2013年6月11日 星期二

GnuPG (GPG) In Win32 免費檔案加解密軟體概念與常用指令

From: Polin Wei

GnuPG (GPG) 是一套完全免費的軟體( GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . ),也有在實務的商務中使用,安全性很高值得一用。

GnuPG 概念:
GPG, like PGP (Pretty Good Privacy), uses a key pair. This means that when you generate a key, you will create a public copy as well as private copy. The private copy is your copy used to decrypt an incoming file as well sign an outgoing file (but for our purposes, we are only using it to decrypt). The public key is the key you give to the public, which is used to encrypt the files coming to you. First we will create your own key.

These keys are stored in key rings. For GPG, they are stored in the directory that the GPG files were copied into. They are both named with a .GPG extension, and are called pubring.GPG and secring.GPG (to denote the public key ring and the private key ring, respectively).

原文的意思主要是說:GPG 會產生一組 Key ,一個是私鑰 ( Private Key:secring.GPG ) 用來解碼檔案,以及傳出檔案時作簽章 ( sign );一個是公鑰( Public Key:pubring.GPG )是要給客戶的,當客戶要傳檔案給你時,用此公鑰作加密。兩個檔案都是以 .GPG 作為附檔名。

GPG 常用的指令有:
  • gpg --gen-key            /** 產生組 Key ,私鑰 ( Private Key:secring.GPG )&公鑰( Public Key:pubring.GPG ) **/
  • gpg --edit-key [USER-ID] /** 對 USER-ID 作業 **/
        Command> passwd      /** 修改secret key的 Passphrase **/
  • gpg --import             /** 匯入客戶的金鑰 **/
        Command> trust       /** 對此客戶作信認 **/
  • gpg --list-keys          /** 列出所有的公鑰資訊 **/
  • gpg --list-secret-keys   /** 列出私鑰的資訊 **/
  • gpg --encrypt --armor --recipient [public key] --output encryptedfilename unencryptedfilename        /** 加密檔案 **/
  • gpg --always-trust --passphrase-fd 0 --output C:\gnupg\Decrypt\unencryptedfilename  -u "[USER-ID]" --no-tty --decrypt C:\gnupg\Encrypt\encryptedfilename < [passphrase.file] /** 解密 **/
  • gpg --delete-key hex value /** 移除信認的 USER-ID **/


    GnuPG (GPG) In Win32 免費檔案加解密軟體概念與實作

    GnuPG (GPG) In Win32 免費檔案加解密軟體的運用