gpg實現對稱加密

1、對檔案加密（對dushan這個檔案加密）
gpg -c dushan

2、對檔案進行解密,（對生成的dushan.gpg並輸出到檔案file.txt中，注意-o選線必須在前-d在選項在後）

gpg -o file.txt -d dushan.gpg

gpg實現公鑰加密

實現：在hostB主機上用公鑰加密，在hostA主機上解密

1、在hostA主機上生成公鑰/私鑰對

gpg --gen-key 根據提示創造祕鑰對 1.祕鑰型別 2.祕鑰長度 3.祕鑰有效期 4.祕鑰名（5個字元以上）

完成後會在`/root/下創造gnupg目錄,主要使用pubring.gpg公鑰和secring.gpg私鑰。

[[email protected] ~]#cd .gnupg/
[[email protected] .gnupg]#ll
total 28
-rw------- 1 root root 7680 Sep 13 10:07 gpg.conf
drwx------ 2 root root    6 Sep 13 10:07 private-keys-v1.d
-rw------- 1 root root 1166 Sep 13 10:24 pubring.gpg
-rw------- 1 root root 1166 Sep 13 10:24 pubring.gpg~
-rw------- 1 root root  600 Sep 13 10:24 random_seed
-rw------- 1 root root 2544 Sep 13 10:24 secring.gpg
srwxr-xr-x 1 root root    0 Sep 13 10:24 S.gpg-agent
-rw------- 1 root root 1280 Sep 13 10:24 trustdb.gpg
 

2、在hostA主機上檢視公鑰gpg --list-keys

[[email protected] .gnupg]#gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/D9F331A3 2018-09-13
uid                  dushan
sub   2048R/2A2D8437 2018-09-13

3、在hostA主機上匯出公鑰起名dushan.pubkey gpg -a --export -o dushan.pubkey

[[email protected]
 
 .gnupg]#gpg -a --export -o dushan.pubkey
[[email protected] .gnupg]#cat dushan.pubkey 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQENBFuZynMBCAC8DTaycYPaE1w1D5TjhpiySfNVPM2WX/EvXMA8+62OzV8HZOml
igVykr+tETPaURo6cd1LUhn3Iz6eLh4v2QYSmhPd2lHFbrlz6y4ntDXPF1LQyKIF
i8Wl5m45wN/xSKp0avRzdX1mrpZKxbGXlOauZE8Jf8cT4gwfPBco29zW13wyQkzK
6ydP5elC6EHGKSUpMM4nL+yMl2s016mF6RiImFXHWRv3yKXQ6rpyY1LUOH8e67qT
XQPFnyKLJeXKnuAikJtVTmQOF8PnVVWOdxnrNGiFlqiy6/JDp1UohFwUtpVXT+M9
f/1io/0BsybbKBGygPlKNpbHOblsPlhE4U3lABEBAAG0BmR1c2hhbokBOQQTAQIA
IwUCW5nKcwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEEpVibDZ8zGj
B3sH/1NGhbDHiBZ76kgUC6bnh7tyI1354Pukrx49/+EJExaBe2UHdJOAyYWBMhcj
8PRuXq++4Lt1LvAgo2qpvPMFayLQIUBsqHe1pdgJ2CSQioLhlnw/gPISpMm0mux1
dz5wZDZ/w8eC4xkoPpq6c14irLB/DJlayN+iwST1RfE4sU/WPjN/cBN9XyQbidFx
3dIsQQC7VB+C1O4YQkwdhPTCZ+k+TRrtHo1BwUavYy2ilPaWas2X6dnJ/KjTpEAD
y5UYXmR2IqzCJNBa37GdKldfnNsLzfu1Ts0QFn7fUPUKSwMH8srxwZ5TCF98CJGk
WZGbdfLmQLSGS2xycvse/tQFVL65AQ0EW5nKcwEIALs8PR6pvoc6Dw9hrR/dIDcX
6PUrjazMdrZoQZDTjdxa14r1yQmAjHiSHYBQSI4R9/DprvKcysInvQpIrwtKnBeh
XbtRbwp+ZiArmUoVcp9K2vrhhMW/tu8p7n98e2jRb1r/FwcFslyIEI1t1Lu0xsgo
QCFJz7lQ5Pyq3A7sWVlv0JA5XToI9+yy/roZx7wl3zs5ZkUCuTZmGmZ5RGRf4l+S
QtyOXdgR6QNbJr4BYq1qXRNugK/B88aChmuuFL4v7HfutVxJy77VH1NwA5nlZ39s
IRiJ/KoJFAQSCYj5JDJfmDNl4DlbOUKFyDMK6CSN2d9vDK3MluT9PHWOEKSgGWEA
EQEAAYkBHwQYAQIACQUCW5nKcwIbDAAKCRBKVYmw2fMxo4QGB/4/pMBVO3eyzeE0
K3NXfrv1ynMxuX3XSfAE1ZzsNjp6BCA+NYtgNKpbaqPDN7NqdA3/cZKUv1Ac+VUI
4nX2XrPMP4W56F6uJjfdkzXyNSSwbzkvyETK7s4yPDiysme8CUlNo6jYzqRx3GD1
LUS1UcNZNc04xyp+eZl+NkwJF89kzS1KbKLxDNwdNiEbs+Jngif3Bu/oozNiJPxv
j/6cHe+FswR/gO9EsiGSedgjJQjZKq6Kg1z7B2rWve8ffb27lyzcz0fk92yI1foH
OEcf1EwQu/+l8z/7EYkml2IDQaqqfI5BSyZQCyCzOB/c2rqlzW2n/UB1JKqW5fMz
nFLTph3u
=kaB6
-----END PGP PUBLIC KEY BLOCK-----

4、從hostA主機上覆制公鑰檔案到需加密的B主機上scp wang.pubkey hostB:

[[email protected] .gnupg]#scp dushan.pubkey 172.20.130.49:/data
The authenticity of host '172.20.130.49 (172.20.130.49)' can't be established.
RSA key fingerprint is SHA256:4pgvwxQyaGT0Y8KqvSDHCXWI0vHp6Td73EG07Wzm3MU.
RSA key fingerprint is MD5:30:92:3c:fe:a4:10:59:bf:a8:c8:b9:e3:79:b7:b3:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.20.130.49' (RSA) to the list of known hosts.
[email protected]'s password: 
dushan.pubkey                                 100% 1683     1.7MB/s   00:00

5、在需加密資料的hostB主機上生成公鑰/私鑰對

[[email protected] data]#gpg --list-key
[[email protected] data]#gpg --gen-key

6、在hostB主機上匯入公鑰gpg --import dsuhan.pubkey

[[email protected] data]#gpg --import dushan.pubkey 
gpg: key D9F331A3: public key "dushan" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
[[email protected] data]#gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/A7003E97 2018-09-13
uid                  liuying
sub   2048R/61A72C44 2018-09-13

pub   2048R/D9F331A3 2018-09-13
uid                  dushan
sub   2048R/2A2D8437 2018-09-13

7、用從hostA主機匯入的公鑰，加密hostB主機的檔案 （加密本地fstab,使用dushan的公鑰生成fstab.gpg，
-e加密 -r指定誰的公鑰)

[[email protected] data]#gpg -e -r dushan fstab 
gpg: 2A2D8437: There is no assurance this key belongs to the named user

pub  2048R/2A2D8437 2018-09-13 dushan
 Primary key fingerprint: 3159 AC5B C838 06E6 7A47  9839 4A55 89B0 D9F3 31A3
      Subkey fingerprint: 0E04 18B4 0740 87D9 3FBB  E334 DC1D AE5E 2A2D 8437

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
[[email protected] data]#ll
total 6078084
-rw-r--r--. 1 root root 6223941632 Aug 19 21:40 centos6.10-x86_64-Everything.iso
-rw-r--r--. 1 root root       1683 Sep 13 10:41 dushan.pubkey
-rw-r--r--. 1 root root       1163 Sep 13 11:00 fstab
-rw-r--r--. 1 root root        833 Sep 13 11:03 fstab.gpg

8、hostB主機把檔案傳到hostA

[[email protected] data]#scp fstab.gpg 172.20.129.246:/data
[email protected]'s password: 
fstab.gpg                                                100%  833     0.8KB/s   00:00

9、hostA直接使用命令解密即可

[[email protected] data]#gpg -d fstab.gpg

刪除公鑰

10、刪除公鑰不要刪除配置檔案，使用命令刪除（如公鑰和私鑰都有，先刪除私鑰，再刪除公鑰，否則不成功）

[[email protected] data]#gpg --delete-secret-key dushan 
[[email protected] data]#gpg --delete-key dushan