devbox
知新_RL
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

加密和安全相关

作者:知新_RL | 2024-07-03 16:49:21

you selected this user-id: you need a passphrase to protect your secret key.

加密和安全

常见的加密算法有和协议有对称加密,公钥加密,单向加密和认证协议

对称加密

对称加密,在加密和解密时使用的是同一个密钥
常见的对称加密有:DES,3DES,AES,Blowfish,Twofish,IDEA,RC6,CAST5

对称密钥加密和解密的过程:

数据发送方A和数据接收方B在发送数据前先通过某种渠道约定好密钥,然后A将明文的数据使用对称密钥进行加密,然后将加密后的数据发送给B,B接受到数据后使用相同的密钥对数据进行解密然后获取相应的数据

通过上述的加密和解密过程可以了解到这种加密的方法有以以下这些特点:

1.数据加密和解密时使用同一组密钥
2.数据加密和机密时使用时间短效率高
3.将原始数据分割成固定大小的块,逐个进行加密

不难看出对称加密的缺点也是非常的明显:

1.密钥过多:每一个数据对应的都需要使用一个不同的密钥进行加密,产生过多的密钥
2.密钥分发:密钥在分发的过程种存在安全性问题
3.数据的来源无法确认:由于谁都能对数据加同一密钥所以数据的来源性无法确认

非对称加密

非对称加密的密钥是成对的出现的,其分为公钥和私钥
公钥(Public key):公开给所有人
私钥(Secret key):自己留存,必须保证其私密性
常见的非对称加密的算法有:RSA(加密,数字签名),DSA(数字签名),ELGaml

非对称加密的加解密和实现数字签名的过程:

数据的发送方A和接收方B各生成一队密钥:A方公钥Pa、私钥Sa,B方公钥Pb、私钥Sb
A方在传送明文数据前先使用自己的私钥(Sa)对数据进行加密,再使用B方的公钥(Pb)对加密后的数据再次加密,然后将数据传送给B,B方接受到数据后,先使用自己的私钥(Sb)对加密的数据进行解密,然后再使用A的公钥(Pa)再次对数据进行解密以此来确认数据确实是由A发送而来。

通过该流程可以发现非对称加密有以下特点:

用公钥加密的数据,只能由与之相对应的私钥进行解密,反之亦然。
通过其特性可以实现以下功能:
1.可以实现数字签名,让接受可以确认数据发送方的身份
2.可以实现对称密钥的交换,发送方可以使用对方的公钥加密一个对称密钥然后发送给对方
3.由于非对称加密的解密的时间比较长,所以只适合较小数据的加密

由此可见其缺点是非常明显的:

1.非对称密钥的长度非常的长。
2.非对称加密在解密时的效率非常的低下

单向散列(hash算法)

hash算法又叫数据摘要,这种算法无法被逆推,可以确保数据的完整性,确保数据没有被篡改,用来做完整性校验。hash算法类似于指纹。
常见算法: md5: 128bits、sha1: 160bits、sha224、sha256、sha384、sha512
示例:
将一窜字符定向给file1,然后对file1进行一系列操作并用md5sum进行提取指纹信息查看。 

  1. [root@centos7 ~]# echo abcdefg > file1
  2. [root@centos7 ~]# md5sum file1                  
  3. 020861c8c3fe177da19a7e9539a5dbac  file1     #对刚创建的file1文件提取数据摘要
  4. [root@centos7 ~]# cp file1 file2
  5. [root@centos7 ~]# md5sum file2
  6. 020861c8c3fe177da19a7e9539a5dbac  file2     #复制file1命名为file2再提取数据摘要与file1做比较
  7. [root@centos7 ~]# echo 1 >> file2
  8. [root@centos7 ~]# md5sum file2
  9. 7f01eb26bac5f3a716b77cb702d85184  file2     #给file2添加点数据然后提取数据摘要再次和上一次的file2的数据摘要作比较

通过上述示例可以发现,文件名的改变对数据的摘要信息毫无影响,但当数据的内容发生改变时,所提取出来的数据摘要将发生天翻地覆的变法。数据的完整性校验就是通过此种方法来实现的。

所以单向散列有以下的特点:

1.任意长度输入,固定长度输出
2.若修改数据,指纹也会改变
3.无法从指纹中重新生成数据
根据其特点可以实现数据完整性这一功能。

数字签名

通过上述3种加密方法的特点,我们可以实现出一种既能进行加密又能确保解密高效性,并且缺保数据的完整性的方法,这种方法称为数字签名。

数字签名的实现方法:

发送数据发送方用hash算法从数据中生成数据摘要,然后用自己的私人密钥对这个摘要进行加密,这个加密后的摘要将作为数据数字签名和报文一起发送给接收方,接收方首先用与发送方一样的hash算法从接收到的原始数据中计算出数据摘要,接着再用发送方的公用密钥来对数据附加的数字签名进行解密,如果这两个摘要相同、那么接收方就能确认该数字签名是发送方的。

数字签名有两种功效:

1.能确定数据确实是由发送方签名并发出来的,因为别人假冒不了发送方的签名。
2.数字签名能确定数据的完整性。因为数字签名的特点是它代表了数据的特征,数据如果发生改变,数字摘要的值也将发生变化。不同的数据将得到不同的数字摘要。 一次数字签名涉及到一个hash算法、发送者的公钥、发送者的私钥。

非对称密钥实验

实验目的:

对文件进行非对称加解密

实验准备:

主机OSIP
ACentOS7192.168.172.134
BCentOS7192.168.172.134

一、分别在2台主机上生成公钥和私钥

1.在主机A上生成公私钥

  1. [root@hostA ~]# gpg --gen-key
  2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
  3. This is free software: you are free to change and redistribute it.
  4. There is NO WARRANTY, to the extent permitted by law.
  5.  
  6. gpg: directory `/root/.gnupg' created
  7. gpg: new configuration file `/root/.gnupg/gpg.conf' created
  8. gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
  9. gpg: keyring `/root/.gnupg/secring.gpg' created
  10. gpg: keyring `/root/.gnupg/pubring.gpg' created
  11. Please select what kind of key you want:
  12.    (1) RSA and RSA (default)
  13.    (2) DSA and Elgamal
  14.    (3) DSA (sign only)
  15.    (4) RSA (sign only)
  16. Your selection? 1                                   #选择所要生成的非对称密钥类型
  17. RSA keys may be between 1024 and 4096 bits long.
  18. What keysize do you want? (2048) 1024               #先择密钥的长度
  19. Requested keysize is 1024 bits
  20. Please specify how long the key should be valid.
  21.          0 = key does not expire
  22.       <n>  = key expires in n days
  23.       <n>w = key expires in n weeks
  24.       <n>m = key expires in n months
  25.       <n>y = key expires in n years
  26. Key is valid for? (0)                               #指定密钥的有效期限
  27. Key does not expire at all
  28. Is this correct? (y/N) y                            #确认密钥有效期为永久有效
  30. GnuPG needs to construct a user ID to identify your key.
  32. Real name: hostA                                    #输入非对称密钥所对应的主机名
  33. Email address: 
  34. Comment: 
  35. You selected this USER-ID:
  36.     "hostA"
  38. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o   #确认密钥信息
  39. You need a Passphrase to protect your secret key.
  41. You don't want a passphrase - this is probably a *bad* idea!
  42. I will do it anyway.  You can change your passphrase at any time,
  43. using this program with the option "--edit-key".
  44.  
  45. We need to generate a lot of random bytes. It is a good idea to perform
  46. some other action (type on the keyboard, move the mouse, utilize the
  47. disks) during the prime generation; this gives the random number
  48. generator a better chance to gain enough entropy.
  49. We need to generate a lot of random bytes. It is a good idea to perform
  50. some other action (type on the keyboard, move the mouse, utilize the
  51. disks) during the prime generation; this gives the random number
  52. generator a better chance to gain enough entropy.
  53. gpg: /root/.gnupg/trustdb.gpg: trustdb created
  54. gpg: key 4B9A0B62 marked as ultimately trusted
  55. public and secret key created and signed.
  56.  
  57. gpg: checking the trustdb
  58. gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
  59. gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
  60. pub   1024R/4B9A0B62 2019-04-12
  61.       Key fingerprint = E128 AD1F E1D5 5B0D C66C  FD45 4786 0C63 4B9A 0B62
  62. uid                  hostA
  63. sub   1024R/DD37BA59 2019-04-12
  64.  
  65. #非对称密生成完毕
  66. [root@hostA ~]# cd .gnupg/
  67. [root@hostA .gnupg]# ll
  68. total 28
  69. -rw------- 1 root root 7680 Apr 13 05:36 gpg.conf
  70. drwx------ 2 root root    6 Apr 13 05:37 private-keys-v1.d
  71. -rw------- 1 root root  649 Apr 13 05:37 pubring.gpg        #公钥文件
  72. -rw------- 1 root root  649 Apr 13 05:37 pubring.gpg~       #公钥的备份
  73. -rw------- 1 root root  600 Apr 13 05:37 random_seed
  74. -rw------- 1 root root 1313 Apr 13 05:37 secring.gpg        #私钥文件
  75. srwxr-xr-x 1 root root    0 Apr 13 05:37 S.gpg-agent
  76. -rw------- 1 root root 1280 Apr 13 05:37 trustdb.gpg

2.B主机上生成公私钥

  1. [root@hostB ~]# gpg --gen-key
  2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
  3. This is free software: you are free to change and redistribute it.
  4. There is NO WARRANTY, to the extent permitted by law.
  5.  
  6. gpg: directory `/root/.gnupg' created
  7. gpg: new configuration file `/root/.gnupg/gpg.conf' created
  8. gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
  9. gpg: keyring `/root/.gnupg/secring.gpg' created
  10. gpg: keyring `/root/.gnupg/pubring.gpg' created
  11. Please select what kind of key you want:
  12.    (1) RSA and RSA (default)
  13.    (2) DSA and Elgamal
  14.    (3) DSA (sign only)
  15.    (4) RSA (sign only)
  16. Your selection? 1
  17. RSA keys may be between 1024 and 4096 bits long.
  18. What keysize do you want? (2048) 1024
  19. Requested keysize is 1024 bits
  20. Please specify how long the key should be valid.
  21.          0 = key does not expire
  22.       <n>  = key expires in n days
  23.       <n>w = key expires in n weeks
  24.       <n>m = key expires in n months
  25.       <n>y = key expires in n years
  26. Key is valid for? (0) 
  27. Key does not expire at all
  28. Is this correct? (y/N) y
  30. GnuPG needs to construct a user ID to identify your key.
  32. Real name: hostB
  33. Email address: 
  34. Comment: 
  35. You selected this USER-ID:
  36.     "hostB"
  38. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
  39. You need a Passphrase to protect your secret key.
  41. You don't want a passphrase - this is probably a *bad* idea!
  42. I will do it anyway.  You can change your passphrase at any time,
  43. using this program with the option "--edit-key".
  44.  
  45. We need to generate a lot of random bytes. It is a good idea to perform
  46. some other action (type on the keyboard, move the mouse, utilize the
  47. disks) during the prime generation; this gives the random number
  48. generator a better chance to gain enough entropy.
  49. We need to generate a lot of random bytes. It is a good idea to perform
  50. some other action (type on the keyboard, move the mouse, utilize the
  51. disks) during the prime generation; this gives the random number
  52. generator a better chance to gain enough entropy.
  53. gpg: /root/.gnupg/trustdb.gpg: trustdb created
  54. gpg: key 77A790ED marked as ultimately trusted
  55. public and secret key created and signed.
  56.  
  57. gpg: checking the trustdb
  58. gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
  59. gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
  60. pub   1024R/77A790ED 2019-04-12
  61.       Key fingerprint = 34E9 51E2 0720 1186 FC26  6BED 5FDF ABE5 77A7 90ED
  62. uid                  hostB
  63. sub   1024R/3108F051 2019-04-12
  64.  
  65. [root@hostB ~]# ll .gnupg/
  66. total 28
  67. -rw------- 1 root root 7680 Apr 13 05:50 gpg.conf
  68. drwx------ 2 root root    6 Apr 13 05:50 private-keys-v1.d
  69. -rw------- 1 root root  649 Apr 13 05:51 pubring.gpg
  70. -rw------- 1 root root  649 Apr 13 05:51 pubring.gpg~
  71. -rw------- 1 root root  600 Apr 13 05:51 random_seed
  72. -rw------- 1 root root 1313 Apr 13 05:51 secring.gpg
  73. srwxr-xr-x 1 root root    0 Apr 13 05:50 S.gpg-agent
  74. -rw------- 1 root root 1280 Apr 13 05:51 trustdb.gpg
  75. 公私钥文件已生成

二、主机A、B互换公钥文件

1导出主机A公钥发送给B

  1. [root@hostA .gnupg]# gpg -a --export -o hostA.pubkey        #导出公钥文件。
  2. [root@hostA .gnupg]# cat hostA.pubkey 
  3. -----BEGIN PGP PUBLIC KEY BLOCK-----
  4. Version: GnuPG v2.0.22 (GNU/Linux)
  5.  
  6. mI0EXLEFGgEEALt/ZGwt9ZnkvzI0Ah0DJMFqYPbeTfLWtckiL/tKdkQShaA8pTqS
  7. ckAdeKRY1NRskKsInek3dD+V32n3PG8tTF8ZIQ6TpK8PgB/E+fKH2ftFQFchU+F8
  8. 2lsJ0VKf7ILQ6Yre4mVeGo4HCwrJg+E6gEPspaajCyB4BIgApNzqmxNVABEBAAG0
  9. BWhvc3RBiLkEEwECACMFAlyxBRoCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIX
  10. gAAKCRBHhgxjS5oLYj3RBACFK1NjY29XFnu2ZqpM6bSLLp5sf7fbKvUTUEhitXSo
  11. LB607v88KZoUFdcSQf9v+02KytzC1usW8P0NlevhwCJSRpcaO29GyXKnN07jsQAG
  12. J2TUDR91hgcFZ/j2mcZal+WlgwSQr0Skv4GojTpme/n00DVbZzGGL7QBiTH/45AZ
  13. pbiNBFyxBRoBBAC+rfAizsp3qturv4QXwjguar9HuXWffap7nFaQKUAC8S+a2EyG
  14. RcBvWci0sNXx9HJE4/61ExPF84TR4uc8fRkzWYb6sfPGwBxDFH5e9igPifwyEuqk
  15. QPO3eezRX5bNwLMSXyesUFCeJZ3Qy6BYV6S8vDJbjj6RYwWlLRUJv4rlHwARAQAB
  16. iJ8EGAECAAkFAlyxBRoCGwwACgkQR4YMY0uaC2IkvwP/ckneRcvcYqTCeINVPlqD
  17. ltUC3jn5U1Nu/dZKwt15R7l68Qr0ARBO8SuLlMH7wjBQ/c6grwohfdcXCqZN2gVq
  18. wWl2yamOpeOD4EqwnvaPGtP8t9j2gwGvM905NJRng8Ep+IOlqlNeljKjICLyNzmj
  19. rkRjxcSdDrQgIYZgH84hXZU=
  20. =4MIm
  21. -----END PGP PUBLIC KEY BLOCK-----
  22. [root@hostA .gnupg]# scp hostA.pubkey root@192.168.172.138:/root/.gnupg
  23. The authenticity of host '192.168.172.138 (192.168.172.138)' can't be established.
  24. ECDSA key fingerprint is SHA256:YNlH0VBV0kp4lAClVvfMWVx/bHcbKKHXQwyd13d+MME.
  25. ECDSA key fingerprint is MD5:8a:1c:3d:c2:04:b1:be:05:95:33:9e:16:e8:ad:6c:25.
  26. Are you sure you want to continue connecting (yes/no)? yes
  27. Warning: Permanently added '192.168.172.138' (ECDSA) to the list of known hosts.
  28. root@192.168.172.138's password: 
  29. hostA.pubkey                                         100%  984   808.9KB/s   00:00

2导出主机B公钥发送给A

  1. [root@hostB ~]# gpg -a --export -o hostB.pubkey
  2. [root@hostB ~]# cat hostB.pubkey
  3. -----BEGIN PGP PUBLIC KEY BLOCK-----
  4. Version: GnuPG v2.0.22 (GNU/Linux)
  5.  
  6. mI0EXLEIRwEEAJwjA3oD/GMvu7WvBfp6ZOaRnLxkebI0nVQt5PFOukiDxKDMtn4L
  7. dcuja0JlP4F/MJpxx2pacuNODG/gV1Tu+5iOzxp1+/xJXrWjh0e+MCk3ubivQ5gj
  8. L9TOSbePb/gzRR89F2BexKq6dkVYgiWUZ0205p/qBOMT49Xos9JQ02qlABEBAAG0
  9. BWhvc3RCiLkEEwECACMFAlyxCEcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIX
  10. gAAKCRBf36vld6eQ7Xb7A/4kpjrW/JC14J0ZuMggFoI340ZZUOlT2f7JKvS+bAQK
  11. FXOgko6RblHo3PdaD+SimHDhzWibr0q05jpT0OlFP9PphgNfzBaUla/9v4heXcA5
  12. Rsg+J7Z5dbblz4Fe9Hn6uuFJX6PEV00SCVZ1JBOesj4JZuufNTpU09iC8gkl2ntj
  13. YLiNBFyxCEcBBACx6zvb6aH3mybpyqR2kdke0sAsof9sPVrv2UeHS5SSLe2qk38V
  14. GmTwuqLhkvhWrPX9jZza17uauWHItjLl2Xx6VKul4pUA9EPih9rOWTsmHQPhEUnW
  15. ZYVgt50Xn4YOjDaQiislS+AuR3XxeD4eaBtRatzMMQO/ibRV4EWXx6JLvQARAQAB
  16. iJ8EGAECAAkFAlyxCEcCGwwACgkQX9+r5XenkO2rFAP/UgUJ3lYn9rKlnNwsgnqL
  17. c38c6BovdzOveiYt+21QBQ5HElhRI/gZkpIiNi8pze1laaRzduTOj/23rNM5i3Cg
  18. uJulPnMBGLx2s57EuevO34mml+A6pBUIe3ETJhtv8/L3XH5wiMzVEyuzIJuLBA4c
  19. tt+3WYpY9rNUVeuLcHVd7vQ=
  20. =/T8O
  21. -----END PGP PUBLIC KEY BLOCK-----     
  22. [root@hostB ~]# scp hostB.pubkey root@192.168.172.134:/root/.gnupg/
  23. The authenticity of host '192.168.172.134 (192.168.172.134)' can't be established.
  24. ECDSA key fingerprint is SHA256:YNlH0VBV0kp4lAClVvfMWVx/bHcbKKHXQwyd13d+MME.
  25. ECDSA key fingerprint is MD5:8a:1c:3d:c2:04:b1:be:05:95:33:9e:16:e8:ad:6c:25.
  26. Are you sure you want to continue connecting (yes/no)? yes
  27. Warning: Permanently added '192.168.172.134' (ECDSA) to the list of known hosts.
  28. root@192.168.172.134's password: 
  29. hostB.pubkey                                         100%  984   861.8KB/s   00:00

三、主机A、B分别导入公钥

1.主机A导入公钥

  1. [root@hostA .gnupg]# gpg --import hostB.pubkey           #导入hostB的公钥
  2. gpg: key 77A790ED: public key "hostB" imported
  3. gpg: Total number processed: 1
  4. gpg:               imported: 1  (RSA: 1)
  5. [root@hostA .gnupg]# gpg --list-key                      #查看公钥列表
  6. /root/.gnupg/pubring.gpg
  7. ------------------------
  8. pub   1024R/4B9A0B62 2019-04-12
  9. uid                  hostA
  10. sub   1024R/DD37BA59 2019-04-12
  11.  
  12. pub   1024R/77A790ED 2019-04-12
  13. uid                  hostB
  14. sub   1024R/3108F051 2019-04-12

2.主机B导入公钥

  1. [root@hostB ~]# cd .gnupg/
  2. [root@hostB .gnupg]# gpg --import hostA.pubkey 
  3. gpg: key 4B9A0B62: public key "hostA" imported
  4. gpg: Total number processed: 1
  5. gpg:               imported: 1  (RSA: 1)
  6. [root@hostB .gnupg]# gpg --list-key 
  7. /root/.gnupg/pubring.gpg
  8. ------------------------
  9. pub   1024R/77A790ED 2019-04-12
  10. uid                  hostB
  11. sub   1024R/3108F051 2019-04-12
  12.  
  13. pub   1024R/4B9A0B62 2019-04-12
  14. uid                  hostA
  15. sub   1024R/DD37BA59 2019-04-12

四、测试

1.使用主机A对文件进行非对称加密,发送给主机B

  1. [root@hostA data]# echo "hello,i am hostA" > file1
  2. [root@hostA data]# gpg -e -r hostB file1
  3. gpg: 3108F051: There is no assurance this key belongs to the named user
  4.  
  5. pub  1024R/3108F051 2019-04-12 hostB
  6.  Primary key fingerprint: 34E9 51E2 0720 1186 FC26  6BED 5FDF ABE5 77A7 90ED
  7.       Subkey fingerprint: 57FD 2BBD D2B0 8EE4 9BCA  74A5 2091 0199 3108 F051
  8.  
  9. It is NOT certain that the key belongs to the person named
  10. in the user ID.  If you *really* know what you are doing,
  11. you may answer the next question with yes.
  12.  
  13. Use this key anyway? (y/N) y
  14. [root@hostA data]# scp file1.gpg root@192.168.172.138:/data
  15. root@192.168.172.138's password: 
  16. file1.gpg                                            100%  225    87.2KB/s   00:00

2.解密查看其中内容

  1. [root@hostB data]# gpg -o file1 file1.gpg 
  2. gpg: encrypted with 1024-bit RSA key, ID 3108F051, created 2019-04-12
  3.       "hostB"
  4. [root@hostB data]# cat file1
  5. hello,i am hostA

五、关于清除密钥

1.清除公钥

  1. [root@hostA data]# gpg --delete-key hostB             #删除hostB的公钥
  2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
  3. This is free software: you are free to change and redistribute it.
  4. There is NO WARRANTY, to the extent permitted by law.
  5.  
  6. pub  1024R/77A790ED 2019-04-12 hostB
  7.  
  8. Delete this key from the keyring? (y/N) y
  9.  
  10. [root@hostA data]# gpg --list-key                     #查看密钥列表此时已经没有hostB了
  11. /root/.gnupg/pubring.gpg
  12. ------------------------
  13. pub   1024R/4B9A0B62 2019-04-12
  14. uid                  hostA
  15. sub   1024R/DD37BA59 2019-04-12
  16.  
  17. [root@hostA ~]# ll .gnupg/
  18. total 40
  19. -rw------- 1 root root  649 Apr 13 05:48 192.168.172.138
  20. -rw------- 1 root root 7680 Apr 13 05:36 gpg.conf
  21. -rw-r--r-- 1 root root  984 Apr 13 06:02 hostA.pubkey
  22. -rw-r--r-- 1 root root  984 Apr 13 06:06 hostB.pubkey
  23. drwx------ 2 root root    6 Apr 13 05:37 private-keys-v1.d
  24. -rw------- 1 root root  649 Apr 13 06:32 pubring.gpg
  25. -rw------- 1 root root 1298 Apr 13 06:09 pubring.gpg~             #hostB的密钥虽然被清除但是仍可以用此文件恢复
  26. -rw------- 1 root root  600 Apr 13 06:15 random_seed
  27. -rw------- 1 root root 1313 Apr 13 05:37 secring.gpg
  28. srwxr-xr-x 1 root root    0 Apr 13 05:37 S.gpg-agent
  29. -rw------- 1 root root 1280 Apr 13 05:37 trustdb.gpg

2.删除自己的公钥和私钥
要删除自己的公钥必须先清除私钥

  1. [root@hostA ~]# gpg --delete-secret-key hostA                  #删除自己的私钥
  2. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
  3. This is free software: you are free to change and redistribute it.
  4. There is NO WARRANTY, to the extent permitted by law.
  5.  
  6. sec  1024R/4B9A0B62 2019-04-12 hostA
  7.  
  8. Delete this key from the keyring? (y/N) y
  9. This is a secret key! - really delete? (y/N) y
  10. [root@hostA ~]# gpg --delete-key hostA                         #删除自己的私钥
  11. gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
  12. This is free software: you are free to change and redistribute it.
  13. There is NO WARRANTY, to the extent permitted by law.
  14.  
  15. pub  1024R/4B9A0B62 2019-04-12 hostA
  16.  
  17. Delete this key from the keyring? (y/N) y
  18. [root@hostA ~]# rm -rf .gnupg/                                 #将/root/.gnupg目录删除

转载于:https://blog.51cto.com/11886307/2378078

声明:本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:【wpsshop博客】
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号