[root@centos7 ~]# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)(2) DSA and Elgamal
(3) DSA (sign only)(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n>= key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: zhanglaiqiang
Email address: fox@mail.com
Comment: IT
You selected this USER-ID:
"zhanglaiqiang (IT) <fox@mail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
┌⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┐
│ Enter passphrase │
│ │
│ │
│ Passphrase ________________________________________ │
│ │
│ <OK><Cancel> │
└⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┘
┌⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┐
│ Warning: You have entered an insecure passphrase. │
│ A passphrase should be at least 8 characters long. │
│ │
│ <Take this one anyway><Enter new passphrase> │
└⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┘
┌⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┐
│ Warning: You have entered an insecure passphrase. │
│ A passphrase should contain at least 1 digit or │
│ special character. │
│ │
│ <Take this one anyway><Enter new passphrase> │
└⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┘ ┌⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻│ You have not entered a passphrase - this is in general a bad idea! │
│ Please confirm that you do not want to have any protection on your key. │
│ │
│ <Yes, protection is not needed><Enter new passphrase> └⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┘
┌⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┐
│ Please re-enter this passphrase │
│ │
│ Passphrase ________________________________________ │
│ │
│ <OK><Cancel> │
└⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻⎻┘
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 28DDA999 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024R/28DDA999 2020-09-06
Key fingerprint = DCF2 BC55 E9FD A99F 1E5B 9230 9A5B FD70 28DD A999
uid zhanglaiqiang (IT)<fox@mail.com>
sub 1024R/9ABA3A76 2020-09-06
[root@centos7 ~]# gpg -a --export -o zhang.pubkey[root@centos7 ~]# ls
anaconda-ks.cfg zhang.pubkey
[root@centos7 ~]# scp zhang.pubkey 10.51.8.28:/data
The authenticity of host '10.51.8.28 (10.51.8.28)' can't be established.
ECDSA key fingerprint is SHA256:r4hFTMwX/xiiAhY7V2OG99D8Ruz269OJSTMtGP9Rv+0.
ECDSA key fingerprint is MD5:9d:5e:5e:8b:a5:92:db:78:e6:16:ab:5f:e6:1a:72:19.
Are you sure you want to continue connecting (yes/no)? yes
\Warning: Permanently added '10.51.8.28' (ECDSA) to the list of known hosts.
root@10.51.8.28's password:
zhang.pubkey
centos8
[root@centos8 data]# echo "hello,Welcome to zhengzhou!" > text.txt[root@centos8 data]# gpg --import zhang.pubkey [root@centos8 data]# gpg -e -r zhanglaiqiang text.txt [root@centos8 data]# ls
file.gpg text.txt text.txt.gpg zhang.pubkey
[root@centos7 ~]# scp 10.51.8.28:/data/text.txt.gpg .
root@10.51.8.28's password:
text.txt.gpg
[root@centos7 data]# gpg -o textNew.txt -d text.txt.gpg
gpg: encrypted with 1024-bit RSA key, ID 9ABA3A76, created 2020-09-06
"zhanglaiqiang (IT) <fox@mail.com>"[root@centos7 data]# ls
boot textNew.txt text.txt.gpg
[root@centos7 data]# cat textNew.txt
hello,Welcome to zhengzhou!
[root@centos7 CA]# touch index.txt[root@centos7 CA]# echo 01 > serial[root@centos7 CA]# (umask 066;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
............................................................................+++
..................+++
e is 65537 (0x10001)[root@centos7 CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 /etc/pki/CA/cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:cn
State or Province Name (full name)[]:henan
Locality Name (eg, city)[Default City]:zhengzhou
Organization Name (eg, company)[Default Company Ltd]:jituan
Organizational Unit Name (eg, section)[]:it
Common Name (eg, your name or your server's hostname)[]:ca.jituan.com
Email Address []:mail@zhanglaiqiang.cn
4、在 CentOS7 中使用 openssl 软件创建 CA
[root@centos7 CA]# (umask 066;openssl genrsa -out /data/httpd.key 2048)[root@centos7 CA]# openssl req -new -key /data/httpd.key -out /data/httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:cn
State or Province Name (full name)[]:henan
Locality Name (eg, city)[Default City]:zhengzhou
Organization Name (eg, company)[Default Company Ltd]:jituan
Organizational Unit Name (eg, section)[]:it
Common Name (eg, your name or your server's hostname) []:xinxibu
Email Address []:40900360@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 CA]# openssl ca -in /data/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 100
1、在 CentOS7 中使用 gpg 创建 RSA 非对称密钥对[root@centos7 ~]# gpg --gen-keygpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.