系統(tǒng)運(yùn)維
非對稱密鑰實驗
實驗?zāi)康?br>對文件進(jìn)行非對稱加解密
實驗準(zhǔn)備
主機(jī):a和bos: centos7ip :192.168.172.134一、分別在2臺主機(jī)上生成公鑰和私鑰
1.在主機(jī)a上生成公私鑰
[root@hosta ~]# gpg --gen-keygpg (gnupg) 2.0.22; copyright (c) 2013 free software foundation, inc.this is free software: you are free to change and redistribute it.there is no warranty, to the extent permitted by law.gpg: directory `/root/.gnupg\\\' createdgpg: new configuration file `/root/.gnupg/gpg.conf\\\' createdgpg: warning: options in `/root/.gnupg/gpg.conf\\\' are not yet active during this rungpg: keyring `/root/.gnupg/secring.gpg\\\' createdgpg: keyring `/root/.gnupg/pubring.gpg\\\' createdplease select what kind of key you want: (1) rsa and rsa (default) (2) dsa and elgamal (3) dsa (sign only) (4) rsa (sign only)your selection? 1 #選擇所要生成的非對稱密鑰類型rsa keys may be between 1024 and 4096 bits long.what keysize do you want? (2048) 1024 #先擇密鑰的長度requested keysize is 1024 bitsplease specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearskey is valid for? (0) #指定密鑰的有效期限key does not expire at allis this correct? (y/n) y #確認(rèn)密鑰有效期為永久有效gnupg needs to construct a user id to identify your key.real name: hosta #輸入非對稱密鑰所對應(yīng)的主機(jī)名email address: comment: you selected this user-id: hostachange (n)ame, (c)omment, (e)mail or (o)kay/(q)uit? o #確認(rèn)密鑰信息you need a passphrase to protect your secret key.you don\\\'t want a passphrase - this is probably a *bad* idea!i will do it anyway. you can change your passphrase at any time,using this program with the option --edit-key.we need to generate a lot of random bytes. it is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.we need to generate a lot of random bytes. it is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.gpg: /root/.gnupg/trustdb.gpg: trustdb createdgpg: key 4b9a0b62 marked as ultimately trustedpublic and secret key created and signed.gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, pgp trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1upub 1024r/4b9a0b62 2019-04-12 key fingerprint = e128 ad1f e1d5 5b0d c66c fd45 4786 0c63 4b9a 0b62uid hostasub 1024r/dd37ba59 2019-04-12#非對稱密生成完畢[root@hosta ~]# cd .gnupg/[root@hosta .gnupg]# lltotal 28-rw------- 1 root root 7680 apr 13 05:36 gpg.confdrwx------ 2 root root 6 apr 13 05:37 private-keys-v1.d-rw------- 1 root root 649 apr 13 05:37 pubring.gpg #公鑰文件-rw------- 1 root root 649 apr 13 05:37 pubring.gpg~ #公鑰的備份-rw------- 1 root root 600 apr 13 05:37 random_seed-rw------- 1 root root 1313 apr 13 05:37 secring.gpg #私鑰文件srwxr-xr-x 1 root root 0 apr 13 05:37 s.gpg-agent-rw------- 1 root root 1280 apr 13 05:37 trustdb.gpg2.b主機(jī)上生成公私鑰
[root@hostb ~]# gpg --gen-keygpg (gnupg) 2.0.22; copyright (c) 2013 free software foundation, inc.this is free software: you are free to change and redistribute it.there is no warranty, to the extent permitted by law.gpg: directory `/root/.gnupg\\\' createdgpg: new configuration file `/root/.gnupg/gpg.conf\\\' createdgpg: warning: options in `/root/.gnupg/gpg.conf\\\' are not yet active during this rungpg: keyring `/root/.gnupg/secring.gpg\\\' createdgpg: keyring `/root/.gnupg/pubring.gpg\\\' createdplease select what kind of key you want: (1) rsa and rsa (default) (2) dsa and elgamal (3) dsa (sign only) (4) rsa (sign only)your selection?