對文件進行非對稱加解密

實驗準備

主機：A和B
OS: CentOS7
IP ：192.168.172.134

一、分別在2臺主機上生成公鑰和私鑰

1.在主機A上生成公私鑰

[root@hostA ~]# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and Redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/root/.gnupg\\\' created
gpg: new configuration file `/root/.gnupg/gpg.conf\\\' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf\\\' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg\\\' created
gpg: keyring `/root/.gnupg/pubring.gpg\\\' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1                                   #選擇所要生成的非對稱密鑰類型
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024               #先擇密鑰的長度
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)                               #指定密鑰的有效期限
Key does not expire at all
Is this correct? (y/N) y                            #確認密鑰有效期為永久有效

GnuPG needs to construct a user ID to identify your key.

Real name: hostA                                    #輸入非對稱密鑰所對應的主機名
Email address: 
Comment: 
You selected this USER-ID:
    hostA

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o   #確認密鑰信息
You need a Passphrase to protect your secret key.

You don\\\'t want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option --edit-key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 4B9A0B62 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024R/4B9A0B62 2019-04-12
      Key fingerprint = E128 AD1F E1D5 5B0D C66C  FD45 4786 0C63 4B9A 0B62
uid                  hostA
sub   1024R/DD37BA59 2019-04-12

#非對稱密生成完畢
[root@hostA ~]# cd .gnupg/
[root@hostA .gnupg]# ll
total 28
-rw------- 1 root root 7680 Apr 13 05:36 gpg.conf
drwx------ 2 root root    6 Apr 13 05:37 private-keys-v1.d
-rw------- 1 root root  649 Apr 13 05:37 pubring.gpg        #公鑰文件
-rw------- 1 root root  649 Apr 13 05:37 pubring.gpg~       #公鑰的備份
-rw------- 1 root root  600 Apr 13 05:37 random_seed
-rw------- 1 root root 1313 Apr 13 05:37 secring.gpg        #私鑰文件
srwxr-xr-x 1 root root    0 Apr 13 05:37 S.gpg-agent
-rw------- 1 root root 1280 Apr 13 05:37 trustdb.gpg

2.B主機上生成公私鑰

[root@hostB ~]# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/root/.gnupg\\\' created
gpg: new configuration file `/root/.gnupg/gpg.conf\\\' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf\\\' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg\\\' created
gpg: keyring `/root/.gnupg/pubring.gpg\\\' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: hostB
Email address: 
Comment: 
You selected this USER-ID:
    hostB

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You don\\\'t want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option --edit-key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 77A790ED marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024R/77A790ED 2019-04-12
      Key fingerprint = 34E9 51E2 0720 1186 FC26  6BED 5FDF ABE5 77A7 90ED
uid                  hostB
sub   1024R/3108F051 2019-04-12

[root@hostB ~]# ll .gnupg/
total 28
-rw------- 1 root root 7680 Apr 13 05:50 gpg.conf
drwx------ 2 root root    6 Apr 13 05:50 private-keys-v1.d
-rw------- 1 root root  649 Apr 13 05:51 pubring.gpg
-rw------- 1 root root  649 Apr 13 05:51 pubring.gpg~
-rw------- 1 root root  600 Apr 13 05:51 random_seed
-rw------- 1 root root 1313 Apr 13 05:51 secring.gpg
srwxr-xr-x 1 root root    0 Apr 13 05:50 S.gpg-agent
-rw------- 1 root root 1280 Apr 13 05:51 trustdb.gpg
公私鑰文件已生成

二、主機A、B互換公鑰文件

1.導出主機A公鑰發送給B

[root@hostA .gnupg]# gpg -a --export -o hostA.pubkey        #導出公鑰文件。
[root@hostA .gnupg]# cat hostA.pubkey 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mI0EXLEFGgEEALt/ZGwt9ZnkvzI0Ah0DJMFqYPbeTfLWtckiL/tKdkQShaA8pTqS
ckAdeKRY1NRskKsInek3dD V32n3PG8tTF8ZIQ6TpK8PgB/E fKH2ftFQFchU F8
2lsJ0VKf7ILQ6Yre4mVeGo4HCwrJg E6gEPspaajCyB4BIgApNzqmxNVABEBAAG0
BWhvc3RBiLkEEwECACMFAlyxBRoCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIX
gAAKCRBHhgxjS5oLYj3RBACFK1NjY29XFnu2ZqpM6bSLLp5sf7fbKvUTUEhitXSo
LB607v88KZoUFdcSQf9v 02KytzC1usW8P0NlevhwCJSRpcaO29GyXKnN07jsQAG
J2TUDR91hgcFZ/j2mcZal WlgwSQr0Skv4GojTpme/n00DVbZzGGL7QBiTH/45AZ
pbiNBFyxBRoBBAC rfAizsp3qturv4QXwjguar9HuXWffap7nFaQKUAC8S a2EyG
RcBvWci0sNXx9HJE4/61ExPF84TR4uc8fRkzWYb6sfPGwBxDFH5e9igPifwyEuqk
QPO3eezRX5bNwLMSXyesUFCeJZ3Qy6BYV6S8vDJbjj6RYwWlLRUJv4rlHwARAQAB
iJ8EGAECAAkFAlyxBRoCGwwACgkQR4YMY0uaC2IkvwP/ckneRcvcYqTCeINVPlqD
ltUC3jn5U1Nu/dZKwt15R7l68Qr0ARBO8SuLlMH7wjBQ/c6grwohfdcXCqZN2gVq
wWl2yamOpeOD4EqwnvaPGtP8t9j2gwGvM905NJRng8Ep IOlqlNeljKjICLyNzmj
rkRjxcSdDrQgIYZgH84hXZU=
=4MIm
-----END PGP PUBLIC KEY BLOCK-----
[root@hostA .gnupg]# scp hostA.pubkey root@192.168.172.138:/root/.gnupg
The authenticity of host \\\'192.168.172.138 (192.168.172.138)\\\' can\\\'t be established.
ECDSA key fingerprint is SHA256:YNlH0VBV0kp4lAClVvfMWVx/bHcbKKHXQwyd13d MME.
ECDSA key fingerprint is MD5:8a:1c:3d:c2:04:b1:be:05:95:33:9e:16:e8:ad:6c:25.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \\\'192.168.172.138\\\' (ECDSA) to the list of known hosts.
root@192.168.172.138\\\'s 
hostA.pubkey                                         100%  984   808.9KB/s   00:00    

2.導出主機B公鑰發送給A

[root@hostB ~]# gpg -a --export -o hostB.pubkey
[root@hostB ~]# cat hostB.pubkey
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mI0EXLEIRwEEAJwjA3oD/GMvu7WvBfp6ZOaRnLxkebI0nVQt5PFOukiDxKDMtn4L
dcuja0JlP4F/MJpxx2pacuNODG/gV1Tu 5iOzxp1 /xJXrWjh0e MCk3ubivQ5gj
L9TOSbePb/gzRR89F2BexKq6dkVYgiWUZ0205p/qBOMT49Xos9JQ02qlABEBAAG0
BWhvc3RCiLkEEwECACMFAlyxCEcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIX
gAAKCRBf36vld6eQ7Xb7A/4kpjrW/JC14J0ZuMggFoI340ZZUOlT2f7JKvS bAQK
FXOgko6RblHo3PdaD SimHDhzWibr0q05jpT0OlFP9PphgNfzBaUla/9v4heXcA5
Rsg J7Z5dbblz4Fe9Hn6uuFJX6PEV00SCVZ1JBOesj4JZuufNTpU09iC8gkl2ntj
YLiNBFyxCEcBBACx6zvb6aH3mybpyqR2kdke0sAsof9sPVrv2UeHS5SSLe2qk38V
GmTwuqLhkvhWrPX9jZza17uauWHItjLl2Xx6VKul4pUA9EPih9rOWTsmHQPhEUnW
ZYVgt50Xn4YOjDaQiislS AuR3XxeD4eaBtRatzMMQO/ibRV4EWXx6JLvQARAQAB
iJ8EGAECAAkFAlyxCEcCGwwACgkQX9 r5XenkO2rFAP/UgUJ3lYn9rKlnNwsgnqL
c38c6BovdzOveiYt 21QBQ5HElhRI/gZkpIiNi8pze1laaRzduTOj/23rNM5i3Cg
uJulPnMBGLx2s57EuevO34mml A6pBUIe3ETJhtv8/L3XH5wiMzVEyuzIJuLBA4c
tt 3WYpY9rNUVeuLcHVd7vQ=
=/T8O
-----END PGP PUBLIC KEY BLOCK-----     
[root@hostB ~]# scp hostB.pubkey root@192.168.172.134:/root/.gnupg/
The authenticity of host \\\'192.168.172.134 (192.168.172.134)\\\' can\\\'t be established.
ECDSA key fingerprint is SHA256:YNlH0VBV0kp4lAClVvfMWVx/bHcbKKHXQwyd13d MME.
ECDSA key fingerprint is MD5:8a:1c:3d:c2:04:b1:be:05:95:33:9e:16:e8:ad:6c:25.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \\\'192.168.172.134\\\' (ECDSA) to the list of known hosts.
root@192.168.172.134\\\'s 
hostB.pubkey                                         100%  984   861.8KB/s   00:00  

三、主機A、B分別導入公鑰

1.主機A導入公鑰

[root@hostA .gnupg]# gpg --import hostB.pubkey           #導入hostB的公鑰
gpg: key 77A790ED: public key hostB imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
[root@hostA .gnupg]# gpg --list-key                      #查看公鑰列表
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/4B9A0B62 2019-04-12
uid                  hostA
sub   1024R/DD37BA59 2019-04-12

pub   1024R/77A790ED 2019-04-12
uid                  hostB
sub   1024R/3108F051 2019-04-12

2.主機B導入公鑰

[root@hostB ~]# cd .gnupg/
[root@hostB .gnupg]# gpg --import hostA.pubkey 
gpg: key 4B9A0B62: public key hostA imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
[root@hostB .gnupg]# gpg --list-key 
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/77A790ED 2019-04-12
uid                  hostB
sub   1024R/3108F051 2019-04-12

pub   1024R/4B9A0B62 2019-04-12
uid                  hostA
sub   1024R/DD37BA59 2019-04-12

四、測試

1.使用主機A對文件進行非對稱加密，發送給主機B

[root@hostA data]# echo hello,i am hostA > file1
[root@hostA data]# gpg -e -r hostB file1
gpg: 3108F051: There is no assurance this key belongs to the named user

pub  1024R/3108F051 2019-04-12 hostB
 Primary key fingerprint: 34E9 51E2 0720 1186 FC26  6BED 5FDF ABE5 77A7 90ED
      Subkey fingerprint: 57FD 2BBD D2B0 8EE4 9BCA  74A5 2091 0199 3108 F051

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
[root@hostA data]# scp file1.gpg root@192.168.172.138:/data
root@192.168.172.138\\\'s 
file1.gpg                                            100%  225    87.2KB/s   00:00    

2.解密查看其中內容

[root@hostB data]# gpg -o file1 file1.gpg 
gpg: encrypted with 1024-bit RSA key, ID 3108F051, created 2019-04-12
      hostB
[root@hostB data]# cat file1
hello,i am hostA

五、關于清除密鑰

1.清除公鑰

[root@hostA data]# gpg --delete-key hostB             #刪除hostB的公鑰
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  1024R/77A790ED 2019-04-12 hostB

Delete this key from the keyring? (y/N) y

[root@hostA data]# gpg --list-key                     #查看密鑰列表此時已經沒有hostB了
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/4B9A0B62 2019-04-12
uid                  hostA
sub   1024R/DD37BA59 2019-04-12

[root@hostA ~]# ll .gnupg/
total 40
-rw------- 1 root root  649 Apr 13 05:48 192.168.172.138
-rw------- 1 root root 7680 Apr 13 05:36 gpg.conf
-rw-r--r-- 1 root root  984 Apr 13 06:02 hostA.pubkey
-rw-r--r-- 1 root root  984 Apr 13 06:06 hostB.pubkey
drwx------ 2 root root    6 Apr 13 05:37 private-keys-v1.d
-rw------- 1 root root  649 Apr 13 06:32 pubring.gpg
-rw------- 1 root root 1298 Apr 13 06:09 pubring.gpg~             #hostB的密鑰雖然被清除但是仍可以用此文件恢復
-rw------- 1 root root  600 Apr 13 06:15 random_seed
-rw------- 1 root root 1313 Apr 13 05:37 secring.gpg
srwxr-xr-x 1 root root    0 Apr 13 05:37 S.gpg-agent
-rw------- 1 root root 1280 Apr 13 05:37 trustdb.gpg

2.刪除自己的公鑰和私鑰
要刪除自己的公鑰必須先清除私鑰

[root@hostA ~]# gpg --delete-secret-key hostA                  #刪除自己的私鑰
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

sec  1024R/4B9A0B62 2019-04-12 hostA

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
[root@hostA ~]# gpg --delete-key hostA                         #刪除自己的私鑰
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  1024R/4B9A0B62 2019-04-12 hostA

Delete this key from the keyring? (y/N) y
[root@hostA ~]# rm -rf .gnupg/                                 #將/root/.gnupg目錄刪除

更多關于云服務器，域名注冊，虛擬主機的問題，請訪問三五互聯官網：m.shinetop.cn





猜你還會喜歡下面的內容

• 三五互聯虛擬主機全新升級上線
• 2025雙11云服務器搶購攻略：爆款配置三年特價，一步省三年，速搶！
• 三五互聯雙11：1G虛擬主機驚爆價只要18元
• 虛擬主機升級：提升流量配額與功能更新
• 企業郵箱的續費流程
• 如何購買域名的虛擬主機
• 如何將網頁綁定在域名上
• 如何將購買的域名綁定到 Web
• 如何把空間和域名綁定
• 虛擬主機共享ip怎么更換獨立ip
• 做網站用虛擬主機怎么樣
• 做網站什么時候要用到虛擬主機
• 去哪里買的空間和域名比較優質
• 買下域名后每年都要交錢嗎
• 怎么購買低價的虛擬主機
• 一年十幾塊錢的虛擬主機怎么樣

熱門標簽

其他問題云服務器問題域名及賬戶問題企業郵局市場咨詢云服務器云建站/云站群/小程序虛擬主機企業郵箱網絡知識域名注冊域名備案域名商標注冊云主機更多標簽...