Intro
PGP (Pretty Good Privacy) Wiki
PGP – yidas/web-service-principles GitHub
PGP Flow
Commands
產生金鑰 – Generate public/private key
$ gpg --gen-key
完整產生金鑰選項:
gpg --full-generate-key
,含algorithm, key length, expired time
其中,Username
與passphrase
為必要。
列出金鑰 – List keys
$ gpg -k
/Users/user/.gnupg/pubring.kbx
-----------------------------------
pub rsa4096 2022-03-17 [SC]
FF109AE3F8E4A67130647BD887C3B247FDB83745
uid [ultimate] Test Key <test-key@email.com>
sub rsa4096 2022-03-17 [E]
pub rsa3072 2022-03-17 [SC] [expires: 2023-03-17]
1DBB24F86AF46DC56793606C25BA88AD42AE2F73
uid [ultimate] Test Expiration <test-expiration@email.com>
sub rsa3072 2022-03-17 [E] [expires: 2023-03-17]
加密 – Encryption
$ gpg -ear {Key-Name} < plain.txt > plain.txt.asc
其中
-a
為輸出ASCII Armor格式,-r
為指定Key的USER-ID
解密 – Decryption
$gpg -d < plain.txt.asc > plain.txt
密文裡包含Key資訊,不需額外指定Private Key
匯出金鑰 – Export
匯出Public Key:
$ gpg --export -a "{User-ID}" > public-key.asc
匯出Private Key:
$ gpg --export-secret-key -a "{User-ID}" > private-key.asc
匯入金鑰 – Import
$ gpg --import key.asc
刪除金鑰 – Delete
刪除Public Key:
$ gpg --delete-keys "{User-ID}"
刪除Private Key:
$ gpg --delete-secret-keys "{User-ID}"
格式轉換 – Armor
將Binary
包裝轉成PGP ASCII armor
:
$ gpg --enarmor < filename.gpg > filename.asc
將PGP ASCII armor
解包轉回Binary
:
$ gpg --dearmor < filename.asc > filename.gpg