- 安装gpg软件包
1
[root@student01 ~]# yum -y install gnupg
- 生成密钥对
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33[root@student01 ~]# gpg --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?1 ###直接回车,默认加密方式
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) ###直接回车,默认秘钥长度
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) ###直接回车,秘钥不过期
Is this correct? (y/N)y ###“y”,确认
Real name: welab ##输入姓名“welab”
Email address: ###可以不填
Comment: ###可以不填
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O ###"O"确认信息正确
Passphrase ************* ###输入私钥的保护密码"xxx"
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy. ###这时候需要一些动作帮助生成秘钥
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/C2673128 2017-05-17
Key fingerprint = 853E BF25 AAEB 7DD7 42AD F6E0 A13E DDBA C267 3128
uid welab
sub 2048R/62345630 2017-05-17 ###秘钥生成成功 - 查看生成的公私钥
1
2
3
4
5
6
7
8
9
10
11
12[root@student01 ~]# gpg -K ###查看公钥
/root/.gnupg/secring.gpg
------------------------
sec 2048R/C2673128 2017-05-17
uid welab
ssb 2048R/62345630 2017-05-17
[root@student01 ~]# gpg -k
/root/.gnupg/pubring.gpg ###查看私钥
------------------------
pub 2048R/C2673128 2017-05-17
uid welab
sub 2048R/62345630 2017-05-17 - 导出公私钥
1
2[root@student01 ~]# gpg --export -a C2673128 -o welab_C2673128_pub.key ##导出公钥
[root@student01 ~]# gpg --export-secret-keys -a C2673128 -o C2673128_welab_sec.key ###导出私钥 - 将公钥发送给合作伙伴
1
[root@student01 ~]# scp C2673128_welab_pub.key root@student02:/root/
- 导入合作伙伴公钥
1
[root@student02 ~]# gpg --import C2673128_welab_pub.key
- 合作伙伴使用公钥加密文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15[root@student02 ~]# echo test >test.txt
[root@student02 ~]# gpg -aer C2673128 test.txt ###指定公钥加密文件
gpg: 62345630: There is no assurance this key belongs to the named user
pub 2048R/62345630 2017-05-17 welab
Primary key fingerprint: 853E BF25 AAEB 7DD7 42AD F6E0 A13E DDBA C267 3128
Subkey fingerprint: 1705 894F 9842 52CA 9BC8 10BA AC23 FFC1 6234 5630
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y ###使用key
[root@student02 ~]# ls test.txt.asc
test.txt.asc ###生成加密文件 - 合作伙伴把加密后的文件发送给我们,我们用私钥解密
1
2
3
4[root@student02 ~]# scp test.txt.asc root@student01:/root/
[root@student01 ~]# gpg --passphrase xxx -o test.txt -d test.txt.asc ###输入私钥密码,使用私钥解密文件
[root@student01 ~]# cat test.txt
test ###文件已解密 - 有时需要两台机器都能使用私钥来解密文件,可以把私钥发给第二台机器导入
1
2[root@student01 ~]# scp C2673128_welab_sec.key root@student02:/root/
[root@student02 ~]# gpg --import C2673128_welab_sec.key ###导入私钥