操作描述:
1,app1使用gpg加密一个文件filename.txt到app2
2,app2解密该文件,并正常查看
资源描述:
app1:
IP:192.168.56.101
OS:centos7
gpg (GnuPG) 2.0.22/
-------------------------------
app2:
IP:192.168.56.102
OS:ubuntu16.04
gpg (GnuPG) 1.4.20
##########################
操作步骤:
1,APP1和APP2服务器-安装rng软件,这个软件是随机生成随机数软件,后续用于创建加密密钥使用
centos
$yum install rng-tools
$ rngd -r /dev/urandom
ubuntu
apt -get install rng-tools
$ rng -r /dev/urandom
centos
$ rngd -r /dev/urandom
2,APP1服务器-创建密钥,并加密文件
操作步骤
gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1创建公钥-私钥
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)1 //确认密钥周期为1天
Key expires at Sunday, November 05, 2017 PM03:54:29 CST
Is this correct? (y/N)y //确认上述信息
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name:gpguser //gpg要求输入key的真实姓名
Email address://gpg要求输入key的email地址
Comment://gpg要求输入key的描述信息
You selected this USER-ID:
"gpguser"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?O //生成密钥文件
You need a Passphrase to protect your secret key.
gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 282 more bytes)
#####如果出现上述信息卡住的话,需要新开一个session,执行下面的命令
$ rngd -r /dev/urandom
gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++
.....+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
+++++
gpg: key 7725BC6A marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-11-04
pub 2048R/7725BC6A2017-11-04 [expires: 2018-11-04]
Key fingerprint = B4D8 2A03 4FE9 518D 908F 86E8 E178 7789 7725 BC6A
uid gpguser
sub 2048R/740D8132 2017-11-04 [expires: 2018-11-04]
3,APP1服务器-导出公钥和私钥
###7725BC6A这个是生成的key-id
gpg --export -a -r 7725BC6A -o app1_pub.key //导出公钥,-a参数导出为acsii码,-r参数就是生成的key-id,-o参数是指定导出的文件名
gpg --export-secret-key -a -o app1_sec.key //导出私钥,用于备份
4,APP1服务器-加密文件
gpg -ea -r7725BC6Afilename.txt //加密后的文件名为filename.txt.asc
5,APP1服务器-传输私钥文件及加密文件给APP2服务器
scp app1_sec.key root@APP2:~/
scp filename.txt.asc root@APP2:~/
6,APP2服务器-导入私钥文件,解密文件
gpg --import app1_sec.key
gpg -o filename.txt -d filename.txt.asc
备注:常用gpg命令
gpg --list-key //查看已经导入的密钥
gpg -ea -r 钥匙号 文件 //加密文件
gpg -o filename -d filename.asc //解密文件
gpg --export-secret-key -a -o centossec.asc //导出私钥