[LINUX] Encryption / decryption with GPG command
I first learned about GPG commands while learning LPIC102, so I decided to actually use them to deepen my understanding.
environment
[ec2-user@ip-172-31-33-30 ~]$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Creating a key pair
Create a key pair interactively with the gpg --gen-key command as follows:
Key type: Leave default
Key length: The longer the key length, the stronger the security, so keep it at maximum.
Key validity period: When the key is leaked, it becomes invalid after the expiration date, so set it.
[ec2-user@ip-172-31-33-30 ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Select the key type you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (signature only)
(4) RSA (signature only)
What is your choice? 1
RSA keys can be 1024 to 4096 bits in length.
What is the key length? (2048) 4096
The requested key length is 4096 bits
Please specify the expiration date of the key.
0 = key is indefinite
<n> = Key expires in n days
<n> w = Key expires in n weeks
<n> m = key expires in n months
<n> y = key expires in n years
How long is the key valid? (0) 2y
The key will expire on May 29, 2022 at 03:48:32 UTC
Is this correct? (Y / N) y
GnuPG needs to configure a user ID to identify your key.
Real name: r_saiki
Email address: [email protected]
comment:
You have selected the following user ID:
"r_saiki <[email protected]>"
Change name (N), comment (C), email (E), or OK (O) or end (Q)? O
You will need a passphrase to protect your private key.
You will be asked for a passphrase.
Confirmation of the created key. Public key verification options: --list-public-keys or -k Private key verification options: --list-secret-keys or -K
[ec2-user@ip-172-31-33-30 ~]$ gpg --list-public-keys
/home/ec2-user/.gnupg/pubring.gpg
---------------------------------
pub 4096R / 0C8FB274 2020-05-29 [Expiration date: 2022-05-29]
uid r_saiki <[email protected]>
sub 4096R / 038BE8AA 2020-05-29 [Expiration date: 2022-05-29]
[ec2-user@ip-172-31-33-30 ~]$ gpg --list-secret-keys
/home/ec2-user/.gnupg/secring.gpg
---------------------------------
sec 4096R / 0C8FB274 2020-05-29 [Expiration date: 2022-05-29]
uid r_saiki <[email protected]>
ssb 4096R/038BE8AA 2020-05-29
File encryption
Encrypt the file.
Encryption: --encrypt or -e
Specify the recipient's public key information: --recipient or -r
[ec2-user@ip-172-31-33-30 ~]$ cat file
TEST
[ec2-user@ip-172-31-33-30 ~]$ gpg --encrypt --recipient [email protected] file
[ec2-user@ip-172-31-33-30 ~]$ ls
file file.gpg
File compound
Compound with pgp with encrypted file name.
[ec2-user@ip-172-31-33-30 ~]$ gpg file.gpg
To unlock the next user's private key
I need a passphrase: "r_saiki <[email protected]>"
4096-bit RSA key, ID 038BE8AA Creation date is 2020-05-29 (Primary key ID 0C8FB274)
gpg: 4096-bit RSA key, ID 038BE8AA, encrypted on date 2020-05-29
"r_saiki <[email protected]>"
The file "file" already exists. Do you want to overwrite it? (Y / N) y
[ec2-user@ip-172-31-33-30 ~]$ cat file
TEST
You will be asked for a passphrase on the way.
At the end
This time I only tried to encrypt and decrypt files. Fukahori seems to be short of breath before taking the lpic exam, so if you want to know more, refer to the following. [How to encrypt, decrypt, sign, and verify files with GPG](https://yu8mada.com/2018/04/03/how-to-encrypt-decrypt-sign-and-or-verify-files- in-gpg /)
Recommended Posts