[LINUX] Encryption / decryption with GPG command

I first learned about GPG commands while learning LPIC102, so I decided to actually use them to deepen my understanding.


[ec2-user@ip-172-31-33-30 ~]$ cat /etc/os-release
NAME="Amazon Linux"
ID_LIKE="centos rhel fedora"
PRETTY_NAME="Amazon Linux 2"

Creating a key pair

Create a key pair interactively with the gpg --gen-key command as follows: Key type: Leave default Key length: The longer the key length, the stronger the security, so keep it at maximum. Key validity period: When the key is leaked, it becomes invalid after the expiration date, so set it.

[ec2-user@ip-172-31-33-30 ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

 Select the key type you want:
 (1) RSA and RSA (default)
 (2) DSA and Elgamal
 (3) DSA (signature only)
 (4) RSA (signature only)
 What is your choice? 1
 RSA keys can be 1024 to 4096 bits in length.
 What is the key length? (2048) 4096
 The requested key length is 4096 bits
 Please specify the expiration date of the key.
 0 = key is indefinite
 <n> = Key expires in n days
 <n> w = Key expires in n weeks
 <n> m = key expires in n months
 <n> y = key expires in n years
 How long is the key valid? (0) 2y
 The key will expire on May 29, 2022 at 03:48:32 UTC
 Is this correct? (Y / N) y

 GnuPG needs to configure a user ID to identify your key.

 Real name: r_saiki
 Email address: [email protected]
 You have selected the following user ID:
    "r_saiki <[email protected]>"

 Change name (N), comment (C), email (E), or OK (O) or end (Q)? O
 You will need a passphrase to protect your private key.

You will be asked for a passphrase. image.png

Confirmation of the created key. Public key verification options: --list-public-keys or -k Private key verification options: --list-secret-keys or -K

[ec2-user@ip-172-31-33-30 ~]$ gpg --list-public-keys
 pub 4096R / 0C8FB274 2020-05-29 [Expiration date: 2022-05-29]
uid                  r_saiki <[email protected]>
 sub 4096R / 038BE8AA 2020-05-29 [Expiration date: 2022-05-29]

[ec2-user@ip-172-31-33-30 ~]$ gpg --list-secret-keys
 sec 4096R / 0C8FB274 2020-05-29 [Expiration date: 2022-05-29]
uid                  r_saiki <[email protected]>
ssb   4096R/038BE8AA 2020-05-29

File encryption

Encrypt the file. Encryption: --encrypt or -e Specify the recipient's public key information: --recipient or -r

[ec2-user@ip-172-31-33-30 ~]$ cat file

[ec2-user@ip-172-31-33-30 ~]$ gpg --encrypt --recipient [email protected] file
[ec2-user@ip-172-31-33-30 ~]$ ls
file  file.gpg

File compound

Compound with pgp with encrypted file name.

[ec2-user@ip-172-31-33-30 ~]$ gpg file.gpg

 To unlock the next user's private key
 I need a passphrase: "r_saiki <[email protected]>"
 4096-bit RSA key, ID 038BE8AA Creation date is 2020-05-29 (Primary key ID 0C8FB274)

 gpg: 4096-bit RSA key, ID 038BE8AA, encrypted on date 2020-05-29
      "r_saiki <[email protected]>"
 The file "file" already exists. Do you want to overwrite it? (Y / N) y
[ec2-user@ip-172-31-33-30 ~]$ cat file

You will be asked for a passphrase on the way. image.png

At the end

This time I only tried to encrypt and decrypt files. Fukahori seems to be short of breath before taking the lpic exam, so if you want to know more, refer to the following. [How to encrypt, decrypt, sign, and verify files with GPG](https://yu8mada.com/2018/04/03/how-to-encrypt-decrypt-sign-and-or-verify-files- in-gpg /)

Recommended Posts

Encryption / decryption with GPG command
Encryption and decryption with Python
pycrypto encryption and decryption
Do AES encryption with DJango
Try encryption / decryption using OpenSSL key with Python3 pow function
Estimate the attitude of AR markers with Python + OpenCV + drone
Encryption / decryption with GPG command
Slice notation with command line options
[Linux] OS recovery with restore command
Run scripts with Django's admin command
AES-CBC encryption and decryption Node.js version with Python will also be added.