Linux Comm Gpg
[ Linux Command Manual](#)
* * *
GPG (GNU Privacy Guard) is an OpenPGP standard implementation tool developed by the GNU project, used for encrypting and decrypting data as well as creating and verifying digital signatures. It is an open-source alternative to PGP (Pretty Good Privacy), widely used in scenarios such as file encryption, email security protection, and software package signature verification.
* * *
## Basic Syntax Structure
The basic syntax format of the gpg command is as follows:
gpg
### Main Components:
* **Options**: Various parameters that control GPG behavior
* **Command**: Specifies the type of operation to perform
* **Filename**: The file to be processed (optional)
* * *
## Common Command Parameters
### Key Management
| Parameter | Description |
| --- | --- |
| `--gen-key` | Generate a new key pair |
| `--list-keys` | List all public keys |
| `--list-secret-keys` | List all private keys |
| `--delete-key` | Delete a public key |
| `--delete-secret-key` | Delete a private key |
| `--import` | Import a key |
| `--export` | Export a key |
### Encryption/Decryption Operations
| Parameter | Description |
| --- | --- |
| `--encrypt` (-e) | Encrypt a file |
| `--decrypt` (-d) | Decrypt a file |
| `--sign` (-s) | Create a signature |
| `--verify` | Verify a signature |
| `--armor` (-a) | Generate ASCII format output |
### Other Common Options
| Parameter | Description |
| --- | --- |
| `--recipient` (-r) | Specify recipient key |
| `--output` (-o) | Specify output file |
| `--passphrase` | Specify passphrase |
* * *
## Practical Application Examples
### 1. Generate a Key Pair
gpg --gen-key
After execution, it will interactively ask for:
1. Key type (usually select default RSA and RSA)
2. Key length (recommended 4096 bits)
3. Key expiration time
4. User identity information (name and email)
5. Passphrase
### 2. Encrypt a File
gpg --encrypt --recipient alice@example.com --output secret.txt.gpg secret.txt
* `--recipient` specifies the recipient's public key (identified by email)
* `--output` specifies the encrypted output file
* The last parameter is the original file to be encrypted
### 3. Decrypt a File
gpg --decrypt --output plain.txt secret.txt.gpg
The system will prompt for the private key passphrase
### 4. Create and Verify Signatures
Create a signature:
gpg --sign --output document.sig document.txt
Verify a signature:
gpg --verify document.sig document.txt
### 5. Export Public Key
gpg --armor --export alice@example.com > alice.pub.asc
The `--armor` option generates an ASCII format public key file
* * *
## Key Management Practice
### Keyring Operation Flow
!(#)
### Key Trust Relationship Setting
1. Import someone else's public key:
gpg --import bob.pub.asc
2. Verify key fingerprint:
gpg --fingerprint bob@example.com
3. Sign the key to establish trust:
gpg --sign-key bob@example.com
* * *
## Frequently Asked Questions
### 1. How to avoid entering the password every time when decrypting?
Use gpg-agent to cache the password:
gpg --use-agent --decrypt file.gpg
### 2. How to revoke a lost key?
1. Generate a revocation certificate:
gpg --gen-revoke your@email.com > revoke.asc
2. Publish the revocation certificate:
gpg --import revoke.asc
### 3. Best practices for encrypting large files?
Use symmetric encryption combined with asymmetric encryption:
gpg --symmetric --cipher-algo AES256 largefile.iso
* * *
## Security Notes
1. **Private Key Protection**: Private key files should be properly safeguarded, and a strong passphrase is recommended
2. **Key Backup**: Regularly back up keyrings and revocation certificates
3. **Algorithm Selection**: It is recommended to use strong encryption algorithms such as AES-256 and RSA-4096
4. **Key Expiration**: Set a reasonable key validity period and update regularly
5. **Metadata Leakage**: Do not retain filenames and other metadata when encrypting; you can use the `--throw-keyids` option
By mastering the gpg command, you can effectively protect the security of sensitive data and achieve secure file transfer and identity verification. It is recommended to familiarize yourself with various operations in a test environment before actual use.
* * Linux Command Manual](#)
YouTip