Shulou(Shulou.com)06/02 Report--

Experimental purpose of asymmetric key experiment

Asymmetric encryption and decryption of files

Experiment preparation hosts: an and BOS: CentOS7IP: 192.168.172.134-generate public keys and private keys on two hosts, respectively

1. Generate public and private keys on host A

[root@hostA] # gpg-- gen-keygpg (GnuPG) 2.0.22 Copyright (C) 2013 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY To the extent permitted by law.gpg: directory `/ root/.gnupg' createdgpg: new configuration file` / root/.gnupg/gpg.conf' createdgpg: WARNING: options in `/ root/.gnupg/gpg.conf' are not yet active during this rungpg: keyring` / root/.gnupg/secring.gpg' createdgpg: keyring `/ root/.gnupg/pubring.gpg' createdPlease select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only ) (4) RSA (sign only) Your selection? 1 # Select the type of asymmetric key to be generated: RSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) 1024 # the length of the preferred key Requested keysize is 1024 bitsPlease specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n yearsKey is valid for? (0) # specify the validity period of the key Key does not expire at allIs this correct? (Change N) y # confirms that the key is valid for permanent GnuPG needs to construct a user ID to identify your key.Real name: hostA # enter the hostname corresponding to the asymmetric key Email address: Comment: You selected this USER-ID: "hostA" Change (N) ame, (C) omment, (E) mail or (O) kay/ (Q) uit? O # confirm the key information You need a Passphrase to protect your secret key.You don't want a passphrase-this is probably a * bad* ideaI will do it anyway. You can change your passphrase at any time,using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation This gives the random numbergenerator a better chance to gain enough entropy.gpg: / root/.gnupg/trustdb.gpg: trustdb createdgpg: key 4B9A0B62 marked as ultimately trustedpublic and secret key created and signed.gpg: checking the trustdbgpg: 3 marginal (s) needed, 1 complete (s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0muri, 0Q, 0n, 0m, 0f 1upub 1024R/4B9A0B62 2019-04-12 Key fingerprint = E128 AD1F E1D5 5B0D C66C FD45 4786 0C63 4B9A 0B62uid hostAsub 1024R/DD37BA59 2019-04-1 asymmetric dense generation completed [root@hostA ~] # cd / [root@hostA .g nupg] # lltotal 28 root root 7680 Apr 13 05:36 gpg.confdrwx- 2 root root 6 Apr 13 05:37 private-keys-v1.d-rw- -1 root root 649 Apr 13 05:37 pubring.gpg # Public key File-rw- 1 root root 649 Apr 13 05:37 pubring.gpg~ # Public key backup-rw- 1 root root 600 Apr 13 05:37 random_seed-rw- 1 root root 1313 Apr 13 05:37 secring.gpg # Private key text srwxr-xr-x 1 root root 0 Apr 13 05:37 S.gpg Apr trustdb.gpg RW-1 root root 1280 trustdb.gpg 13 05:37

2. Generate public and private keys on the host

[root@hostB] # gpg-- gen-keygpg (GnuPG) 2.0.22 Copyright (C) 2013 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY To the extent permitted by law.gpg: directory `/ root/.gnupg' createdgpg: new configuration file` / root/.gnupg/gpg.conf' createdgpg: WARNING: options in `/ root/.gnupg/gpg.conf' are not yet active during this rungpg: keyring` / root/.gnupg/secring.gpg' createdgpg: keyring `/ root/.gnupg/pubring.gpg' createdPlease select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only (4) RSA (sign only) Your selection? 1RSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) 1024Requested keysize is 1024 bitsPlease specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n yearsKey is valid for? (0) Key does not expire at allIs this correct? YGnuPG needs to construct a user ID to identify your key.Real name: hostBEmail address: Comment: You selected this USER-ID: "hostB" Change (N) ame, (C) omment, (E) mail or (O) kay/ (Q) uit? OYou need a Passphrase to protect your secret key.You don't want a passphrase-this is probably a * bad* ideaI will do it anyway. You can change your passphrase at any time,using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation This gives the random numbergenerator a better chance to gain enough entropy.gpg: / root/.gnupg/trustdb.gpg: trustdb createdgpg: key 77A790ED marked as ultimately trustedpublic and secret key created and signed.gpg: checking the trustdbgpg: 3 marginal (s) needed, 1 complete (s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0muri, 0Q, 0n, 0m, 0f 1upub 1024R/77A790ED 2019-04-12 Key fingerprint = 34E9 51E2 0720 1186 FC26 6BED 5FDF ABE5 77A7 90EDuid hostBsub 1024R/3108F051 2019-04-12 [root@hostB] # ll .gnupg / total 28 RW-1 root root 7680 Apr 13 05:50 gpg.confdrwx- 2 root root 6 Apr 13 05:50 private-keys-v1.d-rw- 1 root root 649 Apr 13 05:51 pubring. Gpg-rw- 1 root root 649 Apr 13 05:51 pubring.gpg~-rw- 1 root root 600 Apr 13 05:51 random_seed-rw- 1 root root 1313 Apr 13 05:51 secring.gpgsrwxr-xr-x 1 root root 0 Apr 13 05:50 S.ggkashi agentluk rw-1 root root 1280 Apr 13 05:51 trustdb.gpg public and private key files have been generated. Host An and B exchange public key files

1. Export the public key of host A to B

[root@hostA .gnupg] # gpg-a-- export-o hostA.pubkey # exports the public key file. [root@hostA .gnupg] # cat hostA.pubkey-BEGIN PGP PUBLIC KEY BLOCK-Version: GnuPG v2.0.22 (GNU/Linux) mI0EXLEFGgEEALt/ZGwt9ZnkvzI0Ah0DJMFqYPbeTfLWtckiL/tKdkQShaA8pTqSckAdeKRY1NRskKsInek3dD+V32n3PG8tTF8ZIQ6TpK8PgB/E+fKH2ftFQFchU+F82lsJ0VKf7ILQ6Yre4mVeGo4HCwrJg+E6gEPspaajCyB4BIgApNzqmxNVABEBAAG0BWhvc3RBiLkEEwECACMFAlyxBRoCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBHhgxjS5oLYj3RBACFK1NjY29XFnu2ZqpM6bSLLp5sf7fbKvUTUEhitXSoLB607v88KZoUFdcSQf9v+02KytzC1usW8P0NlevhwCJSRpcaO29GyXKnN07jsQAGJ2TUDR91hgcFZ/j2mcZal+WlgwSQr0Skv4GojTpme/n00DVbZzGGL7QBiTH/45AZpbiNBFyxBRoBBAC+rfAizsp3qturv4QXwjguar9HuXWffap7nFaQKUAC8S+a2EyGRcBvWci0sNXx9HJE4/61ExPF84TR4uc8fRkzWYb6sfPGwBxDFH5e9igPifwyEuqkQPO3eezRX5bNwLMSXyesUFCeJZ3Qy6BYV6S8vDJbjj6RYwWlLRUJv4rlHwARAQABiJ8EGAECAAkFAlyxBRoCGwwACgkQR4YMY0uaC2IkvwP/ckneRcvcYqTCeINVPlqDltUC3jn5U1Nu/dZKwt15R7l68Qr0ARBO8SuLlMH7wjBQ/c6grwohfdcXCqZN2gVqwWl2yamOpeOD4EqwnvaPGtP8t9j2gwGvM905NJRng8Ep+IOlqlNeljKjICLyNzmjrkRjxcSdDrQgIYZgH84hXZU==4MIm-END PGP PUBLIC KEY BLOCK- [root@hostA. Gnupg] # scp hostA.pubkey root@192.168.172.138:/root/.gnupgThe authenticity of host '192.168.172.138 (192.168.172 .138) 'can't be established.ECDSA key fingerprint is SHA256:YNlH0VBV0kp4lAClVvfMWVx/bHcbKKHXQwyd13d+MME.ECDSA key fingerprint is MD5:8a:1c:3d:c2:04:b1:be:05:95:33:9e:16:e8:ad:6c:25.Are you sure you want to continue connecting (yes/no)? YesWarning: Permanently added '192.168.172.138' (ECDSA) to the list of known hosts.root@192.168.172.138's password: hostA.pubkey 100% 984 808.9KB/s 00:00

two。 Export the public key of host B to A

[root@hostB] # gpg-a-- export-o hostB.pubkey [root@hostB] # cat hostB.pubkey-BEGIN PGP PUBLIC KEY BLOCK-Version: GnuPG v2.0.22 (GNU/Linux) mI0EXLEIRwEEAJwjA3oD/GMvu7WvBfp6ZOaRnLxkebI0nVQt5PFOukiDxKDMtn4Ldcuja0JlP4F/MJpxx2pacuNODG/gV1Tu+5iOzxp1+/xJXrWjh0e+MCk3ubivQ5gjL9TOSbePb/gzRR89F2BexKq6dkVYgiWUZ0205p/qBOMT49Xos9JQ02qlABEBAAG0BWhvc3RCiLkEEwECACMFAlyxCEcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBf36vld6eQ7Xb7A/4kpjrW/JC14J0ZuMggFoI340ZZUOlT2f7JKvS+bAQKFXOgko6RblHo3PdaD+SimHDhzWibr0q05jpT0OlFP9PphgNfzBaUla/9v4heXcA5Rsg+J7Z5dbblz4Fe9Hn6uuFJX6PEV00SCVZ1JBOesj4JZuufNTpU09iC8gkl2ntjYLiNBFyxCEcBBACx6zvb6aH3mybpyqR2kdke0sAsof9sPVrv2UeHS5SSLe2qk38VGmTwuqLhkvhWrPX9jZza17uauWHItjLl2Xx6VKul4pUA9EPih9rOWTsmHQPhEUnWZYVgt50Xn4YOjDaQiislS+AuR3XxeD4eaBtRatzMMQO/ibRV4EWXx6JLvQARAQABiJ8EGAECAAkFAlyxCEcCGwwACgkQX9+r5XenkO2rFAP/UgUJ3lYn9rKlnNwsgnqLc38c6BovdzOveiYt+21QBQ5HElhRI/gZkpIiNi8pze1laaRzduTOj/23rNM5i3CguJulPnMBGLx2s57EuevO34mml+A6pBUIe3ETJhtv8/L3XH5wiMzVEyuzIJuLBA4ctt+3WYpY9rNUVeuLcHVd7vQ==/T8O-END PGP PUBLIC KEY BLOCK- [root@hostB ~] # scp hostB.pubkey root@192 .168.172.134: / root/.gnupg/The authenticity of host '192.168.172.134 (192.168.172.134)' can't be established.ECDSA key fingerprint is SHA256:YNlH0VBV0kp4lAClVvfMWVx/bHcbKKHXQwyd13d+MME.ECDSA key fingerprint is MD5:8a:1c:3d:c2:04:b1:be:05:95:33:9e:16:e8:ad:6c:25.Are you sure you want to continue connecting (yes/no)? YesWarning: Permanently added '192.168.172.134' (ECDSA) to the list of known hosts.root@192.168.172.134's password: hostB.pubkey 100% 984 861.8KB/s 00:00 three, hosts An and B import the public key respectively

1. Host An imports public key

[root@hostA .gnupg] # gpg--import hostB.pubkey # Import hostB's public key gpg: key 77A790ED: public key "hostB" importedgpg: Total number processed: 1gpg: imported: 1 (RSA: 1) [root@hostA .gnupg] # gpg--list-key # View public key list / root/.gnupg/pubring.gpg- -pub 1024R/4B9A0B62 2019-04-12uid hostAsub 1024R/DD37BA59 2019-04-12pub 1024R/77A790ED 2019-04-12uid hostBsub 1024R/3108F051 2019-04-12

two。 Host B imports the public key

[root@hostB ~] # cd .gnupg / [root@hostB .gnupg] # gpg-- import hostA.pubkey gpg: key 4B9A0B62: public key "hostA" importedgpg: Total number processed: 1gpg: imported: 1 (RSA: 1) [root@hostB .gnupg] # gpg-- list-key / root/.gnupg/pubring.gpg----pub 1024R/77A790ED 2019-04-12uid HostBsub 1024R/3108F051 2019-04-12pub 1024R/4B9A0B62 2019-04-12uid hostAsub 1024R/DD37BA59 2019-04-12 IV. test

1. Asymmetrically encrypt the file using host An and send it to host B

[root@hostA data] # echo "hello,i am hostA" > file1 [root@hostA data] # gpg-e-r hostB file1gpg: 3108F051: There is no assurance this key belongs to the named userpub 1024R/3108F051 2019-04-12 hostB Primary key fingerprint: 34E9 51E2 0720 1186 FC26 6BED 5FDF ABE5 77A7 90ED Subkey fingerprint: 57FD 2BBD D2B0 8EE4 9BCA 74A5 2091 0199 3108 F051It is NOT certain that the key belongs to the person namedin the user ID. If you * really* know what you are doing,you may answer the next question with yes.Use this key anyway? (y root@hostA data N) y [root@hostA data] # scp file1.gpg root@192.168.172.138:/dataroot@192.168.172.138's password: file1.gpg 100% 225 87.2KB/s 00:00

two。 Decrypt and view the contents

[root@hostB data] # gpg-o file1 file1.gpg gpg: encrypted with 1024-bit RSA key, ID 3108F051, created 2019-04-12 "hostB" [root@hostB data] # cat file1hello,i am hostA V, about clearing keys

1. Clear public key

[root@hostA data] # gpg-- delete-key hostB # Delete hostB's public key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.pub 1024R/77A790ED 2019-04-12 hostBDelete this key from the keyring? (y root@hostA data N) y [root@hostA data] # gpg-- list-key # View key list there is no hostB / root/.gnupg/pubring.gpg----pub 1024R/4B9A0B62 2019-04-12uid hostAsub 1024R/DD37BA59 2019-04-12 [root@hostA ~] # ll .gnupg / total 40-rw -1 root root 649 Apr 13 05:48 192.168.172.138 RW-1 root root 7680 Apr 13 05:36 gpg.conf-rw-r--r-- 1 root root 984 Apr 13 06:02 hostA.pubkey-rw-r--r-- 1 root root 984 Apr 13 06:06 hostB.pubkeydrwx- 2 root root 6 Apr 13 05:37 private-keys-v1.d-rw- 1 root Root 649 Apr 13 06:32 pubring.gpg-rw- 1 root root 1298 Apr 13 06:09 pubring.gpg~ # hostB key is cleared but can still be recovered with this file-rw- 1 root root 600 Apr 13 06:15 random_seed-rw- 1 root root 1313 Apr 13 05:37 secring.gpgsrwxr-xr-x 1 root root 0 Apr 13 05:37 S.gpgMurent- Rw- 1 root root 1280 Apr 13 05:37 trustdb.gpg

two。 Delete your own public and private keys

To delete your own public key, you must first clear the private key.

[root@hostA ~] # gpg-- delete-secret-key hostA # Delete your private key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.sec 1024R/4B9A0B62 2019-04-12 hostADelete this key from the keyring? (y) yThis is a secret key!-really delete? (y root@hostA N) y [root@hostA ~] # gpg-- delete-key hostA # deletes his private key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.pub 1024R/4B9A0B62 2019-04-12 hostADelete this key from the keyring? (y root@hostA N) y [root@hostA ~] # rm-rf .gnupg / # Delete the / root/.gnupg directory

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.