Encrypting files in a Linux system environment __linux

Source: Internet
Author: User
Tags generator gnupg gpg
Referenced from: http://blog.chinaunix.net/u/19895/showart_232861.html

Linux on file encryption two ways and detailed:
First, use GnuPG to encrypt files.
GnuPG software package (Gnu privacy Guard,gnu privacy bodyguard), the name of the package is GPG.
GPG uses the public key encryption method when encrypting files.
1. The first step is to create a key that will be used to send encrypted data and decrypt data in the future. If we execute the GPG command, we will create a. GnuPG subdirectory in your home directory.
(if it does not exist, sometimes it already exists). Inside the subdirectory is a gpg.conf configuration file with various configuration options for the GPG tool and its default settings.
Next, we'll take the first item and generate the key:
[Root@fxvsystem root]# gpg--gen-key >> This command generates a key
GPG (GnuPG) 1.2.4; Copyright (C) 2003 free Software Foundation, Inc.
This is comes with absolutely NO WARRANTY.
This is free software, and your are welcome to redistribute it
Under certain conditions. The file copying for details.
Please select what kind of key to you want: >> Choose a secret key type
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
DSA KeyPair'll have 1024 bits.
About to generate a new elg-e keypair. >> Select Key length
Minimum keysize is 768 bits
Default KeySize is 1024 bits
Highest suggested keysize is 2048 bits
What keysize do you want? (1024) # 768
Requested keysize is 768 bits
Please specify how long the key should be valid. >> Select key Validity period, 0 represents no deadline
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) # 0
Key does not expire in all
Is this correct (y/n)? Y >> Final Confirmation is correct
You are need a user-id to identify your key; The software constructs the user ID
From real Name, Comment and e-mail address in this form:
"Heinrich Heine (Der dichter) Real name:test201 >> input basic information, true name
Email address:test201@test201.com >> Enter email address
Comment:this is 201 key >> Other related comment information
Selected this user-id:
"Test201 (this is 201 key) <test201@test201.com>"
Change (N) AME, (C) omment, (E) mail or (O) kay/(Q) uit? O >> Confirm OK
You are need a passphrase to protect your secret key.
Enter Passphrase: >> Enter the key password
Repeat Passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
Some other action (type on the keyboard, move the mouse, utilize the
Disks) during the prime generation; This gives the random number
Generator a better chance to gain enough entropy.
+++++.+++++++++++++++++++++++++++++++++++++++++++++.+++++.. +++++++++++++++++++++++++++++++++++++++++++++.+++++.. ++++++++++.+++++++++++++++>.++++++++++...........................................................+++++
>> the process of generating the key will appear in successive symbols.
Not enough random bytes available. Please don't some other work to give
The OS a chance to collect more entropy! (Need 215 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
Some other action (type on the keyboard, move the mouse, utilize the
Disks) during the prime generation; This gives the random number
Generator a better chance to gain enough entropy. >> This statement prompts us to create random activities on the system, and if there is not enough activity, he stops to prompt us to continue to do so. (For example, check the CPU, you can tap the keyboard at random)
++++++++++.+++++++++++++++.++++++++++++++++++++.++++++++++.+++++++++++++++++++++++++.+++++.+++++.++++++++++++++ +.+++++.++++++++++++++++++++....>+++++.. +++++^^^^^
GPG:/root/.gnupg/trustdb.gpg:trustdb Created
Public and secret key created and signed.
Key marked as ultimately trusted.
Pub 1024d/ba56ddda 2007-01-16 test201 (this is 201 key) <test201@test201.com> The Ba56ddda in this line is the generated public The identification of the key, we have to use later, remember it.
Key fingerprint = 98E8 0a56 9E16 f61b 379D 2f53 d5df 4117 BA56 Ddda
Sub 768g/8f754496 2007-01-16
>> success
[Root@fxvsystem root]#
Now we have generated a pair of keys. View the. GnuPG directory:
[Root@fxvsystem root]# CD. gnupg/
[Root@fxvsystem. gnupg]# ll
Total 24
-RW-------1 root 8075 11:10 gpg.conf
-RW-------1 root 856 11:30 pubring.gpg a "key ring" file that stores someone's public key.
-RW-------1 root 0 11:10 pubring.gpg~
-RW-------1 root 11:30 random_seed
-RW-------1 root 991 11:30 SECRING.GPG
-RW-------1 root 1240 11:30 TRUSTDB.GPG
[Root@fxvsystem. gnupg]#
New students have become a number of related documents.
2. To send the public key that you just generated, we need to use the command to extract it:
[Root@fxvsystem gpg]# gpg--armor--export ba56ddda > 201.key Extracts the Public key to the file 201.key.
which
--armor is to allow GPG to generate an ASCII-formatted output that is appropriate for e-mail to send. If you can use a tool that supports binary file transfer, such as SSH. You can not use this option.
--export will not have to say more, is the meaning of the export.

3. After receiving a public key from another person, the public key needs to be placed in the "Key ring" file:
For example, we received the public key just 201.key on another computer, and then we executed:
[Root@localhost gpg]# GPG--import 201.key
Gpg:key ba56ddda:public Key "test201 (this is 201 key) <test201@test201.com>" imported
Gpg:total number Processed:1
Gpg:imported:1
With this command, you can import the public key generated on the 201 machine into the "Key ring" file (~/.GNUPG/PUBRING.GPG) of the 161 machine.
You can use the GPG-KV command to see how many other people's public keys are currently stored on the 161 machine:
[Root@localhost gpg]# gpg-kv
/root/.gnupg/pubring.gpg
------------------------
Pub 1024d/1c05ec6b 2007-01-15
UID Paolo (this test destination 213) <wangqi@livedoor.cn>
Sub 1024g/a16a8685 2007-01-15
Pub 1024d/bc3aa97d 2007-01-15
UID Wangqi (test to 161) <wangqi@livedoor.cn>
Sub 1024g/33a9764d 2007-01-15
Pub 1024d/ba56ddda 2007-01-16
UID test201 (this is 201 key) <test201@test201.com>
Sub 768g/8f754496 2007-01-16
[Root@localhost gpg]#

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.