% gpg --output doc.gpg --encrypt --recipient lmpinto@dei.uc.pt doc_to_encrypt
% gpg --output doc.gpg --sign --recipient lmpinto@dei.uc.pt doc_to_sign
% gpg --output doc.gpg --encrypt --sign --recipient lmpinto@dei.uc.pt doc_to_encrypt_and_sign
這會建立二進位的加密檔。如果您想要建立 ASCII 檔案,請在命令前面加上 --clearsign 選項。
解密以及驗證簽名
設想您取得了一篇給您的加密文件,將它解密的指令是 gpg --output document --decrypt encrypted_doc.gpg
[mary@server0 ~]$ man passwd > passwd.txt
[mary@server0 ~]$ ll
total 24
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Desktop
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Documents
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Downloads
-rw-rw-r--. 1 mary mary 1065 Jul 14 20:03 jerry.asc
-rw-rw-r--. 1 mary mary 1752 Jul 14 19:58 mary.asc
-rw-rw-r--. 1 mary mary 1752 Jul 14 19:58 mary-e.asc
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Music
-rw-rw-r--. 1 mary mary 7200 Jul 14 20:25 passwd.txt
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Pictures
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Public
-rw-rw-r--. 1 mary mary 1395 Jul 12 20:10 secret
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Templates
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Videos
[mary@server0 ~]$ gpg --list-key
/home/mary/.gnupg/pubring.gpg
-----------------------------
pub 2048R/A7A10163 2017-07-12 [expires: 2017-07-26]
uid mary chen (test) <mary@server0.example.com>
sub 2048R/BB2419B5 2017-07-12 [expires: 2017-07-26]
pub 1024R/3316DD2A 2017-07-14 [expires: 2017-07-28]
uid Jerry Lin (jerry the king) <jerry@server0.example.com>
sub 1024R/B3721874 2017-07-14 [expires: 2017-07-28]
[mary@server0 ~]$ gpg --output pass.gpg --sign --encrypt --recipient jerry@server0.example.com passwd.txt
You need a passphrase to unlock the secret key for
user: "mary chen (test) <mary@server0.example.com>"
2048-bit RSA key, ID A7A10163, created 2017-07-12
gpg: cancelled by user
gpg: no default secret key: Operation cancelled
gpg: passwd.txt: sign+encrypt failed: Operation cancelled
[mary@server0 ~]$ cp /srv/share/test.gpg
cp: missing destination file operand after '/srv/share/test.gpg'
Try 'cp --help' for more information.
[mary@server0 ~]$ cp /srv/share/test.gpg .
[mary@server0 ~]$ ll
total 32
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Desktop
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Documents
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Downloads
-rw-rw-r--. 1 mary mary 1065 Jul 14 20:03 jerry.asc
-rw-rw-r--. 1 mary mary 1752 Jul 14 19:58 mary.asc
-rw-rw-r--. 1 mary mary 1752 Jul 14 19:58 mary-e.asc
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Music
-rw-rw-r--. 1 mary mary 7200 Jul 14 20:25 passwd.txt
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Pictures
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Public
-rw-rw-r--. 1 mary mary 1395 Jul 12 20:10 secret
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Templates
-rw-rw-r--. 1 mary mary 5440 Jul 14 20:29 test.gpg
drwxr-xr-x. 2 mary mary 6 Jul 12 21:36 Videos
[root@server0 ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xc1798b91.
命令 (m 以獲得說明):p
Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O 大小 (最小/最佳化):512 位元組 / 512 位元組
Disk label type: dos
磁碟識別碼:0xc1798b91
所用裝置 開機 開始 結束 區塊 識別號 系統
命令 (m 以獲得說明):n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
分割區編號 (1-4, default 1):
起初 sector (2048-20971519, 預設 2048):
使用預設值 2048
最後 sector, +sectors 或 +大小{K,M,G} (2048-20971519, 預設 20971519):+5G
Partition 1 of type Linux and of size 5 GiB is set
命令 (m 以獲得說明):p
Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O 大小 (最小/最佳化):512 位元組 / 512 位元組
Disk label type: dos
磁碟識別碼:0xc1798b91
所用裝置 開機 開始 結束 區塊 識別號 系統
/dev/vdb1 2048 10487807 5242880 83 Linux
命令 (m 以獲得說明):w
分割表已變更!
呼叫 ioctl() 以重新讀取分割表。
同步磁碟。
[root@server0 ~]# cryptsetup luksFormat /dev/vdb1
WARNING!
========
This will overwrite data on /dev/vdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
[root@server0 ~]# cryptsetup luksOpen /dev/vdb1 home
Enter passphrase for /dev/vdb1:
[kiosk@foundation0 ~]$ ssh root@172.25.0.11
Last login: Mon Jul 10 21:17:10 2017 from 172.25.0.250
[root@server0 ~]# ll /dev/mapper/
總計 0
crw-------. 1 root root 10, 236 7月 10 21:15 control
[root@server0 ~]# ll /dev/mapper/
總計 0
crw-------. 1 root root 10, 236 7月 10 21:15 control
lrwxrwxrwx. 1 root root 7 7月 10 21:27 home -> ../dm-0
[root@server0 ~]# mkfs -t ext4 /dev/mapper/home
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310208 blocks
65510 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[root@server0 ~]# mkfs -t ext4 /dev/mapper/home
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310208 blocks
65510 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[root@server0 ~]# mount /dev/mapper/home /mnt
[root@server0 ~]# cp -a /home/* /mnt/
[root@server0 ~]# ll /mnt/
總計 20
drwx------. 2 root root 16384 7月 10 21:34 lost+found
drwx------. 4 student student 4096 1月 7 2015 student
[root@server0 ~]# umount /mnt
[root@server0 ~]# mount /dev/mapper/home /home
[root@server0 ~]# df -h
檔案系統 容量 已用 可用 已用% 掛載點
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 80K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
/dev/mapper/home 4.8G 21M 4.6G 1% /home
[root@server0 ~]# vim /etc/fstab
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
/dev/mapper/home /home ext4 defaults 0 0
[root@server0 ~]# umount /home
[root@server0 ~]# df
檔案系統 1K-區段 已用 可用 已用% 掛載點
/dev/vda1 10473900 3154404 7319496 31% /
devtmpfs 927060 0 927060 0% /dev
tmpfs 942648 80 942568 1% /dev/shm
tmpfs 942648 17048 925600 2% /run
tmpfs 942648 0 942648 0% /sys/fs/cgroup
[root@server0 ~]# mount /home
[root@server0 ~]# df
檔案系統 1K-區段 已用 可用 已用% 掛載點
/dev/vda1 10473900 3154404 7319496 31% /
devtmpfs 927060 0 927060 0% /dev
tmpfs 942648 80 942568 1% /dev/shm
tmpfs 942648 17048 925600 2% /run
tmpfs 942648 0 942648 0% /sys/fs/cgroup
/dev/mapper/home 5027456 20508 4728524 1% /home
add key to /dev/vdb1*******
[root@server0 ~]# dd if=/dev/urandom of=/root/key1 bs=4096 count=1
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.000292481 s, 14.0 MB/s
[root@server0 ~]# ll
總計 16
-rw-------. 1 root root 8619 5月 7 2014 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 7月 10 19:06 Desktop
drwxr-xr-x. 2 root root 6 7月 10 19:06 Documents
drwxr-xr-x. 2 root root 6 7月 10 19:06 Downloads
-rw-r--r--. 1 root root 4096 7月 10 21:44 key1
drwxr-xr-x. 2 root root 6 7月 10 19:06 Music
drwxr-xr-x. 2 root root 6 7月 10 19:06 Pictures
drwxr-xr-x. 2 root root 6 7月 10 19:06 Public
drwxr-xr-x. 2 root root 6 7月 10 19:06 Templates
drwxr-xr-x. 2 root root 6 7月 10 19:06 Videos
[root@server0 ~]# chmod 600 key1
[root@server0 ~]# cryptsetup luksAddKey /dev/vdb1 /root/key1
Enter any passphrase:
[root@server0 ~]# ll /etc/crypttab
-rw-------. 1 root root 0 5月 7 2014 /etc/crypttab
[root@server0 ~]# cat /etc/crypttab
[root@server0 ~]# vim /etc/crypttab
home /dev/vdb1 /root/key1
****reboot to verify your work!!!!!!
沒有留言:
張貼留言