gpg -h …… Home: ~/.gnupg ## 生成的密钥文件所在的目录位置 Supported algorithms: #支持的算法 Pubkey: RSA, ?, ?, ELG, DSA #公私钥加密 Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 #对称密钥加密 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 #定向散列 Compression: Uncompressed, ZIP, ZLIB, BZIP2
两台虚拟机; A: 192.168.1.222 B: 192.168.1.223
A: ]# echo “gpg 对称密钥加密” >>/tmp/test ]# gpg -c test
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Enter passphrase x x x x x x Passphrase ******__________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj]# ls /tmp test test.gpg ]# scp test.gpg 192.168.1.223:/tmp
B: ]# cd /tmp && gpg -o test -d test.gpg
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Enter passphrase x x x x x x Passphrase ________________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj]# cat test gpg 对称密钥加密
B: ]# gpg --gen-key gpg (GnuPG) 2.0.22; Copyright © 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? #默认使用rsa算法 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 1024 Requested keysize is 1024 bits Please specify how long the key should be valid.#密钥有效期 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: ljh Name must be at least 5 characters long Real name: ljhljh Email address: ljh@test.com Comment: ljh key You selected this USER-ID: “ljhljh (ljh key) ljh@test.com”
Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key.
You don’t want a passphrase - this is probably a bad idea! I will do it anyway. You can change your passphrase at any time, using this program with the option “–edit-key”.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/ymsk/.gnupg/trustdb.gpg: trustdb created gpg: key 8511772D marked as ultimately trusted public and secret key created and signed.
gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024R/8511772D 2020-10-08 Key fingerprint = B758 943B 68BC FB29 51D4 A197 3FBA FE1B 8511 772D uid ljhljh (ljh key) ljh@test.com sub 1024R/90C44470 2020-10-08
]# gpg --list-keys pub 1024R/8511772D 2020-10-08 uid ljhljh (ljh key) ljh@test.com sub 1024R/90C44470 2020-10-08
]# gpg -a --export -o /tmp/ljh_pubkey #密钥生成base64 ]# scp /tmp/ljh_pubkey 192.168.1.222:/tmp #将生成的公钥发送给A
A: ]# gpg --import /tmp/ljh_pubkey ]# gpg --list-keys pub 1024R/8511772D 2020-10-08 uid ljhljh (ljh key) ljh@test.com sub 1024R/90C44470 2020-10-08
]# echo “非公钥加密”>>rsa.test ]# gpg -e -r ljhljh rsa.test # -r指定使用A机器上的哪一把公钥加密,因为公钥可能有很多 ]# scp rsa.test.gpg 192.168.1.223:~/ #将加密的文件发送给B
B: gpg -o rsa.test -d rsa.test.gpg #因为B机器上只可能有一把私钥,且是B自己的,直接解密就行
