使用 gpg 对Linux下的文件加密

其实蛮简单的，Linux原生就有gpg命令。

gpg表示GNU Privacy Guard。PGP表示Pretty Good Privacy。有点绕，别搞混。

gpg 是 GNU Privacy Guard (GnuPG) 的 OpenPGP（Pretty Good Privacy）部分。 它是一个使用 OpenPGP 标准提供数字加密和签名服务的工具。 gpg 具有完整的密钥管理功能以及您期望从完整的 OpenPGP 实现中获得的所有功能。

简单来说，gpg的加密使用-c选项，解密生成文件不带选项，解密输出到stdout使用-d选项。

例如，加密过程如下。期间需要输入两次口令。这个口令后续解密时会用到。

$ echo "encryption test" > test.txt

$ gpg -c test.txt

                                                   lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
                                                   x Please re-enter this passphrase                     x
                                                   x                                                     x
                                                   x Passphrase *********_______________________________ x
                                                   x                                                     x
                                                   x       <OK>                             <Cancel>     x
                                                   mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

                                                   lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
                                                   x Please re-enter this passphrase                     x
                                                   x                                                     x
                                                   x Passphrase *********_______________________________ x
                                                   x                                                     x
                                                   x       <OK>                             <Cancel>     x
                                                   mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

源文件没有影响，生成了新的加密文件：

$ ls test*
test.txt  test.txt.gpg

$ file test.txt
test.txt: ASCII text

$ file test.txt.gpg
test.txt.gpg: data
1
2
3
4
5
6
7
8

解密到stdout：

$ gpg -d test.txt.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
encryption test
gpg: WARNING: message was not integrity protected
1
2
3
4
5

解密到文件：

$ gpg test.txt.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
File `test.txt' exists. Overwrite? (y/N) y
gpg: WARNING: message was not integrity protected

$ cat test.txt
encryption test
1
2
3
4
5
6
7
8

对于目录的加解密可以用gpg-zip。或者先tar后再对tar文件加密。

参考

• File encryption and decryption made easy with GPG
• Getting started with GPG (GnuPG)
• Encrypting and decrypting archives with 7-Zip