我的GnuPG 使用笔记

yum install gnupg
or
apt-get instll gnupg

gpg --gen-key

[hew@localhost ~]$ gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
 
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1 #选择何种算法，一般默认。
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024 #密钥长度，默认2048，我选1024 太长加解密时间也长。
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      </n><n>w = key expires in n weeks
      </n><n>m = key expires in n months
      </n><n>y = key expires in n years
Key is valid for? (0) 0 #密钥有效期，默认长期有效。
Key does not expire at all
Is this correct? (y/N) y
 
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh @duesseldorf.de>"
 
Real name: lily
Name must be at least 5 characters long
Real name: lily.yu
Email address: linuxbyte@qq.com
Comment: linuxbyte@qq.com
You selected this USER-ID:
    "lily.yu (linuxbyte@qq.com) <linuxbyte @qq.com>"
#输入用户名和邮箱，用户名最好用全名最少5字符。
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
#这里会让你输入密码这是你私钥的验证密码
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++++++++++++.+++++++++++++++...++++++++++++++++++++++++++++++.++++++++++.+++++.+++++.+++++.+++++.+++++.++++++++++.+++++++++++++++.+++++.++++++++++.>+++++........................>+++++.< +++++........>+++++....< +++++.................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++.+++++.+++++.+++++++++++++++.+++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++.++++++++++>.+++++>+++++...................................+++++^^^
gpg: key 2FD93E4F marked as ultimately trusted
public and secret key created and signed.
 
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   1024D/2FD93E4F 2009-06-04
      Key fingerprint = BA6F 89DA F2B9 41B5 5312  96FB FA32 5AF9 2FD9 3E4F
uid                  lily.yu (linuxbyte@qq.com) </linuxbyte><linuxbyte @qq.com>
sub   1024g/D0C255EA 2009-06-04
</linuxbyte></heinrichh></n>

gpg -K #列出当前机器上的密钥
 
gpg -a -o lily.key --export lily.yu #导出lily 的公钥到lily.key 。
gpg -a -o lily-secret.key --export-secret-keys 2lily.yu #导出lily 的私钥
 
gpg --delete-keys lily.yu #从公钥钥匙环里删除密钥
gpg --delete-secret-keys lily.yu #从私钥钥匙环里删除密钥
gpg --delete-secret-and-public-key lily.yu #同时删除公钥私钥
 
gpg --import filenamepubkey  #导入一个密钥

gpg -ea -r "lily.yu" hello.txt #使用lily.yu 这个密钥加密hello.txt，你会得到一个加密后的文件hello.txt.asc。-a 表示已ASCII 输出.
gpg -o new.txt -d hello.txt.asc #解密hello.txt.asc 文件并输出到 new.txt 文件。

gpg -s hello.txt #为hello.txt 加签名，不加 -o 参数会产生一个hello.txt.gpg 文件
gpg --verify hello.txt.gpg #验证该文件的签名
 
gpg -o hello-new.txt --clearsign hello.txt #将数字签名直接附加在文件中
gpg --verify hello-new.txt #验证