Rexdf

The devil is in the Details.

GnuPG使用笔记

| Comments

一点关于gnupg的使用笔记。

配置

gpgMyBlog
$ gpg

gpg: WARNING: using insecure memory!

gpg: please see http://www.gnupg.org/documentation/faqs.html for more information

gpg: directory `/home/rexdf/.gnupg' created

gpg: new configuration file `/home/rexdf/.gnupg/gpg.conf' created

gpg: WARNING: options in `/home/rexdf/.gnupg/gpg.conf' are not yet active during this run

gpg: keyring `/home/rexdf/.gnupg/secring.gpg' created

gpg: keyring `/home/rexdf/.gnupg/pubring.gpg' created

gpg: Go ahead and type your message ...

 
gpg: Interrupt caught ... exiting

再次运行,则提示了两个问题,配置的权限问题和insecure memory问题。

gpgMyBlog
$ gpg

gpg: WARNING: unsafe permissions on configuration file `/home/rexdf/.gnupg/gpg.conf'

gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/rexdf/.gnupg/gpg.conf'

gpg: WARNING: using insecure memory!

gpg: please see http://www.gnupg.org/documentation/faqs.html for more information

gpg: Go ahead and type your message ...

 
gpg: Interrupt caught ... exiting

解决方案比较简单

gpgMyBlog
chgrp -R Users .gnupg

chmod -R 600 .gnupg

再次运行提示:

gpgMyBlog
$gpg

gpg: WARNING: using insecure memory!

gpg: please see http://www.gnupg.org/documentation/faqs.html for more information

gpg: Go ahead and type your message ...

 
gpg: Interrupt caught ... exiting

这个可以忽略的问题解决方案也是比较简单,只需要在~/.gnupg/gpg.conf尾部加上一行no-secmem-warning即可了。

创建密码

$ gpg --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
...

使用

对称加密myfile:

$gpg -c myfile

解密对称加密的文件:

$gpg -o mydecrypt -d myfile.gpg

查看已有的钥匙:

$gpg --list-keys

导出(备份)公钥:

$gpg -o mypubkey --export DDBA2DEA

以文本方式导出公钥:

$gpg -a -o mypubkeyascii --export DDBA2DEA

导出(备份)私钥:

$gpg -o mysubkey --export-secret-keys 2BBE2C91

导入私钥:

$gpg --import mysubkey

生成签名,过程如下:

$gpg -o mydecrypt.sig -s mydecrypt

产生文本格式的签名

$gpg -o mydecrypt.sig --clearsign mydecrypt

验证签名:

$gpg --verify mydecrypt.sig

将签名文件恢复

$gpg -o my --decrypt mydecrypt.sig

签名并加密:

$gpg -o mydecrypt.sig -ser quietheart mydecrypt

恢复加密的签名文件:

$gpg -o my --decrypt mydecrypt.sig

分离式签名:

$gpg -o mydecrypt.sig -ab mydecrypt

对分离的签名进行验证:

$gpg --verify mydecrypt.sig mydecrypt

编辑公钥

$gpg --edit-key someone

Comments