GnuPG 安裝:
- 從 https://gnupg.org/download/ 到 GnuPG for OS X 區
- 下載 GnuPG-2.2.19.dmg ,安裝後在 /usr/local/gnupg-2.2/
- 推論環境變數可能就能找到 gpg2 ,或是用 /usr/local/gnupg-2.2/bin/gpg2
$ gpg2 --full-generate-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: HelloWorld
Email address: group@HelloWorld.com
Comment:
You selected this USER-ID:
"HelloWorld <group@HelloWorld.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Passphrase: HelloWorld!!
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key ####### marked as ultimately trusted
gpg: directory '/path/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/.gnupg/openpgp-revocs.d/#1#2#3#4#5#6#7#8#9#0.rev'
public and secret key created and signed.
pub rsa2048 2020-03-13 [SC]
#1#2#3#4#5#6#7#8#9#0
uid HelloWorld <group@HelloWorld.com>
sub rsa2048 2020-03-13 [E]
匯出 Public Key 靠這招:
$ gpg2 --armor --export "HelloWorld <group@HelloWorld.com>" > your-pubkey.asc
$ gpg2 --armor --export "#1#2#3#4#5#6#7#8#9#0" > your-pubkey.asc
匯出 private key:
$ gpg2 --export-secret-keys "HelloWorld <group@HelloWorld.com>" > your-private-key.asc
$ gpg2 --export-secret-keys "#1#2#3#4#5#6#7#8#9#0" > your-private-key.asc列出目前的 keys:
$ gpg2 --list-keys
/path/.gnupg/pubring.kbx
------------------------------------
pub rsa2048 2020-03-13 [SC]
#1#2#3#4#5#6#7#8#9#0
uid [ unknown] HelloWorld <group@HelloWorld.com>
sub rsa2048 2020-03-13 [E]
$ gpg2 --list-secret-keys
/path/.gnupg/pubring.kbx
------------------------------------
sec rsa2048 2020-03-13 [SC]
#1#2#3#4#5#6#7#8#9#0
uid [unknown] HelloWorld <group@HelloWorld.com>
ssb rsa2048 2020-03-13 [E]
刪除 Keys,若該 key 組合內有 secret key ,需要先刪除 secret key :
$ gpg2 --delete-secret-keys "#1#2#3#4#5#6#7#8#9#0"
刪除 public key:
$ gpg2 --delete-keys "#1#2#3#4#5#6#7#8#9#0"
匯入 Keys:
$ gpg2 --import your-private-key.asc
$ gpg2 --import your-pubkey.asc
使用 Keys 做加密,產生 *.gpg 檔案:
$ cat /tmp/text
hello world
$ gpg2 -r "#1#2#3#4#5#6#7#8#9#0" -e /tmp/text
$ ls /tmp/text.gpg
/tmp/text.gpg
使用 Keys 對 *.gpg 解密,若沒有 private key 獲得到:
$ gpg2 -r "#1#2#3#4#5#6#7#8#9#0" -d /tmp/text.gpg
gpg: encrypted with 2048-bit RSA key, ID ######, created 2020-03-13
"HelloWorld <group@HelloWorld.com>"
gpg: decryption failed: No secret key
有 private key 就會正常解出來:
$ gpg2 -r "#1#2#3#4#5#6#7#8#9#0" -d /tmp/text.gpg
gpg: encrypted with 2048-bit RSA key, ID #, created 2020-03-13
"HelloWorld <group@HelloWorld.com>"
hello world
沒有留言:
張貼留言