GnuPG高级指导（6）在其他电脑上启用“我的密钥”

1 其他电脑上的密钥

root@debian8:~# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec  1024D/D04D1A0B 2016-11-25 [expires: 2016-12-09]

uid                  debian8

ssb   2048g/C1845DA4 2016-11-25

sec  4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

ssb   4096R/0A09DAC9 2016-11-25

root@debian8:~#

root@debian8:~#

可以删掉“临时”密钥 ------ debian8（或者不删也可以）

root@debian8:~# gpg --delete-secret-key D04D1A0B

gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

sec  1024D/D04D1A0B 2016-11-25 debian8

Delete this key from the keyring? (y/N) y

This is a secret key! - really delete? (y/N) y

root@debian8:~#

root@debian8:~# gpg --delete-key D04D1A0B

gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

pub  1024D/D04D1A0B 2016-11-25 debian8

Delete this key from the keyring? (y/N) y

root@debian8:~#

root@debian8:~# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

root@debian8:~# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec# 4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

ssb   4096R/0A09DAC9 2016-11-25

root@debian8:~#

[root@centos7 ~]#

[root@centos7 ~]# gpg -K

/root/.gnupg/secring.gpg

------------------------

sec#  4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

ssb   4096R/0A09DAC9 2016-11-25

[root@centos7 ~]# gpg -k

/root/.gnupg/pubring.gpg

------------------------

pub   4096R/276856F7 2016-11-25 [expires: 2017-04-24]

uid                  FranklinYang (Encrypt RSA 4096) <andypeker@163.com>

sub   4096R/0A09DAC9 2016-11-25 [expires: 2017-04-24]

[root@centos7 ~]#

[root@centos7 ~]#

2 加密在debian8解密

opensuse13:~ #

opensuse13:~ # vi temp_txt.log

opensuse13:~ # cat temp_txt.log

Try

        decrypt

                on

        debian

                8

        with

                new

                secret

                        key

        ！

opensuse13:~ #

opensuse13:~ #

opensuse13:~ # gpg -u "FranklinYang" -r "FranklinYang" -a -o temp_txt.log.gpg -e temp_txt.log

opensuse13:~ # l temp_txt.log.gpg

-rw-r--r-- 1 root root  969 Nov 26 14:22 temp_txt.log.gpg

opensuse13:~ #

opensuse13:~ #

opensuse13:~ # scp temp_txt.log.gpg franklin@192.168.19.132:/home/franklin/

franklin@192.168.19.132's password:

temp_txt.log.gpg                                            100%  969     1.0KB/s   00:00

opensuse13:~ #

opensuse13:~ #

opensuse13:~ #

（在debian8上解密）

root@debian8:~#

root@debian8:~#

root@debian8:~# gpg -d temp_txt.log.gpg

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 0A09DAC9, created 2016-11-25 (main key ID 276856F7)

gpg: encrypted with 4096-bit RSA key, ID 0A09DAC9, created 2016-11-25

      "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

Try

        decrypt

                on

        debian

                8

        with

                new

                secret

                        key

        ！

root@debian8:~#

root@debian8:~#

root@debian8:~#

root@debian8:~#

root@debian8:~#

或者，在centos7上加密和签名，发给debian8：

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]# cat temp.sig.log

Try

        decrypt

                on

        debian

                8

        with

                new

                secret

                        key

        ！

        encrypt

                and

        AND     signature

                on      CENTOS7

        !

sending

        to

                DEBIAN8

        !

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]# gpg -a -o temp.sig.log.sig.CAST5.asc -u "FranklinYang" -r "FranklinYang" -se --cipher-algo CAST5 temp.sig.log

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 276856F7, created 2016-11-25

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]# l temp.sig.log.sig.CAST5.asc

-rw-r--r--. 1 root root 1835 Nov 26 01:55 temp.sig.log.sig.CAST5.asc

[root@centos7 ~]#

[root@centos7 ~]#

[root@centos7 ~]# scp temp.sig.log.sig.CAST5.asc franklin@debian8:/home/franklin/

franklin@debian8's password:

temp.sig.log.sig.CAST5.asc                                   100% 1835     1.8KB/s   00:00

[root@centos7 ~]#

[root@centos7 ~]#

（在debian8上解密并验证签名）

root@debian8:~#

root@debian8:~#

root@debian8:~# gpg -o temp.sig.log -d temp.sig.log.sig.CAST5.asc

You need a passphrase to unlock the secret key for

user: "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

4096-bit RSA key, ID 0A09DAC9, created 2016-11-25 (main key ID 276856F7)

gpg: encrypted with 4096-bit RSA key, ID 0A09DAC9, created 2016-11-25

      "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

gpg: Signature made Mon 28 Nov 2016 11:25:08 PM CST using RSA key ID 276856F7

gpg: Good signature from "FranklinYang (Encrypt RSA 4096) <andypeker@163.com>"

root@debian8:~#

root@debian8:~#

root@debian8:~# cat temp.sig.log

Try

        decrypt

                on

        debian

                8

        with

                new

                secret

                        key

        ！

        encrypt

                and

        AND     signature

                on      CENTOS7

        !

sending

        to

                DEBIAN8

        !

root@debian8:~#

root@debian8:~#

root@debian8:~#