Linux下PGP使用

PGP是民用级别最先进的加密技术,最新版本提供高达4096~16384 位长度密匙.
即使从理论上说世界最先进超级计算机,也是几乎不可能破解的.

PGP专利在2002年被一家新公司收购.目前该公司网站上最新桌面版本是PGP Desktop 9.6.3 .商业软件 .在Verycd上有破解版

话说今天偶无意在SSH下输入 pgp ,居然有反应:
Error: Filename for decryption needed.
不是”command not found” ,表明系统里有pgp这个东西 (Debian Linux)

which pgp看看
/usr/bin/pgp

pgp –help 看看
Invalid option: —

pgp -h 看看
Help not supported.

这时候我最初的喜悦已荡然无存.再输入 man pgp 看看:
No manual entry for pgp
See ‘man 7 undocumented’ for help when manual pages are not available.

这时我彻底晕了.什么破东西,连个帮助都没有,而且是/bin 目录的程序.Linux下没有帮助文档的程序偶以前还真没见着.今天算长见识了-_-

后来发现,Linux下, pgp 是 GPG 连接
gpg -h 和 man gpg 都可以得到帮助
刚才是偶自己小白…

于是查资料,这玩意叫 GNU PGP .
用 pgp -kg ,按照提示Step by Step生成新密匙. 过程如下

[silk]:~$ pgp -kg
gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter)

Real name: [email protected]
Email address: [email protected]
Comment: Email PGP
You selected this USER-ID:
[email protected] (Email PGP)

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.+++++.++++++++++.+++++…+++++++++++++++..++++++++++.+++++.+++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++.++++++++++.+++++>+++++.+++++…… …………………+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.+++++..+++++..+++++..+++++++++++++++++++++++++.+++++…+++++…+++++++++++ ++++.+++++++++++++++.++++++++++++++++++++++++++++++.+++++.+++++.+++++++++++++++. 此处随便输入键盘字符以获得随机密匙
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
gpg: /home/cxy152376stu/.gnupg/trustdb.gpg: trustdb created
gpg: key D85B41C0 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024g/********* 2007-12-08
Key fingerprint = ********************************
uid [email protected] (Email PGP)
sub 4096g/********* 2007-12-08

[silk]:~$

现在用 gpg –list-keys 看看生成的密匙

[silk]:~$ gpg –list-keys
/home/cxy152376stu/.gnupg/pubring.gpg
————————————-
pub 1024D/****** 2007-12-08
uid [email protected] (Email PGP)
sub 4096g/****** 2007-12-08

[silk]:~$

用 gpg –list-sigs 可以看看公匙数字签名.gpg –fingerprint看看指纹.要删除一个公匙/私匙,用
gpg –delete-key UID / gpg –delete-secret-key .

用 gpg –edit-key UID 可以编辑信息

看看具体的密匙文件:

$ cd /home/cxy152376stu/.gnupg/
[silk]:~/.gnupg$ ls -lh
total 28K
-rw——- 1 cxy152376stu pg1111092 7.9K Dec 8 02:44 gpg.conf
-rw——- 1 cxy152376stu pg1111092 1.7K Dec 8 02:58 pubring.gpg
-rw——- 1 cxy152376stu pg1111092 1.7K Dec 8 02:58 pubring.gpg~
-rw——- 1 cxy152376stu pg1111092 600 Dec 8 02:58 random_seed
-rw——- 1 cxy152376stu pg1111092 1.9K Dec 8 02:58 secring.gpg
-rw——- 1 cxy152376stu pg1111092 1.3K Dec 8 02:58 trustdb.gpg
[silk]:~/.gnupg$

pubring.gpg 和 pubring.gpg~ 文件完全相同 (diff一下就知道)
secring.gpg 应该是你刚刚生成的私匙.

现在看看用其加/解密文件
基本命令:
gpg -e[a] -r RECEPIER [DATA]
gpg -d [Data]

[DATA] 可以是文件名. 加上-a参数生成ASCII格式密文.否则生成二进制密文
加密的文件默认输出为 FILENAME.gpg 或 FILENAME.asc (根据加密时是否有 -a选项)

-r 指定收件人的UID(就是Email)(貌似,不加 -r 也可以 ) ,gpg将用收件人公匙加密数据,然后你把电子邮件发送给收件人后,他可以用自己私匙解密.这是非对称公匙加密技术基本原理.

在解密时,如果你创建了多个私匙,用 -u UID 指定,否则gpg将要求你手工选择 . UID 可以是你创建密匙时输入的Email.
解密的文件默认输出到stdout,请用 > 重定向 或 -o FILENAME 指定输出文件.

在实际应用中,要加密发送给某人邮件,必须先用 gpg –import [Filename] 导入其公匙 (不指定文件名,从标准输入读取)
但这里偶只是做实验,[email protected],然后再用这个私匙解密

全部实验过程如下所示:

[silk]:~/test/gpg$ ls
test_file
[silk]:~/test/gpg$ cat test_file #显示原文
asdfg123456
test
[silk]:~/test/gpg$ gpg -ea -r [email protected] test_file #加密
[silk]:~/test/gpg$ ls
test_file test_file.asc
[silk]:~/test/gpg$ cat test_file.asc #显示加密后密文
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.1 (GNU/Linux)

hQQOAxavKJsQ/Fl1EA//cQbPUB+s3Xl5gGvx5x2YTT9L7W86Irra1W5Pq+NMXbDw
AD32Yu5EtlAzor8LvUHSZR2aubfpPKM0d6OSGm7MXKZtsWHgRDelKlpjA2IO/sRf
LKq/uq/3gKG3jDamhYLVmCeQSE69PPmu5y8PlrSjWJUge91yzonlK9eKqjKKCV8a
zMH0/84B3rHZc7MwlVfC/aQKHmvCkD6Wj3SwMngrZWxjK6qVRN3ISLjd6BC0CFnP
dddfffffffffffffffffffffffffffdddddddddfffffffffff+X3jup02hGDBzoeGplhTw69BbD2qpV
n6X+ndRwT3n25bS3SghveuH4wqoGEyg3MxWlQf4QJI8HOm+ADWGpEkITFbuWvFHG
eOi5NLEVxcGtT/lWeSCkQPuSL8Y/uvUwWV00HhzOR+CFUIUyw/8W9b5SbvxTdVxb
qyK9lJScJhl3G9WOMplGVPAnuO10sdfgghhhpb6F9xOGDP+oAgCV5gnHrZl9X
jvhpTGz4Ffb3HUnUS6Bjg+depgm/UgkccMRAZz9oTQwxwyPjrtZA/KGEvKoU0/+X
+7MhNrKYgvDn5Au1Z0kHwZSWPlV+E8YtpOwVlE2Gwnb2O15x1Uu2xwy0MajjS2hk
Mnd1Pq1RhGFHnGhxiV6WW4yyrvtaBW5D8dvCXtJt8+xirq/1YQ99nlMV/YLe1GAP
/AyAywLkUpRnmzjwFImZwdaodBlUNKD7zbWsMwlpxJT5X1AvsOEETftRgXIYWrmt
UU5T0jromCmtym5P/X4AbqpqV+M1bfY0xWZtDNAREQUt4Aas1XhObmfATtgkVR2o
2rzvd3pv2k6vmgD+Izc2yL3mdRfz4nOD30NwUTnpvNY+/a/Gup6MCBF3zglevZZL
gbSvRd7Q90Go3d5UEpSGDiyhYQFel+pRoCj1AIw9wKKDecqEPvVHXbaplgrqZGx5
JjaCqV0c8d4aMJtnVF3VEd19AwgJKQYNrJ4/ssa/3zIQiWGp39ZO53hDbGl5+TUd
SE2ZGAOxchVVmrRmWojO5oEYJcVMHGBr/YGqiUMYE0jvzBHx4B7h38f6RRXGVczL
W4Bq3p7QgclamJ10kJUNwiv/JUaek+daRH8XX0Q/zEGQVgGSBQe794mj6gsnH9LY
Z4ZI39rb33IjMkJ9BhSYzBf3AkUBf6lzQv7+KTnv2Y1ukRCWCYDv9NVm6tJgY4HC
Pb47zgr+gWBS4EeArKoBE7kujcXTRZ1Owi+j8GV575P6rvO+1faM9Dkf8BWnlwno
HL7wSJaL8fo40PZClcr/SKD7ehfeQl/QgZMTIOpzaQv9BADjfFPVbRBhBy5HLkcm
lh0JWrgkEVga4RhD2mc9v1aYNN29YqkQmj/BHZ4U5wt40lMBxOFlZfJC2IjfY6NZ
+qZJsyhnQulRWvkcwj0vVkM7Dxff03S3f630vIPRtpwXVU3XpyzFr5rFTszULFy7
d2Mg7mKPRcig92TGrsOfPWuXM2MhPg==
=yKEu
—–END PGP MESSAGE—–
[silk]:~/test/gpg$ gpg -d test_file.asc >test_file.asc.decrypt #解密

You need a passphrase to unlock the secret key for
user: “[email protected] (Email PGP) 输入密码
4096-bit ELG-E key, ID 10FC5975, created 2007-12-08 (main key ID D85B41C0)

gpg: encrypted with 4096-bit ELG-E key, ID 10FC5975, created 2007-12-08
[email protected] (Email PGP)
[silk]:~/test/gpg$ cat test_file.asc.decrypt #我们看到,密文解密后与原文完全一致.
asdfg123456
test
[silk]:~/test/gpg$

gpg 还有很多用法,比如可以结合Linux下邮件程序 (mail ,mutt 等) 直接发送加密邮件
或用自己私匙给外发邮件添加数字签名等.
这里不一一介绍.需要的自己查文档
(本文就是偶自己翻文档 写出来的)

More information about PGP
PGP作者介绍
GPG 命令 user Guide

1 Response to “Linux下PGP使用”


Comments are currently closed.