操作描述：

1,app1使用gpg加密一个文件filename.txt到app2

2,app2解密该文件，并正常查看

资源描述：

app1:

IP:192.168.56.101

OS:centos7

gpg (GnuPG) 2.0.22/

-------------------------------

app2:

IP:192.168.56.102

OS:ubuntu16.04

gpg (GnuPG) 1.4.20

##########################

操作步骤：

1，APP1和APP2服务器-安装rng软件，这个软件是随机生成随机数软件，后续用于创建加密密钥使用

centos

$yum install rng-tools

$ rngd -r /dev/urandom

ubuntu

apt -get install rng-tools

$ rng -r /dev/urandom

centos

$ rngd -r /dev/urandom

2，APP1服务器-创建密钥，并加密文件

操作步骤

gpg --gen-key

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (sign only)

(4) RSA (sign only)

Your selection? 1创建公钥-私钥

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048)

Requested keysize is 2048 bits

Please specify how long the key should be valid.

0 = key does not expire

= key expires in n days

w = key expires in n weeks

m = key expires in n months

y = key expires in n years

Key is valid for? (0)1 //确认密钥周期为1天

Key expires at Sunday, November 05, 2017 PM03:54:29 CST

Is this correct? (y/N)y //确认上述信息

You need a user ID to identify your key; the software constructs the user ID

from the Real Name, Comment and Email Address in this form:

"Heinrich Heine (Der Dichter) "

Real name:gpguser //gpg要求输入key的真实姓名

Email address://gpg要求输入key的email地址

Comment://gpg要求输入key的描述信息

You selected this USER-ID:

"gpguser"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?O //生成密钥文件

You need a Passphrase to protect your secret key.

gpg: gpg-agent is not available in this session

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give

the OS a chance to collect more entropy! (Need 282 more bytes)

#####如果出现上述信息卡住的话，需要新开一个session，执行下面的命令

$ rngd -r /dev/urandom

gpg: gpg-agent is not available in this session

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

..+++++

.....+++++

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

.+++++

+++++

gpg: key 7725BC6A marked as ultimately trusted

public and secret key created and signed.

gpg: checking the trustdb

gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model

gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u

gpg: next trustdb check due at 2018-11-04

pub 2048R/7725BC6A2017-11-04 [expires: 2018-11-04]

Key fingerprint = B4D8 2A03 4FE9 518D 908F 86E8 E178 7789 7725 BC6A

uid gpguser

sub 2048R/740D8132 2017-11-04 [expires: 2018-11-04]

3，APP1服务器-导出公钥和私钥

###7725BC6A这个是生成的key-id

gpg --export -a -r 7725BC6A -o app1_pub.key //导出公钥,-a参数导出为acsii码，-r参数就是生成的key-id，-o参数是指定导出的文件名

gpg --export-secret-key -a -o app1_sec.key //导出私钥，用于备份

4，APP1服务器-加密文件

gpg -ea -r7725BC6Afilename.txt //加密后的文件名为filename.txt.asc

5，APP1服务器-传输私钥文件及加密文件给APP2服务器

scp app1_sec.key root@APP2:~/

scp filename.txt.asc root@APP2:~/

6，APP2服务器-导入私钥文件，解密文件

gpg --import app1_sec.key

gpg -o filename.txt -d filename.txt.asc

备注：常用gpg命令

gpg --list-key //查看已经导入的密钥

gpg -ea -r 钥匙号 文件 //加密文件

gpg -o filename -d filename.asc //解密文件

gpg --export-secret-key -a -o centossec.asc //导出私钥