linux加密和安全-openssl

1、在 CentOS7 中使用 gpg 创建 RSA 非对称密钥对

在centos7上生成公钥/私钥对

[19:14:09 root@Centos7 ~]#gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: gjz
Name must be at least 5 characters long
Real name: gjz
Name must be at least 5 characters long
Real name: gaojz
Email address: 
Comment: 
You selected this USER-ID:
    "gaojz"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

在centos7上查看公钥

[19:43:51 root@Centos7 ~]#gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/01FB32CF 2020-09-05
uid                  gaojz <525184587@qq.com>
sub   2048R/0B395A1E 2020-09-05

[19:45:45 root@Centos7 ~]#cd .gnupg/
[19:46:36 root@Centos7 .gnupg]#ls
gpg.conf  private-keys-v1.d  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  S.gpg-agent  trustdb.gpg

2、将 CentOS7 导出的公钥，拷贝到 CentOS8 中，在 CentOS8 中使用 CentOS7 的公钥加密一个文件

在centos7导出公钥，并拷贝到centos8中

[19:32:52 root@Centos7 ~]#gpg -a --export -o gao.pubkey
[19:34:26 root@Centos7 ~]#cat gao.pubkey 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQENBF9TdYgBCADed5iPK/cU3ET5FRaQKa08HL7dDPTdANo4VQ2TF+icwhnV