1.2 常用安全算法使用

于 2018-05-19 17:46:59 发布
阅读量387 收藏
点赞数
分类专栏: linux运维 文章标签: sha md5 gpg
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m30_miriam/article/details/80374331
版权

单向散列

    常见算法:md5: 128bits、sha1: 160bits、sha256:256bits、sha512:512bits

    工具:md5sum/sha1sum/sha256sum/sha512sum [-c] 文件

[root@CentOS7 ~]# sha256sum /etc/passwd /etc/fstab /boot/grub2/grub.cfg 
e2df855cbf93b43f039c51f72bf328aaf4e88cc600396eecae27895f563ac3ed  /etc/passwd
9e898bd405a9c2e76ea0f3f4cf44f4ddb13c5d2c8e98f55caee6bfd1e854afb8  /etc/fstab
dd2308708920272662b4a40f3a2ee8e3cffa6592231d6cd552b9812e6b3e9593  /boot/grub2/grub.cfg
[root@CentOS7 ~]# sha256sum /etc/passwd /etc/fstab /boot/grub2/grub.cfg > /data/sha256list  #重定向生成检查列表
[root@CentOS7 ~]# sha256sum -c /data/sha256list     #-c选项用于通过加密算法检查文件完整性
/etc/passwd: OK
/etc/fstab: OK
/boot/grub2/grub.cfg: OK

    rpm -V 包名:通过单向散列算法检验rpm包的合法性

    rpm -K 包名:通过单向散列算法检验rpm包的签名

gpg命令

    对称加密

1.在发送方对文件加密

[root@CentOS7 data]# gpg -c fstab 
[root@CentOS7 data]# ll fstab*     #查看源文件与加密文件
-rw-r--r-- 1 root root 595 May 19 15:45 fstab
-rw-r--r-- 1 root root 368 May 19 15:46 fstab.gpg    #加密后文件无法直接查看

在执行加密的时候,需要发送方输入密钥

2.在接收方解密

[root@CentOS6 data]# gpg -d fstab.gpg    #使用-d选项可以查看指定加密文件的内容
gpg: CAST5 encrypted data
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[3453]: directory `/root/.gnupg/private-keys-v1.d' created
gpg: encrypted with 1 passphrase

#
# /etc/fstab
# Created by anaconda on Mon May  7 02:06:31 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=a476d3a0-5f14-476e-be7e-444dfd336b2d /                       xfs     defaults        0 0
UUID=7c3a1d3e-0307-4e0c-ab81-48fef9afb8b5 /boot                   xfs     defaults        0 0
UUID=d43b008e-4320-42a0-9376-a89ca74691d3 /data                   xfs     defaults        0 0
UUID=3be8497e-f039-4bf0-acbc-ea5783e314b4 swap                    swap    defaults        0 0
gpg: WARNING: message was not integrity protected
[root@CentOS6 data]# gpg -o fstab -d fstab.gpg      #使用-o选项将解密后的文件保存在指定文件中
gpg: CAST5 encrypted data
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
[root@CentOS6 data]# ll fstab*
-rw-r--r-- 1 root root 595 May 19 14:52 fstab
-rw-r--r-- 1 root root 368 May 19 14:51 fstab.gpg

在执行解密时需要接收方输入加密密钥

    非对称加密

1.生成密钥对(建议在图形界面下完成,期间需要移动鼠标或敲击键盘来帮助 gpg 生成随机数)

[root@CentOS6 ~]# gpg --gen-key     #使用--gen-key选项生成本机的密钥对
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:   #使用的加密算法
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.    #密钥的长度
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.   #密钥的有效期
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: CentOS6   #密钥的所有者名称
Email address:   #选填
Comment:         #选填
You selected this USER-ID:
    "CentOS6"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O    #确认输入O
You need a Passphrase to protect your secret key.

can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory

(pinentry-gtk-2:3136): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'

(pinentry-gtk-2:3139): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 855F91A7 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024R/855F91A7 2018-05-19
      Key fingerprint = 4EEE 2293 BBD1 89B1 94CB  CC2E 4E38 849F 855F 91A7
uid                  CentOS6
sub   1024R/075C41F7 2018-05-19

[root@CentOS6 ~]# ll .gnupg/    #查看密钥文件
total 32
-rw-------. 1 root root 7856 Mar 27 20:46 gpg.conf
drwx------  2 root root 4096 May 19 14:51 private-keys-v1.d
-rw-------  1 root root  650 May 19 16:07 pubring.gpg   #公钥
-rw-------  1 root root  650 May 19 16:07 pubring.gpg~
-rw-------  1 root root  600 May 19 16:07 random_seed
-rw-------  1 root root 1390 May 19 16:07 secring.gpg   #私钥
-rw-------. 1 root root 1280 May 19 16:07 trustdb.gpg

查看识别的密钥列表

[root@CentOS6 .gnupg]# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/855F91A7 2018-05-19
uid                  CentOS6
sub   1024R/075C41F7 2018-05-19
2.导出密钥 
[root@CentOS6 .gnupg]# gpg -a --export -o CentOS6.pubkey   #将公钥导出到指定文件
[root@CentOS6 .gnupg]# ll
total 36
-rw-r--r--  1 root root  984 May 19 16:20 CentOS6.pubkey   #生成的CentOS6公钥文件
-rw-------. 1 root root 7856 Mar 27 20:46 gpg.conf
drwx------  2 root root 4096 May 19 14:51 private-keys-v1.d
-rw-------  1 root root  650 May 19 16:07 pubring.gpg
-rw-------  1 root root  650 May 19 16:07 pubring.gpg~
-rw-------  1 root root  600 May 19 16:07 random_seed
-rw-------  1 root root 1390 May 19 16:07 secring.gpg
-rw-------. 1 root root 1280 May 19 16:07 trustdb.gpg

在另一台主机上也执行同样的操作,生成另一台主机的密钥对

[root@CentOS7 .gnupg]# ll
total 32
-rw-r--r-- 1 root root  988 May 19 16:25 CentOS7.pubkey   #生成的CentOS7公钥文件
-rw------- 1 root root 7680 May 19 15:43 gpg.conf
drwx------ 2 root root    6 May 19 15:43 private-keys-v1.d
-rw------- 1 root root  651 May 19 16:24 pubring.gpg
-rw------- 1 root root  651 May 19 16:24 pubring.gpg~
-rw------- 1 root root  600 May 19 16:24 random_seed
-rw------- 1 root root 1391 May 19 16:24 secring.gpg
srwxr-xr-x 1 root root    0 May 19 16:24 S.gpg-agent
-rw------- 1 root root 1280 May 19 16:24 trustdb.gpg

3.交换公钥,或者将接收方的公钥提供给发送方,亦或者将发送方的公钥提供给接收方

[root@CentOS6 .gnupg]#⮀ll CentOS7.pubkey 
-rw-r--r-- 1 root root 988 May 19 16:32 CentOS7.pubkey

4.导入公钥

[root@CentOS6 .gnupg]# gpg --import CentOS7.pubkey 
gpg: key 5F735FA4: public key "CentOS7" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
[root@CentOS6 .gnupg]# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/855F91A7 2018-05-19
uid                  CentOS6
sub   1024R/075C41F7 2018-05-19

pub   1024R/5F735FA4 2018-05-19
uid                  CentOS7
sub   1024R/B05AC238 2018-05-19
5.使用接受方的公钥加密文件 
[root@CentOS6 .gnupg]# gpg -r CentOS7 -e /data/fstab 
gpg: B05AC238: There is no assurance this key belongs to the named user

pub  1024R/B05AC238 2018-05-19 CentOS7
 Primary key fingerprint: 5ECA 6AA4 4BA0 99CE DC5D  426C 5AE5 DC02 5F73 5FA4
      Subkey fingerprint: 8CF7 C16D D8AF 0FCD 7F1D  0040 6F46 51D1 B05A C238

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y    #请求你确认公钥是否属实
[root@CentOS6 .gnupg]# ll /data/fstab*
-rw-r--r-- 1 root root 595 May 19 14:52 /data/fstab
-rw-r--r-- 1 root root 534 May 19 17:26 /data/fstab.gpg

6.在接收方使用私钥解密文件

[root@CentOS7 .gnupg]# ll /data/fstab*
-rw-r--r-- 1 root root 534 May 19 17:31 /data/fstab.gpg
[root@CentOS7 .gnupg]# gpg -o /data/fstab -d /data/fstab.gpg    #gpg能够自动识别该文件使用的密钥

You need a passphrase to unlock the secret key for
user: "CentOS7"
1024-bit RSA key, ID B05AC238, created 2018-05-19 (main key ID 5F735FA4)

gpg: encrypted with 1024-bit RSA key, ID B05AC238, created 2018-05-19
      "CentOS7"
[root@CentOS7 .gnupg]# ll /data/fstab*
-rw-r--r-- 1 root root 595 May 19 17:33 /data/fstab
-rw-r--r-- 1 root root 534 May 19 17:31 /data/fstab.gpg

解密期间需要输入密钥密码

删除密钥

    删除公钥:gpg --delete-keys 所有者

[root@CentOS6 .gnupg]# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/855F91A7 2018-05-19
uid                  CentOS6
sub   1024R/075C41F7 2018-05-19

pub   1024R/5F735FA4 2018-05-19
uid                  CentOS7
sub   1024R/B05AC238 2018-05-19

[root@CentOS6 .gnupg]# gpg --delete-keys CentOS7
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  1024R/5F735FA4 2018-05-19 CentOS7

Delete this key from the keyring? (y/N) y
[root@CentOS6 .gnupg]# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/855F91A7 2018-05-19
uid                  CentOS6
sub   1024R/075C41F7 2018-05-19

    删除私钥:gpg --delete-secret-keys 所有者

[root@CentOS6 .gnupg]# gpg --delete-secret-keys CentOS6
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec  1024R/855F91A7 2018-05-19 CentOS6

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
[root@CentOS6 .gnupg]# gpg --list-key   #使用gpg --list-key命令还可以看到列表中存在私钥
/root/.gnupg/pubring.gpg
------------------------
pub   1024R/855F91A7 2018-05-19
uid                  CentOS6
sub   1024R/075C41F7 2018-05-19

[root@CentOS6 .gnupg]# ll
total 36
-rw-r--r--  1 root root  984 May 19 16:20 CentOS6.pubkey
-rw-r--r--  1 root root  988 May 19 16:32 CentOS7.pubkey
-rw-------. 1 root root 7856 Mar 27 20:46 gpg.conf
drwx------  2 root root 4096 May 19 14:51 private-keys-v1.d
-rw-------  1 root root  650 May 19 17:39 pubring.gpg
-rw-------  1 root root 1301 May 19 16:35 pubring.gpg~
-rw-------  1 root root  600 May 19 17:26 random_seed
-rw-------  1 root root    0 May 19 17:40 secring.gpg    #然而私钥文件中已经没有数据了,说明私钥已经不存在了
-rw-------. 1 root root 1280 May 19 16:07 trustdb.gpg

将CentOS6的公钥也删除后

[root@CentOS6 .gnupg]# gpg --delete-keys CentOS6
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  1024R/855F91A7 2018-05-19 CentOS6

Delete this key from the keyring? (y/N) y
[root@CentOS6 .gnupg]# ll
total 32
-rw-r--r--  1 root root  984 May 19 16:20 CentOS6.pubkey
-rw-r--r--  1 root root  988 May 19 16:32 CentOS7.pubkey
-rw-------. 1 root root 7856 Mar 27 20:46 gpg.conf
drwx------  2 root root 4096 May 19 14:51 private-keys-v1.d
-rw-------  1 root root    0 May 19 17:43 pubring.gpg    #公钥文件也没有数据了
-rw-------  1 root root  650 May 19 17:39 pubring.gpg~
-rw-------  1 root root  600 May 19 17:26 random_seed
-rw-------  1 root root    0 May 19 17:40 secring.gpg
-rw-------. 1 root root 1280 May 19 17:43 trustdb.gpg
[root@CentOS6 .gnupg]# gpg --list-key    #gpg --list-key不再能够查到密钥



ZZULI_Miriam
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值