Windows cmd下的GNUgpg的使用方法
生成自己的密钥对:
使用GnuPG之前必须生成密钥对(公钥和私钥),参数选项”–gen-key”可以生成密钥对。可按如下步骤操作。
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg.exe –gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: directory `/home/Administrator/.gnupg’ created
gpg: new configuration file `/home/Administrator/.gnupg/gpg.conf’ created
gpg: WARNING: options in `/home/Administrator/.gnupg/gpg.conf’ are not yet active during this run
gpg: keyring `/home/Administrator/.gnupg/secring.gpg’ created
gpg: keyring `/home/Administrator/.gnupg/pubring.gpg’ created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? [回车]
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) yYou need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”Real name: Nova
Name must be at least 5 characters long
Real name: xinxing
Email address: imdba@imdba.cn
Comment: imdba.cn
You selected this USER-ID:
“xinxing (imdba.cn) <imdba@imdba.cn>”Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.++++++++++.++++++++++++++++++++.++++++++++++++++++++++++++++++.+++++.++++++++++ ++++++++++.++++++++++.+++++.++++++++++++++++++++++++++++++>++++++++++……….. ..>+++++..<+++++……………………+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++..++++++++++++++++++++++++++++++.++++++++++++++++++++.+++++++++++ +++++++++.++++++++++++++++++++.+++++++++++++++++++++++++++++++++++…+++++>…++ ++++++++>+++++………..>+++++…………………………………………. …>+++++<.+++++………+++++^^^^^^^^^
gpg: /home/Administrator/.gnupg/trustdb.gpg: trustdb created
gpg: key C2839106 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/C2839106 2009-10-24
Key fingerprint = 3851 295C D23C 2FC1 FFC7 9B9B E65C 6392 C283 9106
uid xinxing (imdba.cn) <imdba@imdba.cn>
sub 2048g/8F1EB3E9 2009-10-24
导出公钥,提供给他人加密文件传输用
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg –output pubring.gpg –export –armor> xinxing.asccygwin@imdba.cn /cygdrive/c/gnupg
$ gpg –output imdba.cn.asc –export –armor> xinxing.asc
cygwin@imdba.cn /cygdrive/c/gnupg
导入别人提供给自己的公钥
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg –import xinxingcyou.asc
列出自己拥有的用户的公钥列表
$ gpg.exe –list-keys
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
/home/Administrator/.gnupg/pubring.gpg
————————————–
pub 1024D/C2839106 2009-10-24
uid xinxing (imdba.cn) <imdba@imdba.cn>
sub 2048g/8F1EB3E9 2009-10-24pub 1024D/294862C4 2009-06-24
uid xinxing <xinxing@cyou.com>
sub 2048g/A895F53A 2009-06-24cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg –fingerprint 294862C4
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
pub 1024D/294862C4 2009-06-24
Key fingerprint = C006 D074 3152 A938 42AD 4DE3 489A 8741 2948 62C4
uid xinxing <xinxing@cyou.com>
sub 2048g/A895F53A 2009-06-24
导入密钥之后,可以使用 –sign-key 选项进行签名,签名的目的是证明您完全信任这个xinxing_cyou.asc证书的合法性。
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg –sign-key 294862C4
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more informationpub 1024D/294862C4 created: 2009-06-24 expires: never usage: SC
trust: unknown validity: unknown
sub 2048g/A895F53A created: 2009-06-24 expires: never usage: E
[ unknown] (1). xinxing <xinxing@cyou.com>pub 1024D/294862C4 created: 2009-06-24 expires: never usage: SC
trust: unknown validity: unknown
Primary key fingerprint: C006 D074 3152 A938 42AD 4DE3 489A 8741 2948 62C4xinxing <xinxing@cyou.com>
Are you sure that you want to sign this key with your
key “xinxing (imdba.cn) <imdba@imdba.cn>” (C2839106)Really sign? (y/N) y
You need a passphrase to unlock the secret key for
user: “xinxing (imdba.cn) <imdba@imdba.cn>”
1024-bit DSA key, ID C2839106, created 2009-10-24
对文件加密过程:首先列出对可用加密的用户列表
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg.exe –list-keys
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
/home/Administrator/.gnupg/pubring.gpg
————————————–
pub 1024D/C2839106 2009-10-24
uid xinxing (imdba.cn) <imdba@imdba.cn>
sub 2048g/8F1EB3E9 2009-10-24pub 1024D/294862C4 2009-06-24
uid xinxing <xinxing@cyou.com>
sub 2048g/A895F53A 2009-06-24
对文件check_mysqlpr.sh进行加密
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg –sign –encrypt check_mysqlpr.sh
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more informationYou need a passphrase to unlock the secret key for
user: “xinxing (imdba.cn) <imdba@imdba.cn>”
1024-bit DSA key, ID C2839106, created 2009-10-24
You did not specify a user ID. (you may use “-r”)
Current recipients:
Enter the user ID. End with an empty line: C2839106
Current recipients:
2048g/8F1EB3E9 2009-10-24 “xinxing (imdba.cn) <imdba@imdba.cn>”
Enter the user ID. End with an empty line: 294862C4
Current recipients:
2048g/A895F53A 2009-06-24 “xinxing <xinxing@cyou.com>”
2048g/8F1EB3E9 2009-10-24 “xinxing (imdba.cn) <imdba@imdba.cn>”
Enter the user ID. End with an empty line: 输入空格才会结束
对文件进行解密过程:
cygwin@imdba.cn /cygdrive/c/gnupg
$ gpg -d check_mysqlpr.sh.gpg >check_mysqlpr.sh
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more informationYou need a passphrase to unlock the secret key for 输入密码
user: “xinxing (imdba.cn) <imdba@imdba.cn>”
2048-bit ELG-E key, ID 8F1EB3E9, created 2009-10-24 (main key ID C2839106)gpg: encrypted with 2048-bit ELG-E key, ID A895F53A, created 2009-06-24
“xinxing <xinxing@cyou.com>”
gpg: encrypted with 2048-bit ELG-E key, ID 8F1EB3E9, created 2009-10-24
“xinxing (imdba.cn) <imdba@imdba.cn>”
gpg: Signature made Sat Oct 24 12:26:20 2009 using DSA key ID C2839106
gpg: Good signature from “xinxing (imdba.cn) <imdba@imdba.cn>”
cygwin@imdba.cn /cygdrive/c/gnupg
$参考文章: http://www.gnupg.org/faq.html
http://www.imdba.cn/2009/10/24/windows-cmd-gnugpg-manul/