Merge pull request #6481 from lujun9972/add-MjAxNzEwMjQgSG93IHRvIEVuY3J5cHQgYW5kIERlY3J5cHQgSW5kaXZpZHVhbCBGaWxlcyBXaXRoIEdQRy5tZAo=

选题并翻译完成https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gpg
This commit is contained in:
Xingyu.Wang 2017-12-05 23:31:56 +08:00 committed by GitHub
commit 7bb59ff92e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 137 additions and 145 deletions

View File

@ -1,145 +0,0 @@
translating by lujun9972
How to Encrypt and Decrypt Individual Files With GPG
------
### Objective
Encrypt individual files with GPG.
### Distributions
This will work with any Linux distribution.
### Requirements
A working Linux install with GPG installed or root privileges to install it.
### Difficulty
Easy
### Conventions
* # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command
* $ - given command to be executed as a regular non-privileged user
### Introduction
Encryption is important. It's absolutely vital to protecting sensitive information. Your personal files are worth encrypting, and GPG provides the perfect solution.
### Install GPG
GPG is a widely used piece of software. You can find it in nearly every distribution's repositories. If you don't have it already, install it on your computer.
### Debian/Ubuntu
```
$ sudo apt install gnupg
```
```
# dnf install gnupg2
```
```
# pacman -S gnupg
```
```
# emerge --ask app-crypt/gnupg
```
You need a key pair to be able to encrypt and decrypt files. If you already have a key pair that you generated for SSH, you can actually use those here. If not, GPG includes a utility to generate them.
```
$ gpg --full-generate-key
```
The first thing GPG will ask for is the type of key. Use the default, if there isn't anything specific that you need.
The next thing that you'll need to set is the key size.
`4096`
is probably best.
After that, you can set an expiration date. Set it to
`0`
if you want the key to be permanent.
Then, it will ask you for your name.
Finally, it asks for your email address.
You can add a comment if you need to too.
When it has everything, GPG will ask you to verify the information.
GPG will ask if you want a password for your key. This is optional, but adds a degree of protection. As it's doing that, GPG will collect entropy from your actions to increase the strength of your key. When it's done, GPG will print out the information pertaining to the key you just created.
### Basic Encryption
Now that you have your key, encrypting files is very easy. Create a blank text file in your
`/tmp`
directory to practice with.
```
$ touch /tmp/test.txt
```
`-e`
flag tells GPG that you'll be encrypting a file, and the
`-r`
flag specifies a recipient.
```
$ gpg -e -r "Your Name" /tmp/test.txt
```
### Basic Decryption
You have an encrypted file. Try decrypting it. You don't need to specify any keys. That information is encoded with the file. GPG will try the keys that it has to decrypt it.
```
$ gpg -d /tmp/test.txt.gpg
```
Say you
_do_
need to send the file. You need to have the recipient's public key. How you get that from them is up to you. You can ask them to send it to you, or it may be publicly available on a keyserver.
Once you have it, import the key into GPG.
```
$ gpg --import yourfriends.key
```
```
gpg --export -a "Your Name" > your.key
```
```
$ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt
```
That's mostly it. There are some more advanced options available, but you won't need them ninety-nine percent of the time. GPG is that easy to use. You can also use the key pair that you created to send and receive encrypted email in much the same way as this, though most email clients automate the process once they have the keys.
--------------------------------------------------------------------------------
via: https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gpg
作者:[Nick Congleton][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://linuxconfig.org

View File

@ -0,0 +1,137 @@
如何使用 GPG 加解密文件
------
### 目标
使用 GPG 加密文件
### 发行版
适用于任何发行版
### 要求
安装了 GPG 的 Linux 或者拥有 root 权限来安装它。
### 难度
简单
### 约定
* # - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令
* $ - 可以使用普通用户来执行指定命令
### 介绍
加密非常重要。它对于保护敏感信息来说是必不可少的。
你的私人文件应该要被加密,而 GPG 提供了很好的解决方案。
### 安装 GPG
GPG 的使用非常广泛。你在几乎每个发行版的仓库中都能找到它。
如果你还没有安装它,那现在就来安装一下吧。
#### Debian/Ubuntu
```shell
$ sudo apt install gnupg
```
#### Fedora
```shell
# dnf install gnupg2
```
#### Arch
```shell
# pacman -S gnupg
```
#### Gentoo
```shell
# emerge --ask app-crypt/gnupg
```
### Create a Key
你需要一个密钥对来加解密文件。如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它。
如果没有GPG 包含工具来生成密钥对。
```shell
$ gpg --full-generate-key
```
GPG 有一个命令行程序帮你一步一步的生成密钥。它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具。
GPG 首先会询问你密钥的类型。没什么特别的话选择默认值就好。
下一步需要设置密钥长度。`4096` 是一个不错的选择。
之后,可以设置过期的日期。 如果希望密钥永不过期则设置为 `0`
然后,输入你的名称。
最后,输入电子邮件地址。
如果你需要的话,还能添加一个注释。
所有这些都完成后GPG 会让你校验一下这些信息。
GPG 还会问你是否需要为密钥设置密码。这一步是可选的, 但是会增加保护的程度。
若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性。 所有这些都完成后, GPG 会显示密钥相关的信息。
### 加密的基本方法
现在你拥有了自己的密钥,加密文件非常简单。 使用虾米那命令在 `/tmp` 目录中创建一个空白文本文件。
```shell
$ touch /tmp/test.txt
```
然后用 GPG 来加密它。这里 `-e` 标志告诉 GPG 你想要加密文件, `-r` 标志指定接收者。
```shell
$ gpg -e -r "Your Name" /tmp/test.txt
```
GPG 需要知道这个文件的接收者和发送者。由于这个文件给是你的,因此无需指定发送者,而接收者就是你自己。
### 解密的基本方法
你收到加密文件后,就需要对它进行解密。 你无需指定解密用的密钥。 这个信息被编码在文件中。 GPG 会尝试用其中的密钥进行解密。
```shel
$ gpg -d /tmp/test.txt.gpg
```
### 发送文件
假设你需要发送文件给别人。你需要有接收者的公钥。 具体怎么获得密钥由你自己决定。 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取。
收到对方公钥后,导入公钥到 GPG 中。
```shell
$ gpg --import yourfriends.key
```
这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息。
记住,为了让别人能解密你的文件,别人也需要你的公钥。 因此导出公钥并将之发送出去。
```shell
gpg --export -a "Your Name" > your.key
```
现在可以开始加密要发送的文件了。它跟之前的步骤差不多, 只是需要指定你自己为发送人。
```
$ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt
```
### 结语
就这样了。GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项。 GPG 就是这么易于使用。
你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作。
--------------------------------------------------------------------------------
via: https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gpg
作者:[Nick Congleton][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者 ID](https://github.com/校对者 ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux 中国](https://linux.cn/) 荣誉推出
[a]:https://linuxconfig.org