#转载 #https://www.linuxidc.com/Linux/2013-06/85291.htm 1.生成密钥 #gpg --gen-key 2.查看密钥 #gpg -k 查看公钥:gpg --list-key 查看私钥:gpg --list-secret-keys 3.提取密钥: 提取公钥:#gpg -a --export testkey > testkey.asc #gpg -o testkey.pub --export testkey 提取私钥:#gpg -a --export-secret-keys testkey > testkey_pirv.asc #gpg -o testkey.pri --export-secret-keys testkey 4.导入密钥 导入公钥或私钥:gpg --import testkey 5.使用公钥加密文件: gpg -ea -r testkey filename 即会生成filename.asc的加密文件 6.使用私钥解密 #gpg -o filename -d filename.asc 输入私钥密码,即可把filename.asc的加密文件解密成filename文件。 7.文件签名加密 只有签名的文件:#gpg -o filename.sig -s filename (userB) 有签名的加密文件:#gpg -o filename.gpgs -es -u keyA -r keyB filename (userA,使用userB加密) 8.删除密钥 删除私钥:#gpg --delete-secret-key testkey 删除公钥:#gpg --delete-key testkey 9.发送密钥 拷贝发送 示例: [root@test3 ~]# gpg --gen-key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 #密钥类型,(3)(4)仅为签名 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) #密钥大小 Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 #默认"0",永久有效 Key does not expire at all Is this correct? (y/N) y #检查是否正确 GnuPG needs to construct a user ID to identify your key. Real name: testkey Email address: test@163.com Comment: phone:123456 You selected this USER-ID: #用户信息 "testkey (phone:123456) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. #然后会弹窗叫你输入密码 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Enter passphrase x x x x x x Passphrase ________________________________________ x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj #密码长度警告,满足条件则不会出现该页面 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Warning: You have entered an insecure passphrase. x x A passphrase should be at least 8 characters long. x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj #再次弹窗叫你重新输入密码 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please re-enter this passphrase x x x x Passphrase ________________________________________ x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj #确然之后会出现如下信息: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. #根据提示,该命令生成key时,需要kernel为该程序生成足够多的随机数,因此,我们只需要为kernel生成随机数即可(若出现卡在此处不动,应该是/dev/random问题,解决办法如下:) #安装rng-tools工具,该工具可以像指定文件生成随机数。这里,我们不需要退出原正在执行gpg --gen-key命令的console,新建一个终端,执行如下命令。命令执行完成后,原来卡住的界面就恢复运行了 # yum -y install rng-tools # rngd -r /dev/urandom #密码生成过程中可能会出现特殊符号,为正常现象 #出现如下信息表明gpg密钥生成成功 gpg: key 60328999 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u pub 2048R/60328999 2019-07-07 Key fingerprint = 4AEB 6336 B865 6B29 DCB7 338C 819E 1491 6032 8999 uid testkey (phone:12345678901) sub 2048R/29FDDC11 2019-07-07