linux下gpg加解密文件

GPG常用命令说明

--gen-key        生成一对儿密钥
--export         导出keys 
--import         导入keys 
-e，--encrypt    加密数据 
-c，--symmetric  对称加密 
-K，-list-keys   列出keys 
--delete-keys    删除公钥 
--delete-secret-keys    删除私钥 
-o，--output      指定输出文件
-v，--verbose     详细模式
-d                解密文件 
-a，--armor       创建ascii输出 
-r                使用哪个密钥对加密encrypt for USER-ID

如何实现不同主机上文件的加密通信？提前配置两台主机，IP在同一网段（172.25.254.43及172.25.254.143）

第一步：gpg --gen-key，生成密钥对

[root@localhost sysconfig]# cd /root/Desktop/
[root@localhost Desktop]# gpg --gen-key  ##生成密钥对
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. ##GPG版本说明
                                           
gpg: directory `/root/.gnupg' created      ##已创建目录‘/root/.gnupg’
gpg: new configuration file `/root/.gnupg/gpg.conf' created  ##已创建配置文件
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run ##警告，此中文件在此次运行中未使用
gpg: keyring `/root/.gnupg/secring.gpg' created  ##密钥环已建立（私钥）
gpg: keyring `/root/.gnupg/pubring.gpg' created  ##密钥环已建立（公钥）

Please select what kind of key you want: ##算法选择
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024  ##加密长度（默认2048）
Requested keysize is 1024 bits
Please specify how long the key should be valid. ##密钥对有效期
         0 = key does not expire      ##永久
        = key expires in n days    ##几天
      w = key expires in n weeks   ##几周
      m = key expires in n months  ##几月
      y = key expires in n years   ##几年
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y        ##确定吗？

Real name: westos   ##真实名
Email address:      ##邮件地址，不选默认为自己主机
Comment: 
You selected this USER-ID:
    "westos"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o   ##改名字，内容，邮件地址，生成密钥对或退出？
You need a Passphrase to protect your secret key.      ##需要密码保护私钥
##防误操作或者有人擅自动用私钥
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
##系统需要时间生成密钥对，为生成大量随机值，期间最好随机输入字符或移动鼠标，等待。。

确定后会出现让你输入密码的界面，输入密码即可

gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 494234AF marked as ultimately trusted ##密钥494234AF被标记为绝对信任
public and secret key created and signed.      ##"494234AF"是"用户ID"hash字符串
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024R/494234AF 2018-11-08       ##公钥特征1024位，hash字符串，生成时间
      Key fingerprint = BCF6 C145 84D0 4890 5E45  62BB 3C3A 6228 4942 34AF  ##密钥指纹
uid                  westos           ##用户ID
sub   1024R/26F616CB 2018-11-08       ##私钥特征

第二步：以ascii形式导出公钥和私钥

gpg -a --export westos > westos_pub.asc
gpg -a --export-secret-key  westos > westos_pri.asc

同样方法在另一主机（172.25.254.143）也生成公私钥

第三步：将主机43的公钥发给143主机，同样143主机公钥也发给43主机

第四步：导入对方公钥加密文件

gpg --import redhat_pub.asc     ##将143主机发来的公钥导入
gpg --recipient [用户ID] --output 加密后文件  --encrypt 需要加密文件 ---- 指定钥匙加密文件
gpg --recipient redhat --output test --encrypt file  ##用其将文件file加密为test

加密成功后，查看加密后的文件是一堆乱码

第五步：将加密后文件发给接收方（143主机）并解密！

删除密钥

（1）删除私钥
gpg --delete-secret-keys 
（2）删除公钥
gpg --delete-keys 
##必须先卸载私钥，然后才可卸载公钥

查看密钥，redhat的pub删除了