pgp加密文件

admin管理员组

文章数量:1639675

Linux 下使用 GPG 加密解密

环境:
foundation1
server1
172.25.1.250
172.25.1.1

思想:
1、首先在主机 foundation1 上生成密钥对(公钥和私钥),并将其与邮箱
westos@qq 绑定
2、列出公、私钥,导出公钥,并将其发送给主机 server1
3、主机 server1 导入公钥,列出公钥,写一个需要进行加密的文件 test.txt
4、对该文件用公钥进行加密,并将加密后的文件发送给主机 foundation1,由于
foundation
1 有私钥,故可解密。但不拥有私钥则无法查看 test.txt 的内容

1、生成密钥对:gpg --gen-key
2、列出公钥:gpg --list-keys
3、导出公钥:gpg -a -o pub.key --export B2909633          //B2909633 为公钥 ID 地址
4、导入公钥:gpg --import pub.key
5、加密文件:gpg --encrypt --armor -r B2909633 test.txt
6、解密文件:gpg --decrypt test.txt.asc

[root@foundation1 Desktop]# gpg --gen-key               //生成密钥对(公钥和私钥)
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1                  //key的种类RSA方式
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024            //密钥长度选择1024
Requested keysize is 1024 bitsPlease specify how long the key should be valid.
0 = key does not expire               
<n> = key expires in n days                  
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0              //选择不会过期
Key does not expire at all
Is this correct? (y/N) y            //确认
GnuPG needs to construct a user ID to identify your key.
Real name: westos                                
Email address: westos.qq             //密钥与邮箱互相绑定
Not a valid email address
Email address: westos@qq
Comment: westos
You selected this USER-ID:
"westos (westos) <westos@qq>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B2909633 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid:
1 signed:
0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub
1024R/B2909633 2018-12-23
Key fingerprint = 779A 2177 BB5E 8687 9464 D42F 3049 9CAE
B290 9633
uid
westos (westos) <westos@qq>
sub 1024R/EB3F3A4B 2018-12-23
[root@foundation1 Desktop]# gpg --list-keys      //列出公、私钥

[root@foundation1 Desktop]# gpg -a -o pub.key --export B2909633         //导出公钥
[root@foundation1 Desktop]# scp pub.key server1:              //将其发送给主机 server1

[root@server1 ~]# ls

[root@server1 ~]# gpg --import pub.key            //主机 server1 导入公钥

[root@server1 ~]# gpg --list-keys      

[root@server1 ~]# echo “网络安全实验” > test.txt                     //写一个需要进行加密的文件 test.txt
[root@server1 ~]# ls

[root@server1 ~]# gpg --encrypt --armor -r B2909633 test.txt            //对该文件用公钥进行加密

[root@server1 ~]# ls

[root@server1 ~]# scp test.txt.asc 172.25.1.250:/home/westos/Desktop:               //将加密后的文件发送给主机 foundation1

[root@foundation1 Desktop]# ls

[root@foundation1 Desktop]# gpg -o gpg_test --decrypt test.txt.asc               //此时需要输入曾经设置的私钥
//由于 foundation1 有私钥,故可解密。但不拥有私钥则无法查看 test.txt 的内容

[root@foundation1 Desktop]# ls             //此时生成一个文件

[root@foundation1 Desktop]# cat gpg_test             //但是主机 server2 要打开不行

[root@server1 ~]# scp test.txt.asc root@server2:

[root@server2 ~]# gpg -o gpg_test --decrypt test.txt.asc

//因为没有私钥,所以提示无法查看文件内容

本文标签： 加密文件PGP