Although I had heard of PGP before, I had never actually used it until recently when I delved a bit deeper into it. I've made some notes to share with those who might be interested.

GPG and PGP have some differences. Both GPG (GNU Privacy Guard) and PGP (Pretty Good Privacy) are encryption technologies used for data encryption and digital signatures to ensure information security and identity verification. The main difference is that GPG is a free and open-source alternative to PGP, following the OpenPGP standard, while PGP was originally proprietary and is now maintained by Symantec.

Main Uses:

Signing texts or files to ensure the sender's identity is genuine and prevent tampering.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

给这段话签名,是为了证明该文本是由JDZHAO在5月4日发布的。
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTLEr80LL/GAfzwNHsGlwnp1It2awUCZjUMzwAKCRAGlwnp1It2
a6QeAQCJ1sLAeb8XjvGU18cGHiRY8MqdHytJQrACw4uyA4ex/AD+IKgQmHqTdNaG
vOq5eGk3UPSqxKyqCAfPexXGm7xIKL8=
=TGfV
-----END PGP SIGNATURE-----

At this point, if you have saved my public key, you can right-click to select all of this text, choose "Verify signature," and a "trusted signature" message will pop up. The process is the same for file operations.
GPG签名

encrypt or decrypt

As shown, if you need to encrypt text, simply enter the text you want to encrypt into any text editor, and then select "encrypt selection."

GPG加密解密

It's important to note that your signature must have a "recipient." For example, if you download the blogger's public key, then select the blogger as the recipient and encrypt using your private key, the blogger can then decrypt the message using their private key and see it. Therefore, this process can't be demonstrated here. If anyone wants to try it, you can download the blogger's GPG public key, encrypt a message for the blogger, and post the encrypted text in the comments section. The blogger will then be able to reply to you with the decrypted information.

II. What software to use

The blogger uses GPG Suite, which can be downloaded from https://gpgtools.org. Please try others on your own. https://gpgtools.org 即可。其他的请大家自己尝试。

III. Points to note

There are several important points to be aware of, as mistakes can cause significant issues.

When creating a private key with GPG Suite, it automatically generates a subkey for encryption and decryption. Therefore, be careful not to accidentally delete your subkey if it's in use, as this will prevent you from accessing previous information.

It is recommended to create two subkeys: one subkey for signing, using DSA encryption, which is more suitable for web publication due to the friendly length of the signature; and another subkey for encryption and decryption. The reasons are as follows:

Choosing between RSA and DSA depends on your specific needs and environment. Here are some considerations:

  1. 密钥长度和性能Key Length and Performance: RSA key lengths are generally longer than DSA keys, which may lead to higher computational resource consumption during encryption and decryption. If you need higher performance for encryption operations, consider using DSA. However, note that key length is directly related to security; the longer the key, the more difficult it is to crack.
  2. 支持性Support: RSA is more widely supported as an encryption algorithm, with many encryption libraries and software providing support for RSA. Support for DSA is relatively less. If you need to interact with different systems or software, RSA might be a better choice.
  3. 安全性Security: Both RSA and DSA are widely accepted as secure algorithms, but there might be some differences in specific situations. Generally, RSA might be more susceptible to certain attacks when the key lengths are equal, so consider your security environment and security requirements when choosing an algorithm.
  4. 签名性能Signature Performance: DSA is typically faster at generating and verifying signatures than RSA. If your application requires frequent signing operations, DSA might be more preferable.

If you are more concerned with performance and shorter key lengths, DSA might be more suitable. However, if you need broader support, higher security, or more flexibility in key length, RSA might be the better choice.

Public keys need to be published so that those who wish to communicate with you can download and use them.https://keys.openpgp.org Therefore, it is best to configure your GPG private key before exporting and publishing your public key. GPG Suite also offers a publication service at https://keys.openpgp.org, where the main ID is an email address, and publication only proceeds after email verification, which is reliable, though I have not used it. You might consider publishing your public key on your own website or GitHub for convenience. https://key.jdzhao.comhttps://github.com/zhaojundong/me

There are also options like Yubico for importing hardware keys. I tried Yubico 5, but found it inconvenient, and the two I bought were not USB Type-C, which is not compatible with newer laptops that lack a Type-A port. So, I decided not to complicate things further.

If you want to use it for signing on GITHUB, the email associated with your public key needs to match your GitHub email. GPG can add multiple USER IDs (i.e., multiple emails), and GitHub also requires verification for multiple emails, so avoid adding too many.

GITHUB签名

Signing or encrypting messages has strict format requirements. If you are publishing on a web page, please pay attention to the layout. For example, I use "code" mode or the

 tag.

Comments (5)

  1. Reply

    博主的笔记本应该是轻薄本吧,近几年轻薄本都有不断缩减a口的趋势。
    其实用硬件密钥给我带来的便利更多的是在签名和认证中,加密我倒是用的很少,例如在其他电脑上进行ssh登录,git commit签名,fido免密登录或者2fa。因为我的密码基本上都是保存在keepass密码库内并且长度均为16+以上,要是手动输入简直就是一场灾难

    • Reply

      我用的是enpass,原来打折的时候买的,就一直用下来了
      加密我只是弄着把玩一下,因为突然觉得非常有趣
      哈哈~

      • Reply

        我主要是觉得keepass方便,就一个文件,不用部署任何服务,迁移方便,同步也只需要一个webdav即可,扔在onedrive上都行

        • Reply
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA256
          
          enpass也是差不多的
          我以前也用过一段时间Keepass,因为跨平台很方便
          然后换成lastpass,后来觉得联网不安全
          就又换成enpass了,同步也在onedrive
          偶尔导一个到icloud备份一个
          -----BEGIN PGP SIGNATURE-----
          
          iHUEAREIAB0WIQTLEr80LL/GAfzwNHsGlwnp1It2awUCZjZSOgAKCRAGlwnp1It2
          a8KuAP9N0tT6TZzxuvWQA9iXK/tlXC/POU2i8x7g9iFpUNJHdQD/aatWGFsCO7pU
          EbuEIrCWquM/GW6AdOKqJyhdJDxpoT4=
          =Vz59
          -----END PGP SIGNATURE-----
          
        • Reply
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA256
          
          不加Pre标签不行呢
          刚刚没加pre标签,用签名回复你,格式肉眼不可见的变化一点
          就verify不了签名了
          -----BEGIN PGP SIGNATURE-----
          
          iHUEAREIAB0WIQTLEr80LL/GAfzwNHsGlwnp1It2awUCZjZS1QAKCRAGlwnp1It2
          axLjAQCR9aC614vffbgwUFQyqcZShQCSlL8ywNe+KvaY2K6S7AD/YS3PTRa+TPa7
          YhDctSVnvkDVY5Z2F8ZZ0hppEitWIG0=
          =pGBw
          -----END PGP SIGNATURE-----
          

Leave a comment

Your email address will not be published. Required fields are marked *

en_USEN