document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-13 22:30:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

[translated] File encryption with GNU Privacy Guard

Browse Source
This commit is contained in:
zpl1025 2014-04-17 17:48:13 +08:00
parent b013ea9b5c
commit 07a4aaa6b0
2 changed files with 149 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
sources/tech/File encryption with GNU Privacy Guard.md
View File

@ -1,150 +0,0 @@
zpl1025 translating
File encryption with GNU Privacy Guard
================================================================================
Encryption ensures that files are stored in an encrypted form whether you are transmitting it over the Internet, backing it up on a server, carrying it on USB or on your laptop. Encrypting your data makes it unreadable to anyone but you or intended recipient, thus preventing unwanted access to it.
### GPG (GNU Privacy Guard) ###
GPG stands for GNU Privacy Guard. It is a key-based encryption method which means that a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a user receives a public and a private key pair from a certificate authority. Any other user who wants to send an encrypted message can get the intended recipient's public key from the public directory. They use this key to encrypt the message, and then send it to the recipient. When the recipient gets the message, they decrypt it with their private key, which no one else should have an access to.
### GPG gives you the public key and the private key. ###
A public key is a key that you share with the public. It can be given to anyone you wish to received encrypted messages from. They would encrypt the message with your public key. They cannot decrypt their own message after they encrypt it. Only you, who hold the private key, can decrypt the message. A private key is your own personal password. Your private key will be used to decrypt messages encrypted in your public key, If you give someone your private key he can decrypt and read all your messages written in your public key.
### Using GPG from the terminal ###
Today most Linux distributions include GPG by default. To find out if this is the case, open up a terminal and type:
$ gpg --version
You should get version number. If so, you don't need to do anything, if not you can install GPG from your distribution's repositories.
### Key Generation ###
To use GPG to encrypt your communications, you need to create a key pair. Launch your terminal and run the following command to get started:
$ gpg --gen-key
You will be prompted back with the following:
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
Select number 1, as it can be used for encryption and decryption, the second and third choices are only allowed to sign messages. To do so, press the number 1, and then press Enter.
You then will be prompted with the following:
1 DSA key-pair will have 1024 bits.
2 ELG-E keys may be between 1024 and 4096 bits long.
3 What key-size do you want? (2048)
You will want to enter "2048" here, as recommended by GPG. If you don't want your key to expire (for the next prompt, select 0). Answer Yes if the information is correct, when prompted, and then enter your real name, your email address, and a comment (which is optional). If everything is correct, press "o" (for OK) and then Enter.
After that, you will be asked to enter a pass-phrase. This process will be repeated. As usual, make a strong password which will be difficult to crack. Do not enter a name/address/birth date or word from a dictionary as your password.
After entering your pass-phrase, follow the instructions in the terminal: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disk) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
When you have successfully finished generating your key, you will see a message similar to the following one: gpg: key 083C39A4 marked as ultimately trusted. public and secret key created and signed.
### Key Servers ###
Key servers are used to distribute your public key to other key servers so that other users can easily look up your name (or the e-mail address) in the database and find your public key to send encrypted messages to you. This eliminates the process of physically or insecurely giving your friend your public key, and allows others to be able to find you on the on-line database.
Uploading your public key to the key server:
$ gpg --send-keys --keyserver [keyservers.address.com] [yourpublicid]
You should replace keyservers.address.com with key server of your choice (or use mit.edu which syncs it with other servers) also replace yourpublicid with yours. In the end it would look as follows:
$ gpg --send-keys --keyserver hkp://pgp.mit.edu 083C39A4
### To Encrypt a File ###
If you wish to encrypt a file for your friend with his public key, run the command in the following format:
$ gpg -o encrypted_file.gpg --encrypt -r key-id original.file
Explanation:
-o encrypted_file.gpg = Output to the following filename.
--encrypt = Encrypting a file
-r = Recipient. KEY-ID would be your friends KEY-ID here.
original.file = The file that you will be encrypting.
### To Decrypt a File ###
If someone has sent you a file that has been encrypted with your public key, you can decrypt it with following command:
$ gpg --decrypt filename.gpg
### Symmetric Encryption ###
With GPG you can do a symmetric encryption where you encrypt a file with a pass-phrase. This is not a key based encryption. In symmetric cryptography, the same key is used for both encryption and decryption. This approach is simpler in dealing with each message, but it is less secure since the key must be communicated to recipient. To encrypt a file with a pass-phrase, use:
$ gpg -c filename.txt
To decrypt this type of file, just use:
$ gpg filename.txt
You will be prompted for the pass-phrase and it will decrypt the file.
### Clearsign a Document ###
Clearsigning is very similar to adding your signature to the bottom of a letter or an important document. It signifies that it actually comes from you. By clearsigning, it generates a SHA1 hash of the entire file's contents and adds the SHA1 sum to the bottom of the signature. If the file has been tampered with, the signature verification will fail, which can be used to spot the forgery. If the user edits the file after it has been signed, the verification of the signature will also fail, because the SHA1 sum will not match the one of the actual content.
To clearsign a document or file, run the following:
$ gpg --clearsign filename.txt
### Generating Revocation Key ###
A revocation key is used to revoke your public key if your private key has been compromised in any way, or you suspect that it may be compromised. To create a revocation key, run the command:
$ gpg --output revoke.asc --gen-revoke keyid
Keep the revocation key in a safe place, anyone who gets a hold of it can use it to disable your key. (You could use symmetric encryption on your revocation file.)
### Tips for using GPG from terminal ###
To list the Keys you have imported into GPG, you can issue the following command:
$ gpg --list-keys
A list of the keys registered with your e-mail should appear (and since there should be only one, it will only list your key.) Then, you can obtain your KEY-ID and run the command above in order to submit it to the key servers.
To display the private or public keys on your key ring
$ gpg --list-public-keys # will list public keys
$ gpg --list-secret-keys # will lists private keys
### Importing Keys ###
$ gpg --import KEYFILE
Keyfile would be the filename of the public key in your home folder. (If it is not in your home folder, use the cd command to go to the proper directory first, and then run the above command.)
### Exporting your Public Key ###
To export your public key in the ASCII Armored fashion, run the following command:
$ gpg --export -a > publickey.asc
\* * * * *
### About Richard White ###
Richard is technology enthusiast, on more than one occasion he was called a geek, he is also the author of three books, his most recent, Privacy in Digital Era is forthcoming in hardcover in May 2014. He is also the head editor and the driving force behind Digital Era website. The purpose of Digital Era is to present and give resources and tools to achieve and maintain anonymity, security and privacy. Richard regularly writes about privacy related issues and is hard at work on The Art of CLI, a collection of command line, open-source software. For [more information][1] on GNU Privacy Guard works and how to use graphical front-ends to the GPG software, you can find further reading on White's Digital Era website.
--------------------------------------------------------------------------------
via: http://distrowatch.com/weekly.php?issue=20140407
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://digital-era.net/gpa-gnu-privacy-assistant/

149
translated/File encryption with GNU Privacy Guard.md Normal file
View File

@ -0,0 +1,149 @@
用GNU Privacy Guard加密文件
================================================================================
加密技术可以保证你的文件使用加密形式存储不管你是要把它公开到因特网备份到服务器用U盘携带还是保存在笔记本里。加密你的数据意味着除非是你认可的接收者其他人都不可以读取这样可以防止信息泄漏。
### GPG (GNU Privacy Guard) ###
GPG是GNU Privacy Guard的缩写。它是一种基于密钥的加密方式使用了一对密钥对消息进行加密和解密来保证消息的安全传输。一开始用户从数字证书认证机构获取一对公钥和私钥。任何其他想给该用户发送加密消息的用户需要先从证书机构的公共目录获取接收者的公钥然后用公钥加密信息再发送给接收者。当接收者收到加密消息后他可以用自己的私钥来解密而私钥是不应该被其他人拿到的。
### GPG gives you the public key and the private key. ###
公钥是你共享出来的一个公开密钥,它可以被发给任何你希望收到加密信息的人,他们可以使用你的公钥来加密信息。公钥本身不能用来解密自己加密过的信息,只有你自己,那个拥有对应私钥的人,能够解密。私钥是你自己的私人密码,可以用来解密用你的公钥加密过的信息。如果你把私钥泄漏给别人,那么他将可以解密并查看那些使用你的公钥加密过的信息。
### 在终端里使用GPG ###
如今大多数的Linux发行版都默认包含了GPG。想检查一下的话打开终端并输入
$ gpg --version
然后你应该看到版本。如果是这样的话你不需要做其他事情了。否则你需要从你的发行版软件仓库里安装GPG。
### 生成密钥 ###
想使用GPG来加密你的通讯你需要先创建一对密码。首先打开终端并运行下面的命令
$ gpg --gen-key
然后会有如下提示:
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
这里要选择数字1因为它可以用来加密和解密第二和第三个选项只能让你给信息签名。按下数字1然后按回车。
然后会有如下提示:
1 DSA key-pair will have 1024 bits.
2 ELG-E keys may be between 1024 and 4096 bits long.
3 What key-size do you want? (2048)
这里最好输入“2048”就像GPG推荐的那样。如果你不希望你的密钥过期的话在后面的提示里选择0。如果有提示说信息是否正确的话回答Yes然后输入你的真实名字email地址以及一个说明可选的。如果一切顺利按下“哦”对应着OK然后回车。
在这之后,会提示你输入一个密码,密码会要求重复输入一次。通常,请使用一个难于破解的加强密码,而不推荐用名字/地址/生日/单词等等来做密码。
在输好密码之后,请按照终端里的提示信息做:我们需要生成大量的随机数,建议您在生成素数的过程中做一下这些动作(敲击键盘,移动鼠标,读写硬盘),这样会让随机数生成器有机会获取更大的熵。
生成好密钥以后你应该会看到一条类似的提示信息gpg: key 083C39A4 marked as ultimately trusted. public and secret key created and signed.
### 密钥服务器 ###
密钥服务器是用来发布你的公钥并分发到其他密钥服务器这样其他用户可以轻松的根据你数据库中的名字或者e-mail地址来获取你的公钥并给你发送加密信息。这样可以避免把公钥直接拷贝给你的朋友的方式而让其他人直接通过在线数据库来找到你。
上传你的公钥到密钥服务器:
$ gpg --send-keys --keyserver [keyservers.address.com] [yourpublicid]
你需要把keyservers.address.com替换成你选择的服务器或者用mit.edu它会跟其他服务器做同步还需要把命令行中的yourpublicid替换成你的。最终执行的命令看上去会大概是下面这样子
$ gpg --send-keys --keyserver hkp://pgp.mit.edu 083C39A4
### 加密文件 ###
如果你想给你的朋友发送一个用他的公钥加密过的文件,可以用下面的命令:
$ gpg -o encrypted_file.gpg --encrypt -r key-id original.file
命令解释:
-o encrypted_file.gpg = 指定输出文件
--encrypt = 做加密
-r = 接收者的KEY-ID比如这里就填你朋友的KEY-ID。
original.file = 指定要加密的文件
### 解密文件 ###
如果有人给你发送了一个用你的公钥加密过的文件,你可以按下面的方式解密:
$ gpg --decrypt filename.gpg
### 对称加密 ###
你还可以使用GPG做对称加密来给文件加上一个密码。这种不同于公钥加密的方式在对称加密中同一个密钥用于加密和解密。这种方式在处理信息的时候会简单点但是保密性没那么好因为需要把密码告诉接收者。下面是用密码加密文件的命令
$ gpg -c filename.txt
解密这个文件,用下面的命令:
$ gpg filename.txt
然后,会提示你输入密码,之后就开始解密文件。
### 文档数字签名 ###
数字签名非常类似于你在信件或者重要文件的末尾签上自己的名字它表示这份文件确实是由你发出来的。通过数字签名它会计算整个文件内容的SHA1哈希值然后把这个值附加到签名末尾。如果文件内容被篡改签名的校验就会失败可以用来鉴定伪造。如果用户自己在签名后编辑了这份文件签名校验也会失败因为此时文件的SHA1哈希值已经和之前签名时不同了。
对一份文件做数字签名,运行下面的命令:
$ gpg --clearsign filename.txt
### 生成销毁密钥 ###
销毁密钥可以在你的私钥泄漏或者怀疑泄漏的时候,吊销你的公钥。使用下面的命令创建一个销毁密钥:
$ gpg --output revoke.asc --gen-revoke keyid
把销毁密钥保存到一个安全的地方,任何人都可以用它让你的密钥失效。(你可以用对称加密方式来加密你的销毁密钥文件。)
### 在终端里使用GPG的一些技巧 ###
通过下面的命令可以查看你已经导入的GPG密钥
$ gpg --list-keys
之后应该会列出来用你e-mail注册的密钥列表因为只会有一个密钥所以只会列出你的密钥然后你可以看到自己的KEY-ID就可以通过上文介绍的命令提交给密钥服务器。
显示你的密钥链中的私钥和公钥。
$ gpg --list-public-keys # 会列出来公钥
$ gpg --list-secret-keys # 会列出来私钥
### 导入密钥 ###
$ gpg --import KEYFILE
命令中的KEYFILE应该是需要导入的公钥文件名。如果文件不在主目录中使用cd命令切换到该文件的目录下再执行上面的命令
### 导出公钥到文件 ###
用下面的命令可以将你的公钥导出为ASCII格式
$ gpg --export -a > publickey.asc
\* * * * *
### 关于Richard White ###
Richard是一位技术爱好者在不止一个场合他还被称为极客。他还是三本书的作者最近的一本《数字时代的隐私》即将在2014年5月份出版精装本。他还是数字时代网站的主编和驱动者数字时代的目的是提供资源和工具来实现和维护匿名安全和隐私。Ricard经常写一些和隐私相关的文章最近忙着写《CLI艺术》收集开源的命令行软件。关于GNU Privacy Guard的[更多信息][1]以及如何使用GPG软件的图形界面工具你可以访问White的数字时代网站。
--------------------------------------------------------------------------------
via: http://distrowatch.com/weekly.php?issue=20140407
译者:[zpl1025](https://github.com/zpl1025) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://digital-era.net/gpa-gnu-privacy-assistant/