Linux关于文件加密的两种方法和详解:
一、用GnuPG加密文件。
GnuPG软件包(Gnu Privacy Guard,Gnu隐私保镖),软件包的名称是gpg。
gpg在加密文件时使用的是公共密钥加密方法。
1.第一步是要创建一个将来用来发送加密数据和进行解密数据的密钥。我们执行一下gpg命令,就会在你的主目录下创建一个.gnupg子目录。
(如果它不存在的话,有时已经存在了)。在该子目录里面有一个gpg.conf的配置文件,它里面是gpg工具的各种配置选项及其默认设置值。
接下来,我们来进行第一项,生成密钥:
[root@fxvsystem root]# gpg –gen-key >>这个命令生成密钥
gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want: >>选择密钥类型
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair. >>选择密钥长度
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 768
Requested keysize is 768 bits
Please specify how long the key should be valid. >>选择密钥有效期,0代表没有期限
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? y >>最后确认是否正确
You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”
Real name: test201 >>输入基本信息,真实名字
Email address: test201@test201.com >>输入邮件地址
Comment: this is 201 key >>其他相关注释信息
You selected this USER-ID:
“test201 (this is 201 key) <test201@test201.com>”
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O >>确认OK
You need a Passphrase to protect your secret key.
Enter passphrase: >>输入密钥口令
Repeat passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.+++++++++++++++++++++++++++++++++++++++++++++.+++++..+++++++++++++++++++++++++++++++++++++++++++++.+++++..++++++++++.+++++++++++++++>.++++++++++…………………………………………………..+++++
>>生成密钥过程会出现连续的这种符号。
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 215 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy. >>这段话表明提示我们在系统上创建一些随机的活动,如果没有足够的活动,他会停下来提示我们继续这样做。(比如查看一下cpu,随意敲打一 下键盘都可以)
++++++++++.+++++++++++++++.++++++++++++++++++++.++++++++++.+++++++++++++++++++++++++.+++++.+++++.+++++++++++++++.+++++.++++++++++++++++++++….>+++++..+++++^^^^^
gpg: /root/.gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.
pub 1024D/BA56DDDA 2007-01-16 test201 (this is 201 key) <test201@test201.com> 这行里面的BA56DDDA是生成的公共密钥的标识,我们在后面还要使用,记住它吧。
Key fingerprint = 98E8 0A56 9E16 F61B 379D 2F53 D5DF 4117 BA56 DDDA
sub 768g/8F754496 2007-01-16
>>成功
[root@fxvsystem root]#
现在我们已经生成了一对密钥。查看.gnupg目录:
[root@fxvsystem root]# cd .gnupg/
[root@fxvsystem .gnupg]# ll
total 24
-rw——- 1 root root 8075 Jan 16 11:10 gpg.conf
-rw——- 1 root root 856 Jan 16 11:30 pubring.gpg 存放别人公共密钥的“钥匙环”文件。
-rw——- 1 root root 0 Jan 16 11:10 pubring.gpg~
-rw——- 1 root root 600 Jan 16 11:30 random_seed
-rw——- 1 root root 991 Jan 16 11:30 secring.gpg
-rw——- 1 root root 1240 Jan 16 11:30 trustdb.gpg
[root@fxvsystem .gnupg]#
又新生成了几个相关的文件。
2.为了把刚才生成的公共密钥发送给对方,我们需要先用命令把它提取出来:
[root@fxvsystem gpg]# gpg –armor –export BA56DDDA > 201.key 把公共密钥提取到文件201.key中。
其中:
–armor是让gpg生成ASCII格式的输出,这样适合电子邮件来发送。如果可以使用ssh等支持二进制文件传输的工具。可以不使用这个选项。
–export 就不用多说了,就是导出的意思。