加密和解密文件

要加密要保护的文件，请运行以下命令。

gpg --encrypt --recipient 'admin@example.com' --output confidential.txt.enc public.txt

我们应该看到如下所示的输出：

Output
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2021-06-30

我们现在可以删除public.txt文件，只有加密版本。

解密文件

使用公钥解密Compenteal.txt.enc文件。
运行以下命令：

gpg --decrypt --output public.txt confidential.txt.enc

输入解密的密钥。

gpg: encrypted with 3072-bit RSA key, ID 4BFCC6007183FE53, created 2019-07-01
"jack <admin@example.com>"

Concidenatial.txt.enc文件变为public.txt ..

导出公钥

如果我们需要导出和分享公钥，则运行以下命令。
公钥用于验证内容确实来自我们。

它还用于解密我们加密的内容。

gpg --armor --export admin@example.com > public_key.asc

我们还可以使用下面的命令将密钥导出为可读文本文件。

gpg --armor --output key.txt --export admin@example.com

之后，我们可以将公钥文件发送给可信的人。

第1步：安装gnupg

Gnupg是一个免费的软件实现OpenPGP标准，允许我们使用GPG加密进行加密和签署数据和通信。

安装Gnupg

sudo apt update
sudo apt install gnupg

运行以下命令查看它是否已安装，并支持哪些加密算法。
运行以下命令：

gpg --help

输出示例：

gpg --help
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/jack/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data

GPG加密有助于保存和安全的文件。

使用GPG加密在传输之前加密数据，确保任何没有有效匹配密钥对的任何人都不会被查看或者读取它们。

第2步：生成GPG密钥对

我们需要生成自己的GPG密钥对，包括私有和公钥。

私钥是主密钥。
它允许我们解密/加密文件并创建与私钥签名的签名。

公钥与那些应使用私钥进行加密的内容的人共享，并验证使用私钥加密的内容。

要生成关键对，请运行以下命令：

我们将被问到真实姓名和电子邮件地址以用于标识密钥。

gpg --gen-key
gpg (GnuPG) 2.2.4; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: jack
Email address: admin@example.com
You selected this USER-ID:
    "jack <admin@example.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/jack/.gnupg/trustdb.gpg: trustdb created
gpg: key F6A785CA937400D3 marked as ultimately trusted
gpg: directory '/home/jack/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/jack/.gnupg/openpgp-revocs.d/77B56FA102AECAC136D1C361F6A785CA937400D3.rev'
public and secret key created and signed.
pub   rsa3072 2019-07-01 [SC] [expires: 2021-06-30]
      77B56FA102AECAC136D1C361F6A785CA937400D3
uid                      jack <admin@example.com>
sub   rsa3072 2019-07-01 [E] [expires: 2021-06-30]

系统会提示我们输入并确认私钥的密码。