GPG 加密实战

GPG 加密实战

gpg介绍

gpg -h
……
Home: ~/.gnupg ## 生成的密钥文件所在的目录位置
Supported algorithms: #支持的算法
Pubkey: RSA, ?, ?, ELG, DSA #公私钥加密
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256 #对称密钥加密
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 #定向散列
Compression: Uncompressed, ZIP, ZLIB, BZIP2

实验环境

两台虚拟机;
A: 192.168.1.222
B: 192.168.1.223

实验目的

  1. 使用gpg实现对称密钥加密,在A上加密的文件能被B读取
  2. 使用gpg实现非对称密钥加密,在A上加密的文件能被B读取

实验1:使用gpg实现对称密钥加密

A:
]# echo “gpg 对称密钥加密” >>/tmp/test
]# gpg -c test

                        lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
                        x Enter passphrase                                    x
                        x                                                     x
                        x                                                     x
                        x Passphrase ******__________________________________ x
                        x                                                     x
                        x                                         x
                        mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

]# ls /tmp
test test.gpg
]# scp test.gpg 192.168.1.223:/tmp

B:
]# cd /tmp && gpg -o test -d test.gpg

                        lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
                        x Enter passphrase                                    x
                        x                                                     x
                        x                                                     x
                        x Passphrase ________________________________________ x
                        x                                                     x
                        x                                         x
                        mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

]# cat test
gpg 对称密钥加密

实验2:使用gpg实现非对称密钥加密

思路:A上加密的文件要被B读取,A应当使用B的公钥进行加密,因此实验中B应当首先生成公私钥,并将生成的公钥发送给A

B:
]# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright © 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? #默认使用rsa算法
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.#密钥有效期
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: ljh
Name must be at least 5 characters long
Real name: ljhljh
Email address: [email protected]
Comment: ljh key
You selected this USER-ID:
“ljhljh (ljh key) [email protected]

Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You don’t want a passphrase - this is probably a bad idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option “–edit-key”.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/ymsk/.gnupg/trustdb.gpg: trustdb created
gpg: key 8511772D marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024R/8511772D 2020-10-08
Key fingerprint = B758 943B 68BC FB29 51D4 A197 3FBA FE1B 8511 772D
uid ljhljh (ljh key) [email protected]
sub 1024R/90C44470 2020-10-08

]# gpg --list-keys
pub 1024R/8511772D 2020-10-08
uid ljhljh (ljh key) [email protected]
sub 1024R/90C44470 2020-10-08

]# gpg -a --export -o /tmp/ljh_pubkey #密钥生成base64
]# scp /tmp/ljh_pubkey 192.168.1.222:/tmp #将生成的公钥发送给A

A:
]# gpg --import /tmp/ljh_pubkey
]# gpg --list-keys
pub 1024R/8511772D 2020-10-08
uid ljhljh (ljh key) [email protected]
sub 1024R/90C44470 2020-10-08

]# echo “非公钥加密”>>rsa.test
]# gpg -e -r ljhljh rsa.test # -r指定使用A机器上的哪一把公钥加密,因为公钥可能有很多
]# scp rsa.test.gpg 192.168.1.223:~/ #将加密的文件发送给B

B:
gpg -o rsa.test -d rsa.test.gpg #因为B机器上只可能有一把私钥,且是B自己的,直接解密就行

你可能感兴趣的:(安全加密算法体系,密码学,加密解密,运维)