RHEL6 通过GPG加密文件

本文发布时间: 2019-Mar-21
RHEL6 通过GPG加密文件系统环境: rhel6.0-x86_64 iptables and selinux offserver:192.168.1.3 192.168.1.5公钥加密:使用一对匹配的加密密钥、公钥和私钥进行加密。也称为非对称加密。公钥:向希望与私钥所有者进行保密通信的任何人提供加密密钥(匹配密钥对中的公钥)。通过公钥加密 的任何内容只可以通过私钥进行解密。私钥:所有者私密持有的加密密钥(匹配密钥对中的私钥)。具有匹配公钥的任何人均可以解密通过私钥加密的内容。通过私钥加密的消息不属于秘密,但是匹配公钥持有人可以验证消息是否来自私钥的持有人。 这是有效的数字签名####创建密钥对[root@server3 ~]# gpg --gen-key #为用户生成新密钥时。您将被要求提供:密钥类型(默认为 RSA/RSA ) ; 密钥长度(以位为单位,越长越强);名称、电子邮件、标记密钥所有者的注释;密码短语(必须提供,如果私钥被盗,将无法使用)gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.gpg: directory `/root/.gnupg' createdgpg: new configuration file `/root/.gnupg/gpg.conf' createdgpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this rungpg: keyring `/root/.gnupg/secring.gpg' createdgpg: keyring `/root/.gnupg/pubring.gpg' createdPlease select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only)Your selection? enter #RSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048)Requested keysize is 2048 bitsPlease specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearsKey is valid for? (0) enter #Key does not expire at allIs this correct? (y/N) y #GnuPG needs to construct a user ID to identify your key.Real name: yungho #Email address: [email protected] #Comment:You selected this USER-ID: "yungho <[email protected]>"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O #You need a Passphrase to protect your secret key.can't connect to `/root/.gnupg/S.gpg-agent': No such file or directorygpg-agent[8155]: directory `/root/.gnupg/private-keys-v1.d' created #此时弹出图形框We need to generate a lot of random bytes. It is a good idea to perform #输入并验证密钥some other action (type on the keyboard, move the mouse, utilize the #disks) during the prime generation; this gives the random number #generator a better chance to gain enough entropy.We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.gpg: /root/.gnupg/trustdb.gpg: trustdb createdgpg: key 79BBC3EE marked as ultimately trustedpublic and secret key created and signed.gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1upub 2048R/79BBC3EE 2012-05-31 #公钥ID,后面将会用到 Key fingerprint = E5BF 5212 E208 F9A0 C7E2 427D 6479 A072 79BB C3EEuid linux <[email protected]>sub 2048R/914D5351 2012-05-31####列出公钥[root@server3 ~]# gpg –list-keys #列出所有拥有的公钥(自己的公钥及从与之通信的人那里导入的公钥)####导出公钥你与合作伙伴共享[root@server3 ~]# gpg -a -o ~/pub.key --export 79BBC3EE #8位16进制公钥ID,在pub后面.将公钥导出至文件以便其他人使用,--armor(-a)以文本形式.key-id是电子邮件地址或--list-keys的pub行中的八位16进制####将导出的公钥拷贝到合作伙伴上输出[root@server3 ~]# scp pub.key 192.168.1.5: #####导入合作伙伴拷贝过来的公钥[root@server5 ~]# gpg --import pub.key #从发给你的密钥文件中导入其他人的公钥gpg: directory `/root/.gnupg' createdgpg: new configuration file `/root/.gnupg/gpg.conf' createdgpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this rungpg: keyring `/root/.gnupg/secring.gpg' createdgpg: keyring `/root/.gnupg/pubring.gpg' createdgpg: /root/.gnupg/trustdb.gpg: trustdb createdgpg: key 79BBC3EE: public key "linux <[email protected]>" importedgpg: Total number processed: 1gpg: imported: 1 (RSA: 1)####创建一个文本测试[root@server5 ~]# echo `hostname` > encrypt.txt #####用导入的公钥进行加密[root@server5 ~]# gpg --encrypt --armor -r 79BBC3EE encrypt.txt #用key-id加密文件内容,如果未提供-r key-id,命令将提示收件人输入,加密后文件为file.ascgpg: 914D5351: There is no assurance this key belongs to the named userpub 2048R/914D5351 2012-05-31 linux <[email protected]>Primary key fingerprint: E5BF 5212 E208 F9A0 C7E2 427D 6479 A072 79BB C3EE Subkey fingerprint: 6806 38EC 2D12 1C1F 22F5 F6D1 49D8 775D 914D 5351It is NOT certain that the key belongs to the person namedin the user ID. If you *really* know what you are doing,you may answer the next question with yes.Use this key anyway? (y/N) y####将加密的文件拷贝到合作伙伴server3[root@server5 ~]# scp encrypt.txt.asc 192.168.1.3: #用你的私钥之一解密用公钥加密的文件####解密合作伙伴用公钥加密的文件[root@server3 ~]# gpg --decrypt encrypt.txt.asc #You need a passphrase to unlock the secret key for #此处弹出图形框,要求输入前面设定的密码短语user: "linux <[email protected]>"2048-bit RSA key, ID 914D5351, created 2012-05-31 (main key ID 79BBC3EE)can't connect to `/root/.gnupg/S.gpg-agent': No such file or directorygpg: encrypted with 2048-bit RSA key, ID 914D5351, created 2012-05-31 "linux <[email protected]>"server5.example.com #解密加密文件后的内容


(以上内容不代表本站观点。)
---------------------------------
本网站以及域名有仲裁协议。
本網站以及域名有仲裁協議。

2024-Mar-04 02:08pm
栏目列表