Linux初级：gpg实现对称加密和公钥加密

gpg实现对称加密

1、对文件加密（对dushan这个文件加密）
gpg -c dushan

2、对文件进行解密,（对生成的dushan.gpg并输出到文件file.txt中，注意-o选线必须在前-d在选项在后）

gpg -o file.txt -d dushan.gpg

---

gpg实现公钥加密

实现：在hostB主机上用公钥加密，在hostA主机上解密

1、在hostA主机上生成公钥/私钥对

gpg --gen-key 根据提示创造秘钥对 1.秘钥类型 2.秘钥长度 3.秘钥有效期 4.秘钥名（5个字符以上）

完成后会在`/root/下创造gnupg目录,主要使用pubring.gpg公钥和secring.gpg私钥。

[root@centos7 ~]#cd .gnupg/
[root@centos7 .gnupg]#ll
total 28
-rw------- 1 root root 7680 Sep 13 10:07 gpg.conf
drwx------ 2 root root    6 Sep 13 10:07 private-keys-v1.d
-rw------- 1 root root 1166 Sep 13 10:24 pubring.gpg
-rw------- 1 root root 1166 Sep 13 10:24 pubring.gpg~
-rw------- 1 root root  600 Sep 13 10:24 random_seed
-rw------- 1 root root 2544 Sep 13 10:24 secring.gpg
srwxr-xr-x 1 root root    0 Sep 13 10:24 S.gpg-agent
-rw------- 1 root root 1280 Sep 13 10:24 trustdb.gpg

2、在hostA主机上查看公钥gpg --list-keys

[root@centos7 .gnupg]#gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/D9F331A3 2018-09-13
uid                  dushan
sub   2048R/2A2D8437 2018-09-13

3、在hostA主机上导出公钥起名dushan.pubkey gpg -a --export -o dushan.pubkey

[root@centos7 .gnupg]#gpg -a --export -o dushan.pubkey
[root@centos7 .gnupg]#cat dushan.pubkey 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQENBFuZynMBCAC8DTaycYPaE1w1D5TjhpiySfNVPM2WX/EvXMA8+62OzV8HZOml
igVykr+tETPaURo6cd1LUhn3Iz6eLh4v2QYSmhPd2lHFbrlz6y4ntDXPF1LQyKIF
i8Wl5m45wN/xSKp0avRzdX1mrpZKxbGXlOauZE8Jf8cT4gwfPBco29zW13wyQkzK
6ydP5elC6EHGKSUpMM4nL+yMl2s016mF6RiImFXHWRv3yKXQ6rpyY1LUOH8e67qT
XQPFnyKLJeXKnuAikJtVTmQOF8PnVVWOdxnrNGiFlqiy6/JDp1UohFwUtpVXT+M9
f/1io/0BsybbKBGygPlKNpbHOblsPlhE4U3lABEBAAG0BmR1c2hhbokBOQQTAQIA
IwUCW5nKcwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEEpVibDZ8zGj
B3sH/1NGhbDHiBZ76kgUC6bnh7tyI1354Pukrx49/+EJExaBe2UHdJOAyYWBMhcj
8PRuXq++4Lt1LvAgo2qpvPMFayLQIUBsqHe1pdgJ2CSQioLhlnw/gPISpMm0mux1
dz5wZDZ/w8eC4xkoPpq6c14irLB/DJlayN+iwST1RfE4sU/WPjN/cBN9XyQbidFx
3dIsQQC7VB+C1O4YQkwdhPTCZ+k+TRrtHo1BwUavYy2ilPaWas2X6dnJ/KjTpEAD
y5UYXmR2IqzCJNBa37GdKldfnNsLzfu1Ts0QFn7fUPUKSwMH8srxwZ5TCF98CJGk
WZGbdfLmQLSGS2xycvse/tQFVL65AQ0EW5nKcwEIALs8PR6pvoc6Dw9hrR/dIDcX
6PUrjazMdrZoQZDTjdxa14r1yQmAjHiSHYBQSI4R9/DprvKcysInvQpIrwtKnBeh
XbtRbwp+ZiArmUoVcp9K2vrhhMW/tu8p7n98e2jRb1r/FwcFslyIEI1t1Lu0xsgo
QCFJz7lQ5Pyq3A7sWVlv0JA5XToI9+yy/roZx7wl3zs5ZkUCuTZmGmZ5RGRf4l+S
QtyOXdgR6QNbJr4BYq1qXRNugK/B88aChmuuFL4v7HfutVxJy77VH1NwA5nlZ39s
IRiJ/KoJFAQSCYj5JDJfmDNl4DlbOUKFyDMK6CSN2d9vDK3MluT9PHWOEKSgGWEA
EQEAAYkBHwQYAQIACQUCW5nKcwIbDAAKCRBKVYmw2fMxo4QGB/4/pMBVO3eyzeE0
K3NXfrv1ynMxuX3XSfAE1ZzsNjp6BCA+NYtgNKpbaqPDN7NqdA3/cZKUv1Ac+VUI
4nX2XrPMP4W56F6uJjfdkzXyNSSwbzkvyETK7s4yPDiysme8CUlNo6jYzqRx3GD1
LUS1UcNZNc04xyp+eZl+NkwJF89kzS1KbKLxDNwdNiEbs+Jngif3Bu/oozNiJPxv
j/6cHe+FswR/gO9EsiGSedgjJQjZKq6Kg1z7B2rWve8ffb27lyzcz0fk92yI1foH
OEcf1EwQu/+l8z/7EYkml2IDQaqqfI5BSyZQCyCzOB/c2rqlzW2n/UB1JKqW5fMz
nFLTph3u
=kaB6
-----END PGP PUBLIC KEY BLOCK-----

4、从hostA主机上复制公钥文件到需加密的B主机上scp wang.pubkey hostB:

[root@centos7 .gnupg]#scp dushan.pubkey 172.20.130.49:/data
The authenticity of host '172.20.130.49 (172.20.130.49)' can't be established.
RSA key fingerprint is SHA256:4pgvwxQyaGT0Y8KqvSDHCXWI0vHp6Td73EG07Wzm3MU.
RSA key fingerprint is MD5:30:92:3c:fe:a4:10:59:bf:a8:c8:b9:e3:79:b7:b3:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.20.130.49' (RSA) to the list of known hosts.
[email protected]'s password: 
dushan.pubkey                                 100% 1683     1.7MB/s   00:00

5、在需加密数据的hostB主机上生成公钥/私钥对

[root@dadda6 data]#gpg --list-key
[root@dadda6 data]#gpg --gen-key

6、在hostB主机上导入公钥gpg --import dsuhan.pubkey

[root@dadda6 data]#gpg --import dushan.pubkey 
gpg: key D9F331A3: public key "dushan" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
[root@dadda6 data]#gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/A7003E97 2018-09-13
uid                  liuying
sub   2048R/61A72C44 2018-09-13

pub   2048R/D9F331A3 2018-09-13
uid                  dushan
sub   2048R/2A2D8437 2018-09-13

7、用从hostA主机导入的公钥，加密hostB主机的文件 （加密本地fstab,使用dushan的公钥生成fstab.gpg，
-e加密 -r指定谁的公钥)

[root@dadda6 data]#gpg -e -r dushan fstab 
gpg: 2A2D8437: There is no assurance this key belongs to the named user

pub  2048R/2A2D8437 2018-09-13 dushan
 Primary key fingerprint: 3159 AC5B C838 06E6 7A47  9839 4A55 89B0 D9F3 31A3
      Subkey fingerprint: 0E04 18B4 0740 87D9 3FBB  E334 DC1D AE5E 2A2D 8437

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
[root@dadda6 data]#ll
total 6078084
-rw-r--r--. 1 root root 6223941632 Aug 19 21:40 centos6.10-x86_64-Everything.iso
-rw-r--r--. 1 root root       1683 Sep 13 10:41 dushan.pubkey
-rw-r--r--. 1 root root       1163 Sep 13 11:00 fstab
-rw-r--r--. 1 root root        833 Sep 13 11:03 fstab.gpg

8、hostB主机把文件传到hostA

[root@dadda6 data]#scp fstab.gpg 172.20.129.246:/data
[email protected]'s password: 
fstab.gpg                                                100%  833     0.8KB/s   00:00

9、hostA直接使用命令解密即可

[root@centos7 data]#gpg -d fstab.gpg

删除公钥

10、删除公钥不要删除配置文件，使用命令删除（如公钥和私钥都有，先删除私钥，再删除公钥，否则不成功）

[root@centos7 data]#gpg --delete-secret-key dushan 
[root@centos7 data]#gpg --delete-key dushan