centos7-使用gpg加解密和创建私有CA证书
1、在 CentOS7 中使用 gpg 创建 RSA 非对称密钥对
[root@centos77 ~]# gpg --gen-key # 生成公钥/私钥对
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want: (1) RSA and RSA (default) # 加密方式选项(2) DSA and Elgamal(3) DSA (sign only)(4) RSA (sign only)
Your selection? 1 # 默认选择第一种加密方式
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048 # 加密长度:1024-4096之间
Requested keysize is 2048 bits
Please specify how long the key should be valid. # 秘钥保存时间0 = key does not expire # 密钥不过期<n> = key expires in n days # 密钥在n天后过期<n>w = key expires in n weeks # 密钥在n周内到期<n>m = key expires in n months # 密钥在n月内到期<n>y = key expires in n years # 密钥在n年内到期
Key is valid for? (0) y # 选择哪种保存时间
invalid value # 无效值
Key is valid for? (0) y
invalid value
Key is valid for? (0)
Key does not expire at all # 密钥根本不会过期
Is this correct? (y/N) y # 这样对吗
GnuPG needs to construct a user ID to identify your key.Real name: centos77 # 名字,最少五位
Email address: # 邮箱
Comment:
You selected this USER-ID:"centos77"#更改 名字 邮箱 保存 退出
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # okay : 大写的O
You need a Passphrase to protect your secret key.
# 您需要密码来保护您的密钥# 密码是:123456
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key D4AA14A2 marked as ultimately trusted
public and secret key created and signed.gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/D4AA14A2 2020-09-05Key fingerprint = 955D C22C 841E 8063 320B 67D0 29FA 804D D4AA 14A2
uid centos77
sub 2048R/988B04FC 2020-09-05
# 查看生成的公钥
[root@centos77 ~]# gpg --list-keys
/root/.gnupg/pubring.gpg # 公钥存放的路径
------------------------
pub 2048R/D4AA14A2 2020-09-05
uid centos77
sub 2048R/988B04FC 2020-09-05
2、将 CentOS7 导出的公钥,拷贝到 CentOS8 中,在 CentOS8 中使用 CentOS7 的公钥加密一个文件
# 上导出公钥到 magedu.pubkey
[root@centos77 ~]# gpg -a --export -o magedu.pubkey
[root@centos77 ~]# ls -l
total 8
-rw-------. 1 root root 1631 Aug 4 20:25 anaconda-ks.cfg
-rw-r--r--. 1 root root 1687 Sep 5 20:32 magedu.pubkey# 复制公钥文件到需加密的centos8主机上
[root@centos77 ~]# scp magedu.pubkey root@10.0.0.80:/root/
root@10.0.0.80's password:
magedu.pubkey 100% 1687 495.5KB/s 00:00
[root@hah ~]# ls -l /root
total 16
-rw-r--r-- 1 root root 390 Sep 5 15:09 123456.pub
-rw-------. 1 root root 1572 Aug 5 19:28 anaconda-ks.cfg
-rw-r--r-- 1 root root 380 Sep 5 16:23 id_rsa_2048.pub
-rw-r--r-- 1 root root 1687 Sep 5 20:32 magedu.pubkey# 查看公钥私钥
[root@hah ~]# gpg --list-keys
gpg: /root/.gnupg/trustdb.gpg: trustdb created# 生成公钥私钥对
[root@hah ~]# gpg --gen-key
gpg (GnuPG) 2.2.9; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.Note: Use "gpg --full-generate-key" for a full featured key generation dialog.GnuPG needs to construct a user ID to identify your key.Real name: centos80
Email address:
You selected this USER-ID:"centos80"Change (N)ame, (E)mail, or (O)kay/(Q)uit? O# 密码是:654321
[root@hah ~]# gpg --import magedu.pubkey # 导入centos77公钥
gpg: key 29FA804DD4AA14A2: public key "centos77" imported
gpg: Total number processed: 1
gpg: imported: 1
[root@hah ~]# gpg --list-keys # 查看公钥列表
/root/.gnupg/pubring.kbx
------------------------
pub rsa2048 2020-09-05 [SC] [expires: 2022-09-05]98F4B23952579AD594F52188DAB3D8E045DC4679
uid [ultimate] centos80
sub rsa2048 2020-09-05 [E] [expires: 2022-09-05]pub rsa2048 2020-09-05 [SC]955DC22C841E8063320B67D029FA804DD4AA14A2
uid [ unknown] centos77
sub rsa2048 2020-09-05 [E][root@hah ~]# echo mage > test # 创建文件# 用从centos7主机导入的公钥,加密centos8主机的文件file,生成file.gpg
# 注意:这里选定用谁的公钥进行加密,就是当初创建公钥私钥时候起的名字
[root@hah ~]# gpg -e -r centos77 test
gpg: 960FE6D8988B04FC: There is no assurance this key belongs to the named user
sub rsa2048/960FE6D8988B04FC 2020-09-05 centos77Primary key fingerprint: 955D C22C 841E 8063 320B 67D0 29FA 804D D4AA 14A2Subkey fingerprint: CBA2 939F 041D 669E D47B 2C6C 960F E6D8 988B 04FCIt is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.Use this key anyway? (y/N) y[root@hah ~]# ls -l
total 24
-rw-r--r-- 1 root root 390 Sep 5 15:09 123456.pub
-rw-------. 1 root root 1572 Aug 5 19:28 anaconda-ks.cfg
-rw-r--r-- 1 root root 380 Sep 5 16:23 id_rsa_2048.pub
-rw-r--r-- 1 root root 1687 Sep 5 20:32 magedu.pubkey
-rw-r--r-- 1 root root 5 Sep 5 20:44 test
-rw-r--r-- 1 root root 341 Sep 5 20:47 test.gpg[root@hah ~]# cat test.gpg .´Aȝg҄`]rE¼Ѭg۽2萲·
centos7-使用gpg加解密和创建私有CA证书相关推荐
- 自签名证书和私有CA签名的证书的区别 创建自签名证书 创建私有CA 证书类型 证书扩展名
自签名的证书无法被吊销,CA签名的证书可以被吊销 能不能吊销证书的区别在于,如果你的私钥被黑客获取,如果证书不能被吊销,则黑客可以伪装成你与用户进行通信 如果你的规划需要创建多个证书,那么使用私有CA ...
- 网络通信中的加密解密及openssl和创建私有CA详解
本文大纲: 1.为什么网络通信要进行数据加密? 2.数据加密方式有哪些?它们是如何进行加密的? 3.通信中是如何进行数据加密传输的? 4.https方式进行数据传输的具体流程 5.SSL 的实现工具O ...
- 加密和解密技术基础、PKI及创建私有CA
一.数据加密和解密概述 数据加密和解密是一门历史悠久的技术,从古代就已经出现了,一直发展到当代.其中,数据加密的目的有很多,可以是为了保证本地数据存取的安全性,可以是为了保证数据流在网络传输过程中的保 ...
- linux加密解密基础、PKI及SSL、创建私有CA
linux加密解密基础.PKI及SSL.创建私有CA 1.加密解密基础: 数据在网络中传输过程中要保证三个要点: (1)数据的完整性:防止数据在传输过程中遭到未授权用户的破坏或篡 ...
- 加密解密技术基础及用OpenSSL创建私有CA
1.加密解密技术基础 (1)进程通信 传输层协议有TCP,UDP,SCTP等,端口号port表示进程地址,进程向内核注册独占使用某端口. 同一主机上的进程间通信方式:进程间通信(IPC), 消息队列( ...
- JAVA实现PGP/GPG加解密
注:文章皆为个人纪录,可用性请以最终结果为准,若有错还请大佬们指出,谢谢! 一.加解密的准备资料 1.1 公钥 (用于加密) 1.2 私钥(用于解密) 1.3 私钥key (用于验证私钥) 导 ...
- openssl创建私有ca
openssl创建私有ca 1.ssl大概内容 PKI:公钥基础设施结构 CA:证书权威机构,PKI的核心 CRL:证书吊销列表,使用证书之前需要检测证书有效性 证书存储格式常见的X509格式 包含内 ...
- 自建ca根证书_如何创建私有 CA 并签发证书
为什么需要自己的 CA? 因为公共 CA (比如排名前几的这几家:Comodo, Symantec, GlobalSign, DigiCert, StartCom)颁发证书要收费,而且价格很贵.当然现 ...
- openssl工具的使用以及创建私有CA
openssl软件包在安装之后,主要会生成三段重要内容:加密库 ssl相关库文件 openssl命令行工具 下面就来介绍一下openssl命令行工具的使用: openssl和yum类似,有着许许多多的 ...
最新文章
- 蓝桥杯省赛最短路径-模板
- 在Linux中搭建一个FTP服务器
- 雷林鹏分享:YAF 在Nginx环境下的Rewrite规则
- 新词新意—The Sticks 乡下
- 【编译打包】nagios-4.0.4-2.el6.src.rpm
- POJ 1183 反正切函数的应用
- 搜集的一些电压跟随器的问题和回答
- 大学计算机技术导论,北京邮电大学计算机学院网络技术导论第一章资料.ppt
- 鸿蒙大陆罪恶深渊哪里出,库库马力
- linux 自带的python软连接被误删恢复
- MySQL 8.0.17 第一次登录并修改密码
- 靖空间公众号正式开张
- 计算机二级(Python)——02数值运算函数
- 在creo中,如何在轴上画一个键槽?
- 真的不能错过的打印攻略!打印一张7分钱
- dnf大区服务器位置,dnf河北一区是跨几
- 如果有人再问你 Java IO,把这篇文章砸他头上
- 十进制转二、八、十六进制
- 树莓派学习笔记(5):成功实现NAS家庭服务器(流媒体播放、文件共享及下载机)
- 竞争性谈判和竞争性磋商的区别
热门文章