GnuPG:如何使用某个密钥加密/解密文件? [英] GnuPG: How to encrypt/decrypt files using a certain key?
问题描述
长篇小说,我的问题是:如何在加密/解密文件时强制GnuPG哪个私钥/公钥使用?
Long story short, my question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?
我有一个应用程序必须在将文件发送到S3之前进行加密。
I have an application that must encrypt files before sending them to S3.
用户可以使用浏览器从我的网站下载他们的文件,在这种情况下,我必须首先解密文件。
Users can download their files using their browsers from my website, in which case I must first decrypt the files before serving them.
客户端( delphi 2010 ):我最有可能选择 OpenPGPBlackbox
Client side (delphi 2010): I'm most likely going to opt for OpenPGPBlackbox
服务器端(PHP 5),我需要弄清楚如何使用非交互式命令加密/解密文件。
Server side (PHP 5), I need to figure out how to encrypt/decrypt files with non-interactive commands.
我在我的服务器上安装了GnuPG,尝试了这个代码:
I installed GnuPG on my server, tried this code:
clear_file='/full/path/my-file.zip'
encrypted_file='/full/path/my-file.zip.pgp'
# Encrypt file
/usr/bin/gpg2 --encrypt "$clear_file"
# Decrypt file
/usr/bin/gpg2 --decrypt "$encrypted_file"
但是似乎我不能在命令行中指定要使用哪些键。
But it seems that I can't specify, in the commandline, which keys to use.
每个用户都有自己的公钥/私钥,所以我需要可以指定用于加密/解密该文件的密钥。
Each user will have its own public/private key, so I need to be able to specify which key to use to encrypt/decrypt the file in question.
我的问题是:如何强制GnuPG哪个/ p>
My question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?
推荐答案
您要查找的选项是:
--default-key $name$
Use $name$ as the default key to sign with. If this option is not used, the default key is
the first key found in the secret keyring. Note that -u or --local-user overrides this
option.
--local-user $name$
-u Use $name$ as the key to sign with. Note that this option overrides --default-key.
或可能:
--recipient $name$
-r Encrypt for user id $name$. If this option or --hidden-recipient is not specified,
GnuPG asks for the user-id unless --default-recipient is given.
--default-recipient $name$
Use $name$ as default recipient if option --recipient is not used and don't ask if
this is a valid one. $name$ must be non-empty.
这些可用于指定谁是预期的收件人,例如哪个公钥用于签名/加密。解密文件GnuPG会自动选择正确的密钥,如果它存在于当前的密钥环中,可以使用 - keyring
选项来选择,如果存在多个密钥。 GnuPG也可以配置为从密钥服务器获取必需的密钥,如果它们在那里可用。
These can be used to specify who is the intended recipient, e.g. which public key to use for signing/encryption. When decrypting the files GnuPG automatically selects correct key if it exists in the current keyring, which can be selected with --keyring
option, if multiple exist. GnuPG can be also configured to fetch necessary keys from a keyserver if they are available there.
您可能还对选项 - 批次
,这确保在呕吐期间不会问互动问题。
You might be also interested in option --batch
which makes sure that no interactive questions are asked during excecution.
我建议您阅读GnuPG手册页。有很多选项可能现在有用,然后。
I suggest you read through the GnuPG man page. There are lot of options that might be useful now and then.
这篇关于GnuPG:如何使用某个密钥加密/解密文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!