GnuPG：如何使用某个密钥加密/解密文件？ [英] GnuPG: How to encrypt/decrypt files using a certain key?

问题描述

长篇小说，我的问题是：如何在加密/解密文件时强制GnuPG哪个私钥/公钥使用？

Long story short, my question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?

我有一个应用程序必须在将文件发送到S3之前进行加密。

I have an application that must encrypt files before sending them to S3.

用户可以使用浏览器从我的网站下载他们的文件，在这种情况下，我必须首先解密文件。

Users can download their files using their browsers from my website, in which case I must first decrypt the files before serving them.

客户端（ delphi 2010 ）：我最有可能选择 OpenPGPBlackbox

Client side (delphi 2010): I'm most likely going to opt for OpenPGPBlackbox

服务器端（PHP 5），我需要弄清楚如何使用非交互式命令加密/解密文件。

Server side (PHP 5), I need to figure out how to encrypt/decrypt files with non-interactive commands.

我在我的服务器上安装了GnuPG，尝试了这个代码：

I installed GnuPG on my server, tried this code:

clear_file='/full/path/my-file.zip'
encrypted_file='/full/path/my-file.zip.pgp'

# Encrypt file
/usr/bin/gpg2 --encrypt "$clear_file"

# Decrypt file
/usr/bin/gpg2 --decrypt "$encrypted_file"

但是似乎我不能在命令行中指定要使用哪些键。

But it seems that I can't specify, in the commandline, which keys to use.

每个用户都有自己的公钥/私钥，所以我需要可以指定用于加密/解密该文件的密钥。

Each user will have its own public/private key, so I need to be able to specify which key to use to encrypt/decrypt the file in question.

我的问题是：如何强制GnuPG哪个/ p>

My question is: How can I force GnuPG which private/public key to use when encrypting/decrypting files?

推荐答案

您要查找的选项是：

--default-key $name$
          Use $name$ as the default key to sign with. If this option is not used, the default key is
          the first key found in the secret keyring.  Note that -u or --local-user overrides  this
          option.
--local-user $name$
   -u     Use  $name$  as  the  key  to sign with. Note that this option overrides --default-key.

或可能：

--recipient $name$
   -r     Encrypt for user id $name$. If this option or --hidden-recipient is not specified, 
          GnuPG asks for the  user-id unless --default-recipient is given.
--default-recipient $name$
          Use  $name$  as default recipient if option --recipient is not used and don't ask if 
          this  is a  valid  one. $name$ must be non-empty.

这些可用于指定谁是预期的收件人，例如哪个公钥用于签名/加密。解密文件GnuPG会自动选择正确的密钥，如果它存在于当前的密钥环中，可以使用 - keyring 选项来选择，如果存在多个密钥。 GnuPG也可以配置为从密钥服务器获取必需的密钥，如果它们在那里可用。

These can be used to specify who is the intended recipient, e.g. which public key to use for signing/encryption. When decrypting the files GnuPG automatically selects correct key if it exists in the current keyring, which can be selected with --keyring option, if multiple exist. GnuPG can be also configured to fetch necessary keys from a keyserver if they are available there.

您可能还对选项 - 批次，这确保在呕吐期间不会问互动问题。

You might be also interested in option --batch which makes sure that no interactive questions are asked during excecution.

我建议您阅读GnuPG手册页。有很多选项可能现在有用，然后。

I suggest you read through the GnuPG man page. There are lot of options that might be useful now and then.

这篇关于GnuPG：如何使用某个密钥加密/解密文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！