在 Debian / Ubuntu Linux 下, 要使用 gpg 來對檔案加密, 要怎麼做?
GPG 加密
- gpg -c docfile.txt # 預設使用 CAST5 加密 # 指定加密方式 gpg -c --cipher-algo AES256 docfile.txt
- 輸入兩次密碼 => 產出 docfile.txt.gpg (加密)
- rm docfile.txt # 記得將原始檔砍掉
GPG 解密
- gpg docfile.txt.gpg # 若有指定加密方式 gpg -d --cipher-algo aes256 docfile.txt.gpg
- 輸入密碼 => 產出 docfile.txt (解密)
您好,想請教現在我要指定其他對稱加密演算法,可以加上 --cipher-algo 指令,不過查Manual卻解釋不希望使用這個指令,因為會"違反OpenPGP standard",反而希望可以用--personal-cipher-preferences 指令來完成一樣的工作,請問這是什麼原因?
--cipher-algo name
Use name as cipher algorithm. Running the program with the command --version yields a list of supported algorithms. If this is not used the
cipher algorithm is selected from the preferences stored with the key. In general, you do not want to use this option as it allows you to
violate the OpenPGP standard. --personal-cipher-preferences is the safe way to accomplish the same thing.
--personal-cipher-preferences string
Set the list of personal cipher preferences to string. Use gpg --version to get a list of available algorithms, and use none to set no
preference at all. This allows the user to safely override the algorithm chosen by the recipient key preferences, as GPG will only select
an algorithm that is usable by all recipients. The most highly ranked cipher in this list is also used for the --symmetric encryption com‐
mand.
我不確定原因, 但是問題應該是這句:
If this is not used the cipher algorithm is selected from the preferences stored with the key.
大概意思是說, chipher algorithm 的 key 都是預設的? 所以建議搭配 --personal-cipher-preferences 修改 key 的 string. (我猜想是這樣子)
有錯在麻煩指正~ 謝謝. 🙂
做一個奇怪實驗。使用 openssl -aes256 加密一個檔案 , 用 gpg -d --cipher-algo AES256 來解密,可是得出來結果是 "找不到有效的 OpenPGP 資料",我的疑問是都是使用相同 AES256演算法加密,gpg 的工具會不認識此資料?
你試試看用 gpg 也用 aes256 加密看看,兩個檔案截然不同,我猜 gpg 不是只有單純對檔案加密而已~