Goal: Encrypt files using GPG
Distribution: Applies to any distribution
Requirements: Linux with GPG installed or root privileges to install it.
Difficulty: Easy
Promise:
Encryption is very important. It is essential to protect sensitive information. Your private files should be encrypted, and GPG provides a great solution.
GPG is widely used. You can find it in almost every distribution's repository. If you haven't installed it yet, do it now.
Debian/Ubuntu
$ sudo apt install gnupg
Fedora
# dnf install gnupg2
Arch
# pacman -S gnupg
Gentoo
# emerge --ask app-crypt/gnupg
You need a key pair to encrypt and decrypt files. If you have already generated a key pair for SSH, you can use it directly. If not, GPG includes tools to generate a key pair.
$ gpg --full-generate-key
GPG has a command line program that can help you generate keys step by step. It also has a much simpler tool, but this tool does not let you set the key type, key length, and expiration time, so this tool is not recommended.
GPG will first ask you for the type of key. If there is nothing special, just choose the default value.
The next step is to set the key length. 4096 is a good choice.
After that, you can set the expiration date. Set to 0 if you want the key to never expire.
Then, enter your name.
Finally, enter your email address.
You can also add a comment if you need.
After all this is completed, GPG will ask you to verify the information.
GPG will also ask you if you need to set a password for the key. This step is optional, but will increase the level of protection. If you need to set a password, GPG will collect your operation information to increase the robustness of the key. Once all of this is complete, GPG will display information about the key.
Now that you have your own key, encrypting your files is very simple. Use the following command to create a blank text file in the /tmp directory.
$ touch /tmp/test.txt
Then encrypt it with GPG. Here the -e flag tells GPG that you want to encrypt the file, and the -r flag specifies the recipient.
$ gpg -e -r "Your Name" /tmp/test.txt
GPG needs to know the recipient and sender of this file. Since this file is yours, there is no need to specify the sender, and the recipient is yourself.
After you receive the encrypted file, you need to decrypt it. You do not need to specify a key for decryption. This information is encoded in the file. GPG will try to decrypt it using the key inside.
$ gpg -d /tmp/test.txt.gpg
假设你需要发送文件给别人。你需要有接收者的公钥。 具体怎么获得密钥由你自己决定。 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取。
收到对方公钥后,导入公钥到 GPG 中。
$ gpg --import yourfriends.key
这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息。 记住,为了让别人能解密你的文件,别人也需要你的公钥。 因此导出公钥并将之发送出去。
gpg --export -a "Your Name" > your.key
现在可以开始加密要发送的文件了。它跟之前的步骤差不多, 只是需要指定你自己为发送人。
$ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt
就这样了。GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项。 GPG 就是这么易于使用。你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作。
The above is the detailed content of Encrypt and decrypt files using GPG. For more information, please follow other related articles on the PHP Chinese website!