• 使用gpg来加密数据





    3、单项加密(md5  sha1 sha2 sha128 sha256 sha512等)算出数据的hash值,当数据发生微弱的变化都会产生雪崩效应,所生成的新的hash值将变得完全不一样,主要用于数据校验。













    1. [root@newhostname app]# echo 'Ok ok ok ok ok ' > fist_encrypt
    2. [root@newhostname app]# ls
    3. fist_encrypt
    4. [root@newhostname app]# gpg -c fist_encrypt #对文件进行加密
    5. gpg: 已创建目录‘/root/.gnupg’
    6. gpg: 新的配置文件‘/root/.gnupg/gpg.conf’已建立
    7. gpg: 警告:在‘/root/.gnupg/gpg.conf’里的选项于此次运行期间未被使用
    8. gpg: 钥匙环‘/root/.gnupg/pubring.gpg’已建立
    9. [root@newhostname app]# ls
    10. fist_encrypt fist_encrypt.gpg #fist_encrypt.gpg这个就是加密过的文件

    执行 gpg -c fist_encrypt会出现两次如下图


    1. [root@newhostname app]# cat fist_encrypt.gpg
    2. gKf_);root@newhostname:/app[root@newhostname app]#



    1. [root@joker-6-01 ~]# cd /app
    2. [root@joker-6-01 app]# rm -rf fist
    3. [root@joker-6-01 app]# gpg -d fist_encrypt.gpg >fist
    4. gpg: CAST5 encrypted data
    5. can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
    6. gpg: encrypted with 1 passphrase
    7. Ok ok ok ok ok
    8. gpg: WARNING: message was not integrity protected
    9. [root@joker-6-01 app]# ls
    10. fist_encrypt.gpg
    11. [root@joker-6-01 app]#



    1. [root@joker-6-01 app]# cat fist
    2. Ok ok ok ok ok

    总结: 通过gpg -c file 进行文件加密,并生成一个 file.gpg的新文件  ,通过 gpg -d file.gpg >file 可以进行解密



    1. [root@newhostname app]# gpg --gen-key #创建密钥对
    2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
    3. This is free software: you are free to change and redistribute it.
    4. There is NO WARRANTY, to the extent permitted by law.
    5. gpg: 钥匙环‘/root/.gnupg/secring.gpg’已建立
    6. 请选择您要使用的密钥种类:
    7. (1) RSA and RSA (default)
    8. (2) DSA and Elgamal
    9. (3) DSA (仅用于签名)
    10. (4) RSA (仅用于签名)
    11. 您的选择? 1
    12. RSA 密钥长度应在 1024 位与 4096 位之间。
    13. 您想要用多大的密钥尺寸?(2048)1024
    14. 您所要求的密钥尺寸是 1024
    15. 请设定这把密钥的有效期限。
    16. 0 = 密钥永不过期
    17. <n> = 密钥在 n 天后过期
    18. <n>w = 密钥在 n 周后过期
    19. <n>m = 密钥在 n 月后过期
    20. <n>y = 密钥在 n 年后过期
    21. 密钥的有效期限是?(0) 0
    22. 密钥永远不会过期
    23. 以上正确吗?(y/n)y



    1. You need a user ID to identify your key; the software constructs the user ID
    2. from the Real Name, Comment and Email Address in this form:
    3. "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
    4. 真实姓名:zhang
    5. 电子邮件地址:765030447@qq.com
    6. 注释:test
    7. 您选定了这个用户标识:
    8. zhang (test) <765030447@qq.com>”
    9. 更改姓名(N)、注释(C)、电子邮件地址(E)或确定(O)/退出(Q)?o
    10. 您需要一个密码来保护您的私钥。
    11. 您不想要有密码――这个想法实在是遭透了!
    12. 不过,我仍然会照您想的去做。您任何时候都可以变更您的密码,仅需要
    13. 再次执行这个程序,并且使用“--edit-key”选项即可。
    14. 我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动
    15. 鼠标、读写硬盘之类的),这会让随机数字发生器有更好的机会获得足够的熵数。
    16. 我们需要生成大量的随机字节。这个时候您可以多做些琐事(像是敲打键盘、移动
    17. 鼠标、读写硬盘之类的),这会让随机数字发生器有更好的机会获得足够的熵数。
    18. gpg: /root/.gnupg/trustdb.gpg:建立了信任度数据库
    19. gpg: 密钥 11F74DDB 被标记为绝对信任
    20. 公钥和私钥已经生成并经签名。
    21. gpg: 正在检查信任度数据库
    22. gpg: 需要 3 份勉强信任和 1 份完全信任,PGP 信任模型
    23. gpg: 深度:0 有效性: 1 已签名: 0 信任度:0-,0q,0n,0m,0f,1u
    24. pub 1024R/11F74DDB 2018-01-06
    25. 密钥指纹 = E1F8 DE1D B979 48F4 A216 DCB7 D5B9 E6A3 11F7 4DDB
    26. uid zhang (test) <765030447@qq.com>
    27. sub 1024R/710D443B 2018-01-06


    1. [root@newhostname .gnupg]# pwd
    2. /root/.gnupg
    3. [root@newhostname .gnupg]# ll
    4. 总用量 28
    5. -rw-------. 1 root root 7680 16 19:45 gpg.conf
    6. drwx------. 2 root root 6 16 19:45 private-keys-v1.d
    7. -rw-------. 1 root root 675 16 20:12 pubring.gpg
    8. -rw-------. 1 root root 675 16 20:12 pubring.gpg~
    9. -rw-------. 1 root root 600 16 20:12 random_seed
    10. -rw-------. 1 root root 1338 16 20:12 secring.gpg
    11. srwxr-xr-x. 1 root root 0 16 20:12 S.gpg-agent
    12. -rw-------. 1 root root 1280 16 20:12 trustdb.gpg
    13. pubring.gpg 这个是公钥
    14. secring.gpg 这个是私钥


    1. [root@newhostname .gnupg]# gpg --list-key #可以查看公钥
    2. /root/.gnupg/pubring.gpg
    3. ------------------------
    4. pub 1024R/11F74DDB 2018-01-06
    5. uid zhang (test) <765030447@qq.com>
    6. sub 1024R/710D443B 2018-01-06
    7. [root@newhostname .gnupg]# gpg -a --export -o zhang.pubkey #导出公钥并生成可视的字符
    8. [root@newhostname .gnupg]# ls
    9. gpg.conf private-keys-v1.d pubring.gpg pubring.gpg~ random_seed secring.gpg S.gpg-agent trustdb.gpg zhang.pubkey
    10. [root@newhostname .gnupg]# ll
    11. 总用量 32
    12. -rw-------. 1 root root 7680 16 19:45 gpg.conf
    13. drwx------. 2 root root 6 16 19:45 private-keys-v1.d
    14. -rw-------. 1 root root 675 16 20:12 pubring.gpg
    15. -rw-------. 1 root root 675 16 20:12 pubring.gpg~
    16. -rw-------. 1 root root 600 16 20:12 random_seed
    17. -rw-------. 1 root root 1338 16 20:12 secring.gpg
    18. srwxr-xr-x. 1 root root 0 16 20:12 S.gpg-agent
    19. -rw-------. 1 root root 1280 16 20:12 trustdb.gpg
    20. -rw-r--r--. 1 root root 1020 16 20:37 zhang.pubkey
    21. [root@newhostname .gnupg]# cat zhang.pubkey #查看导出的公钥
    22. -----BEGIN PGP PUBLIC KEY BLOCK-----
    23. Version: GnuPG v2.0.22 (GNU/Linux)
    24. mI0EWlC9RgEEAMaYQLcdCujOTwdKiBLPfSrhwceFqt7FGT/xBggSNHs8c9EyQ/8T
    25. ls7PiiaK4drm0mdPtIPr/pa6m2T20mFB0DMpeB9SEI+z7v/jWB/Y1xxINjGvFtKP
    26. JSwFSa8qYUNLBYpBIPoa5IlXpzrkG+gRvHh++7yu8e4e06oA9lAzWT2rABEBAAG0
    29. ofXbTTVUbjFMV8MSYU+TRj1n2xuPKDaWLgJyb2cH9c/57RMS5bHqvqEBxOzrtnXB
    30. 2FPYiS8VHgLhvnUkMqer1WA7RjVESAcp52UKvoI+7yD5K7vABMg9yDPnNag2EKLr
    31. H7db0wspYo5ox3w8AZsJj3dUMLgipAQDUpckuI0EWlC9RgEEAK0PxCRuHLL3XUC6
    32. wDr4gSRj5TVcwVuSOE0ECBZakbDeuljhq9Fn0UR8FfdiPOw4Cakt0RWiYh9oxdsF
    33. R3Y6DL6fzBAwozxz1I5NXtTj68HY+/6bEiHtz4xvFPR9YEwrqzPZWaWMaTRgtAL6
    35. ueajEfdN204xA/9ZVVqFAnFti6vogSCzPMFDj6s4M66EBGEUIKkK9cnw1vzXzsv3
    36. v8YfevZsWGMX7Cag89a3ox+qIVvHhsEkL3TXEAmrYLZn9/T/E1yRQnYpQcI9uvMg
    37. /UAy3j0HtOzui4ofMuGoNJ1V7hOMt8Jlzt2+WQVvVogHcNWmEUSWcmIp8w==
    38. =o0NK
    39. -----END PGP PUBLIC KEY BLOCK-----
    40. [root@newhostname .gnupg]#


    1. [root@newhostname .gnupg]# scp zhang.pubkey
    2. root@'s password:
    3. zhang.pubkey 100% 1020 2.9MB/s 00:00



    1. [root@joker-6-01 ~]# gpg --gen-key
    2. gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
    3. This is free software: you are free to change and redistribute it.
    4. There is NO WARRANTY, to the extent permitted by law.
    5. Please select what kind of key you want:
    6. (1) RSA and RSA (default)
    7. (2) DSA and Elgamal
    8. (3) DSA (sign only)
    9. (4) RSA (sign only)
    10. Your selection?
    11. RSA keys may be between 1024 and 4096 bits long.
    12. What keysize do you want? (2048) 1024
    13. Requested keysize is 1024 bits
    14. Please specify how long the key should be valid.
    15. 0 = key does not expire
    16. <n> = key expires in n days
    17. <n>w = key expires in n weeks
    18. <n>m = key expires in n months
    19. <n>y = key expires in n years
    20. Key is valid for? (0)
    21. Key does not expire at all
    22. Is this correct? (y/N)
    23. Key is valid for? (0)
    24. Key does not expire at all
    25. Is this correct? (y/N) y
    26. GnuPG needs to construct a user ID to identify your key.
    27. Real name: shang
    28. Email address: 765030447@qq.com
    29. Comment: test
    30. You selected this USER-ID:
    31. "shang (test) <765030447@qq.com>"
    32. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?


    1. [root@joker-6-01 .gnupg]# gpg --list-key
    2. /root/.gnupg/pubring.gpg
    3. ------------------------
    4. pub 1024R/7FFA70D9 2018-01-06
    5. uid shang (test) <765030447@qq.com>
    6. sub 1024R/E774B778 2018-01-06
    7. [root@joker-6-01 .gnupg]# gpg -a --export -o shang.pubkey
    8. [root@joker-6-01 .gnupg]# ls
    9. gpg.conf private-keys-v1.d pubring.gpg pubring.gpg~ random_seed secring.gpg shang.pubkey trustdb.gpg
    10. [root@joker-6-01 .gnupg]# ll
    11. total 36
    12. -rw-------. 1 root root 7856 Nov 7 16:31 gpg.conf
    13. drwx------ 2 root root 4096 Jan 6 20:02 private-keys-v1.d
    14. -rw------- 1 root root 674 Jan 6 21:02 pubring.gpg
    15. -rw------- 1 root root 674 Jan 6 21:02 pubring.gpg~
    16. -rw------- 1 root root 600 Jan 6 21:02 random_seed
    17. -rw------- 1 root root 1338 Jan 6 21:02 secring.gpg
    18. -rw-r--r-- 1 root root 1016 Jan 6 21:05 shang.pubkey
    19. -rw-------. 1 root root 1280 Jan 6 21:02 trustdb.gpg
    20. [root@joker-6-01 .gnupg]# cat shang.pubkey
    21. -----BEGIN PGP PUBLIC KEY BLOCK-----
    22. Version: GnuPG v2.0.14 (GNU/Linux)
    23. mI0EWlDI3QEEANDr6fIRum7F1tdaJH6TI+O5QpKf3f1zEacmqqH3iQ+eIJkUZDTG
    24. yC9k87zKQVaDgbZlcn38Lf/u7X3pRemsGa8ZMkmviHCc7gfW5C0NmMse7/dKGUmt
    25. 6xOnVRsgk+WYDGwpxI0rhRxzDg0AIpNH20wZpK6bgNwoC8i5zIO605tRABEBAAG0
    28. WZQ5T4LYc9go7RuU8vDIMHQzEC0CXO9pi3ZU7quEYDfd5N9WD61+jKY9s79L09tK
    29. 14RQJByWaFFXJwWyrjzu4BzMZiAmjDf9PA5hpUVFOAdQbMKENlXOh3Rxsi65EsAH
    30. Hem/Plbr75dEN+CQV8emlZ2tDDBYhmbbkzC4jQRaUMjdAQQAzg1FrRac6KyerWt+
    31. oJ83B9eDLn6Yq9xBA6W1MdRTZKOEKygkbGP7Slr7e7lWHKinlfRL7+9+2IjzurQZ
    32. ndWO/msAKxdnqIMbg7Xx1eXWr0VwvFAz2AHDQz+Ls3mkJ40ZCPbHKXRb5+7USWKB
    34. H6Z/+nDZLW0EAJ3oHrPWIGczgzSZ+ociwsmaVggqAky3BCfWhbUgJBEOAEh+SMSw
    35. WueVIKNT/bA3SVUak0PmNz1IkXLRYmiPA/81+I9ezUx0ac1noYO2MzYfdmaCFSBM
    36. sfnfvpbk6/L0FY0aIhcuufCztIs+bsxpsXXYfq4C5hyMI1S1S8YS0pDX
    37. =DHkG
    38. -----END PGP PUBLIC KEY BLOCK-----
    39. [root@joker-6-01 .gnupg]#


    1. [root@joker-6-01 .gnupg]# scp shang.pubkey
    2. The authenticity of host ' (' can't be established.
    3. RSA key fingerprint is a4:04:ea:5b:ce:18:0c:e4:e8:b4:51:47:ea:87:0b:2b.
    4. Are you sure you want to continue connecting (yes/no)? yes
    5. Warning: Permanently added '' (RSA) to the list of known hosts.
    6. root@'s password:
    7. shang.pubkey 100% 1016 1.0KB/s 00:00



    1. hostA
    2. [root@newhostname app]# gpg --import ~/shang.pubkey
    3. gpg: 密钥 7FFA70D9:公钥“shang (test) <765030447@qq.com>”已导入
    4. gpg: 合计被处理的数量:1
    5. gpg: 已导入:1 (RSA: 1)
    6. hostB
    7. [root@joker-6-01 ~]# gpg --import zhang.pubkey
    8. gpg: key 11F74DDB: public key "zhang (test) <765030447@qq.com>" imported
    9. gpg: Total number processed: 1
    10. gpg: imported: 1 (RSA: 1)


    1. [root@newhostname app]# gpg -e -r shang fist_encrypt
    2. gpg: E774B778:没有证据表明这把密钥真的属于它所声称的持有者
    3. pub 1024R/E774B778 2018-01-06 shang (test) <765030447@qq.com>
    4. 主钥指纹: 5042 4F44 8DE2 F9EA 1A02 BBC8 346D 1FA6 7FFA 70D9
    5. 子钥指纹: BB56 2ED6 84DA 2DB7 A6A6 AFF2 122E ED1C E774 B778
    6. 这把密钥并不一定属于用户标识声称的那个人。如果您真的知道自
    7. 己在做什么,您可以在下一个问题回答 yes。
    8. 无论如何还是使用这把密钥吗?(y/N)y
    9. [root@newhostname app]# ls
    10. fist_encrypt fist_encrypt.gpg


    1. [root@newhostname app]# ls
    2. fist_encrypt fist_encrypt.gpg
    3. [root@newhostname app]# scp fist_encrypt.gpg root@
    4. root@'s password:
    5. fist_encrypt.gpg 100% 222 377.5KB/s 00:00
    6. [root@newhostname app]#


    1. [root@joker-6-01 app]# ls
    2. fist_encrypt.gpg
    3. [root@joker-6-01 app]# cat fist_encrypt.gpg
    4. %qXd46-}a>yݸ;n$
    5. jtyY T>AWK}@jBRW1
    6. ~0>[root@joker-6-01 app]#
    7. [root@joker-6-01 app]#
    8. [root@joker-6-01 app]# gpg -d fist_encrypt.gpg > fist_encrypt #对文件进行解密,并输出到fistt_encrypt内
    9. gpg: encrypted with 1024-bit RSA key, ID E774B778, created 2018-01-06
    10. "shang (test) <765030447@qq.com>"
    11. [root@joker-6-01 app]# ls
    12. fist_encrypt fist_encrypt.gpg
    13. [root@joker-6-01 app]# cat fist_encrypt #解密完成
    14. Ok ok ok ok ok



    1. [root@newhostname app]# gpg --delete-keys shang #在A上删除B的公钥
    2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
    3. This is free software: you are free to change and redistribute it.
    4. There is NO WARRANTY, to the extent permitted by law.
    5. pub 1024R/7FFA70D9 2018-01-06 shang (test) <765030447@qq.com>
    6. 要从钥匙环里删除这把密钥吗?(y/N)y
    7. [root@newhostname app]#
    1. [root@newhostname app]# gpg --delete-secret-keys zhang #在A机器上删除自己的私钥
    2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
    3. This is free software: you are free to change and redistribute it.
    4. There is NO WARRANTY, to the extent permitted by law.
    5. sec 1024R/11F74DDB 2018-01-06 zhang (test) <765030447@qq.com>
    6. 要从钥匙环里删除这把密钥吗?(y/N)y
    7. 这是一把私钥!――真的要删除吗?(y/N)y
    8. [root@newhostname app]# gpg --delete-keys zhang #再删除自己的公钥
    9. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
    10. This is free software: you are free to change and redistribute it.
    11. There is NO WARRANTY, to the extent permitted by law.
    12. pub 1024R/11F74DDB 2018-01-06 zhang (test) <765030447@qq.com>
    13. 要从钥匙环里删除这把密钥吗?(y/N)y
    14. 注意:必须先删除私钥再删除公钥


    1. [root@joker-6-01 app]# gpg --delete-keys zhang #在B上删除A的公钥
    2. gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
    3. This is free software: you are free to change and redistribute it.
    4. There is NO WARRANTY, to the extent permitted by law.
    5. pub 1024R/11F74DDB 2018-01-06 zhang (test) <765030447@qq.com>
    6. Delete this key from the keyring? (y/N) y
    7. [root@joker-6-01 app]#
    1. [root@joker-6-01 app]# gpg --delete-secret-keys shang #删除自己的私钥
    2. gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
    3. This is free software: you are free to change and redistribute it.
    4. There is NO WARRANTY, to the extent permitted by law.
    5. sec 1024R/7FFA70D9 2018-01-06 shang (test) <765030447@qq.com>
    6. Delete this key from the keyring? (y/N) y
    7. This is a secret key! - really delete? (y/N) y
    8. [root@joker-6-01 app]# gpg --delete-keys shang #删除自己的公钥
    9. gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
    10. This is free software: you are free to change and redistribute it.
    11. There is NO WARRANTY, to the extent permitted by law.
    12. pub 1024R/7FFA70D9 2018-01-06 shang (test) <765030447@qq.com>
    13. Delete this key from the keyring? (y/N) y



    1、gpg -c file         生成一个file.gpg的加密文件
    2、gpg -d file.gpg > file    解密file.gpg并将输出存入file文件




    1、gpg –gen-key   生成公私钥对
    2、gpg -a –export Akey_name.pubkey
    3、scp Akey_name.pubkey B机器:~/


    1、gpg–gen-key 生成公私钥对
    2、gpg -a –export Bkey_name.pubkey
    3、scp Bkey_name.pubkey A机器:~/


    1、gpg  –import ~/Bkey_name 在A机器上导入B机器的公钥
    2、gpg –import ~/Akey_name 在B机器上导入A机器的公钥


    1、gpg -e -r Bkey_name file1       在A机器使用B的公钥对文件进行加密
    2、gpg -e -r Akey_name file2       在B机器使用A的公钥对文件进行加密


    1、scp file1.gpg  B机器:~   在A机器,将用B公钥加密的文件传输给B机器
    2、scp file2.gpg A机器:~   在B机器,将用A公钥加密的文件传输给A机器


    1、gpg -d file2.gpg >file2  在A机器,将B传送来的文件解密(默认会使用A自己的私钥来解密)
    2、gpg -d file1.gpg > file1 在B机器,将A传送来的文件解密(默认会使用B自己的私钥来解密)

  • 相关阅读:
    [转]用mamcache 存储session的好处
    [转]怎么写 JQuery插件 (案例原理)
    HBase Canary
    HBase Bulk Loading
    HBase 运维分析
    HBase rest
    hbase mlockall
  • 原文地址:https://www.cnblogs.com/momenglin/p/8486055.html
Copyright © 2020-2023  润新知