gpg --armor --output publickey.txt --export usera@a.com $ more publickey.txt -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQENBGBbSCYBCACSO7YvhfEbqHkkxI3pg4g2AgftLWVRq90E06xcWTCbRRSguJZ/ ... -----END PGP PUBLIC KEY BLOCK-----
$ gpg --armor --output privatekey.txt --export-secret-keys usera@a.com $ more privatekey.txt -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) lQO+BGBbSCYBCACSO7YvhfEbqHkkxI3pg4g2AgftLWVRq90E06xcWTCbRRSguJZ ... -----END PGP PRIVATE KEY BLOCK-----
$ gpg --import [密钥文件]
$ echo aaa > a $ gpg --recipient usera@a.com --output a.gpg --encrypt a $ file a* a: ASCII text a.gpg: data
$ gpg --output b --decrypt a.gpg $ more b aaa
$ gpg a.gpg You need a passphrase to unlock the secret key for user: "usera <usera@a.com>" 2048-bit RSA key, ID 7E1EDB8D, created 2021-03-24 (main key ID 918DDD78) gpg: encrypted with 2048-bit RSA key, ID 7E1EDB8D, created 2021-03-24 "usera <usera@a.com>" File 'a' exists. Overwrite? (y/N) Enter new filename: c $ more c aaa
$ gpg --output a.sig --local-user usera --sign a $ file a.sig a.sig: data
$ gpg --output a.asc --local-user usera --clearsign a $ file a.asc a.asc: ASCII text $ more a.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 aaa -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJgW08BAAoJEOCEqRSRjd1419wH/3GtR7hLLY+nmUuaGtpjbP1f ... -----END PGP SIGNATURE-----
$ gpg --detach-sign a $ gpg --armor --detach-sign a
$ gpg --verify a.asc gpg: Signature made Wed 24 Mar 2021 10:48:36 PM CST using RSA key ID 918DDD78 gpg: Good signature from "usera <usera@a.com>"
$ gpg --decrypt a.asc > aa $ more aa aaa
|